Due to a surge of global cyberattacks, Microsoft has urgently released updates to tackle identified weaknesses. The focus of these attacks centers around two unpatched vulnerabilities. These vulnerabilities have been exploited in cyberassaults targeting U.S. federal and state agencies, educational institutions, as well as energy companies. An Asian telecom firm was also hit by such an attack.
According to a report from The Washington Post, the initial attacks traced back to July 18, 2025, uncovered by Eye Security, actually began showing signs of manipulation as early as July 7, 2025. This determination was made by cyber security firm Check Point.
Microsoft has issued emergency fixes for the identified vulnerabilities, but these patches only apply to certain editions of SharePoint.
A “zero-day” attack occurs when an unidentified weak point or flaw in a system is exploited, potentially putting tens of thousands of servers in danger.
Although this current problem shares some similarities with past Microsoft vulnerabilities, it has a unique twist. It specifically targets on-site servers and leaves those in the cloud untouched.
In a Microsoft Defender Vulnerability Management blog post, the issues identified as CVE-2025-53770 and CVE-2025-53771 are thoroughly explained.
The same article touched upon problems identified as CVE-2025-49704 and CVE-2025-49706, which were addressed in Microsoft’s July 8, 2025 updates. However, it’s important to note that these vulnerabilities may still be exploited if an attacker employs the recently discovered exploits.
For your convenience, security patches are available exclusively for Microsoft SharePoint Server 2019 and Microsoft SharePoint Subscription Edition, while no patch has been issued yet for Microsoft SharePoint Enterprise Server 2016 at the time this information was published.
What is ToolShell?
The moniker “ToolShell” refers to a series of attacks that exploit the vulnerabilities identified as CVE-2025-53770 and CVE-2025-53771. As reported by Check Point, these vulnerabilities are currently being actively used in cyberattacks.
Lotem Finkelstein, Head of Intelligence on Threats at Check Point Research, elaborated on the current state of affairs.
There’s an immediate and ongoing danger: a severe zero-day vulnerability in on-premises SharePoint is being exploited worldwide, potentially affecting thousands of organizations. Our team has detected numerous attempts to compromise systems across government, telecom, and tech sectors since July 7. We strongly advise enterprises to upgrade their security measures right away – this attack is highly advanced and swiftly evolving.
Check Point recommends organizations take the following steps to reduce risk:
- Ensure that your Anti-Malware Scan Interface is enabled.
- Rotate SharePoint Server ASP.NET machine keys.
- Deploy Harmony Endpoint to block post-exploit activities on the server.
- If applicable, limit access to the SharePoint Server from the Internet using Private Access tools.
- Update Quantum Gateway IPS Package 635254838 and ensure that the protection is set to Prevent and inspect the traffic of your SharePoint servers.
Microsoft advises taking several precautionary measures, such as promptly installing patches when available, enhancing the Antimalware Scan Interface (AMSI), changing the MachineKey two times, reducing public access temporarily, searching for potential signs, and separating any questionable devices.
Read More
- Hazbin Hotel season 3 release date speculation and latest news
- This 2020 Horror Flop is Becoming a Cult Favorite, Even if it Didn’t Nail the Adaptation
- Silver Rate Forecast
- Gold Rate Forecast
- Fishing Guide in Where Winds Meet
- Britney Spears’ Ex Kevin Federline Argues Against Fans’ Claims About His Tell-All’s Effect On Her And Sons’ Relationship
- 7 1990s Sci-fi Movies You Forgot Were Awesome
- BrokenLore: Ascend is a New Entry in the Horror Franchise, Announced for PC and PS5
- Valve’s new Steam Machine is just a PC at heart — here’s how to build your own and how much it will cost
- South Park Creators Confirm They Won’t Be Getting Rid of Trump Anytime Soon
2025-07-21 22:09