Microsoft Confirms Ongoing Mass SharePoint Attack — No Patch Available
Microsoft users are, once again, under attack. This time, the threat is not restricted to Outlook users, or involves a Windows browser-based security bypass, and unlike the recent Windows authentication relay attack vulnerability, there is no patch, no magic update, to remedy this one. Which is bad news for Microsoft SharePoint Server users, as CVE-2025-53770 is currently under confirmed 'mass attack' and on-premises servers across the world are being compromised. Here's what you need to know and do.
Microsoft Confirms CVE-2025-53770 SharePoint Server Attacks
It's been quite the few weeks for security warnings, what with Amazon informing 220 million customers of Prime account attacks, and claims of a mass hack of Ring doorbells going viral. The first of those can be mitigated by basic security hygiene, and the latter appears to be a false alarm. The same cannot be said for CVE-2025-53770, a newly uncovered and confirmed attack against users of SharePoint Server which is currently undergoing mass exploitation on a global level, according to the Eye Research experts who discovered it. Microsoft, meanwhile, has admitted that not only is it 'aware of active attacks' but, worryingly, 'a patch is currently not available for this vulnerability.'
CVE-2025-53770, which is also being called ToolShell, is a critical vulnerability in on-premises SharePoint. The end result of which is the ability for attackers to gain access and control of said servers without authentication. If that sounds bad, it's because it is. Very bad indeed.
'The risk is not theoretical,' the researchers warned, 'attackers can execute code remotely, bypassing identity protections such as MFA or SSO.' Once they have, they can then 'access all SharePoint content, system files, and configurations and move laterally across the Windows Domain.'
And then there's the theft of cryptographic keys. That can enable an attacker to 'impersonate users or services,' according to the report, 'even after the server is patched.' So, even when a patch is eventually released, and I would expect an emergency update to arrive fairly quickly for this one, the problem isn't solved. You will, it was explained, 'need to rotate the secrets allowing all future tokens that can be created by the malicious actor to become invalid.'
And, of course, as SharePoint will often connect to other core services, including the likes of Outlook and Teams, oh and not forgetting OneDrive, the threat, if exploited, can and will lead to 'data theft, password harvesting, and lateral movement across the network,' the researchers warned.
Mitigating The Microsoft SharePoint Server Attacks
While the Microsoft Security Response Center has stated that it is 'actively working to release a security update,' and will 'provide additional details as they are available,' there is no patch at the time of writing. In the meantime, it advised that customers should apply the following mitigations:'
Configure Antimalware Scan Interface integration in SharePoint and deploy Defender AV on all SharePoint servers. 'If you cannot enable AMSI,' Microsoft said, 'we recommend you consider disconnecting your server from the internet until a security update is available.'
I have approached Microsoft for a statement and will update this story with any further developments.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
8 minutes ago
- Yahoo
Top Analyst Calls Microsoft a 'Top Pick' Hikes Target to $585 on Azure AI Momentum
July 21 - Bank of America lifted its price target on Microsoft (NASDAQ:MSFT) to $585 from $515 ahead of the software giant's fiscal fourth?quarter results, according to a Friday note. Analysts led by Brad Sills kept a Buy rating and Top Pick designation, citing partner checks that point to deal volumes roughly matching the prior quarter. They see revenue in Q4 edging up by as much as 1% versus their base forecast. Warning! GuruFocus has detected 7 Warning Sign with MSFT. Azure remains the growth engine, with BofA projecting 35.5% constant?currency expansion, about 18 percentage points driven by AI, up from a prior 34.2 % estimate (17 points from AI). In Productivity and Business Processes, the team now expects 13% growth, powered by commercial Office upgrades and climbing Copilot adoption, above an earlier 12.5% forecast. Mobile Personal Computing forecasts were also raised to 3.4% growth from 2.4%, reflecting stronger-than-expected PC shipment data. Looking beyond, Sills's group models fiscal 2026 revenue growth holding at 14% as Azure's share of total sales grows. They flagged further Copilot traction as the next major catalyst for shares trading at a premium to peers. This article first appeared on GuruFocus. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Associated Press
8 minutes ago
- Associated Press
Resecurity and Braly Insurance Group Announce Strategic Partnership to Drive Innovation in Cybersecurity and Insurance Risk Management
LOS ANGELES & DALLAS--(BUSINESS WIRE)--Jul 21, 2025-- Resecurity, a Los Angeles-based global cybersecurity and threat intelligence company, today announced a strategic partnership with Braly Insurance Group, a Texas-based independent insurance brokerage known for delivering tailored risk solutions to clients across the United States and internationally. This press release features multimedia. View the full release here: Resecurity and Braly Insurance Group Announce Strategic Partnership to Drive Innovation in Cybersecurity and Insurance Risk Management This forward-looking partnership combines the strength of Resecurity's cyber threat intelligence capabilities with Braly Insurance Group's deep expertise in risk management and commercial insurance. Together, the two companies aim to bring a more data-driven and proactive approach to cyber insurance strategy, helping businesses better understand, quantify, and respond to cyber risk in a way that aligns with the evolving demands of the insurance marketplace. The collaboration is built around a shared goal: equipping organizations with the insights and tools they need to strengthen their cybersecurity posture and better position themselves in the insurance market. Through a coordinated approach, Braly and Resecurity will work together to support businesses in enhancing their overall risk profile by integrating advanced security data with tailored insurance guidance. 'We have long believed that cybersecurity and insurance should work hand in hand, but few companies actually bring those two disciplines together in a meaningful way,' said Caden Braly, Vice President of Business Development at Braly Insurance Group. 'This partnership allows us to take a more sophisticated approach to cyber risk by integrating real-world security insights into our client advisory and placement process. It is a strategic step toward offering smarter, more adaptive risk solutions.' The partnership involves a concerted effort to help select businesses identify key cyber exposures and demonstrate their risk mitigation practices in ways that resonate with insurance carriers. The approach is designed to support more favorable underwriting outcomes for organizations committed to cybersecurity improvement. In turn, Braly Insurance Group will provide Resecurity with aggregated data and market feedback that supports Resecurity's broader mission to make cybersecurity a more measurable and outcome-oriented investment for its clients. Additionally, Braly will assist in facilitating strategic introductions to stakeholders in the insurance space, providing Resecurity with valuable insight into how cyber risk tools are being perceived and applied by the insurance industry. 'We are excited to work with Braly Insurance Group because they truly understand the business impact of cybersecurity,' said Gene Yoo, CEO of Resecurity. 'This partnership opens the door to more productive conversations between security teams, business leaders, and insurers. It is about building a bridge between technical excellence and financial decision making.' This collaboration comes at a time when cyber threats are growing in frequency and sophistication, and when underwriters are demanding more clarity around how organizations manage digital risk. By joining forces, Resecurity and Braly Insurance Group are helping clients get ahead of both challenges and opportunities in the cyber insurance space. About Resecurity® Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and threat intelligence. Recognized globally for its innovation and technical leadership, Resecurity is trusted by Fortune 500 companies, government agencies, and managed security service providers (MSSPs) worldwide. Learn more at About Braly Insurance Group Braly Insurance Group is an independent insurance brokerage based in Texas, serving clients in all 50 states and internationally. With deep expertise across Property and Casualty, Employee Benefits, and Financial Services, Braly specializes in developing customized insurance strategies for businesses operating in complex and highly regulated industries. Strategically backed by Keystone Agency Partners, Braly Insurance Group has access to national-scale resources that deliver added value to middle-market and enterprise clients. Learn more at View source version on CONTACT: Press Contacts Resecurity Inc. [email protected] Insurance Group [email protected] KEYWORD: UNITED STATES NORTH AMERICA CALIFORNIA TEXAS INDUSTRY KEYWORD: PROFESSIONAL SERVICES SECURITY TECHNOLOGY DATA ANALYTICS INSURANCE SOFTWARE SOURCE: Resecurity Copyright Business Wire 2025. PUB: 07/21/2025 02:13 PM/DISC: 07/21/2025 02:13 PM
CNBC
10 minutes ago
- CNBC
OpenAI and UK sign new AI agreement to boost security, infrastructure
The UK government said it signed a strategic partnership with OpenAI on Monday, with plans to expand AI security research collaborations and explore investing in AI infrastructure such as data centers. The Microsoft-backed AI startup will also expand its London office, building up its research and engineering teams at OpenAI's first international location opened two years ago, according to a statement. As part of the agreement, OpenAI will share technical information with the UK AI Security Institute to deepen the government's knowledge of AI capabilities and security risks. "The partnership will explore where it can deploy AI in areas such as justice, defense and security, and education technology in line with UK standards and guidelines to demonstrate the opportunity to make taxpayer funded services more efficient and effective," the statement said.
