Due to a surge of global cyberattacks, Microsoft has urgently released updates to tackle identified weaknesses. The focus of these attacks centers around two unpatched vulnerabilities. These vulnerabilities have been exploited in cyberassaults targeting U.S. federal and state agencies, educational institutions, as well as energy companies. An Asian telecom firm was also hit by such an attack.
According to a report from The Washington Post, the initial attacks traced back to July 18, 2025, uncovered by Eye Security, actually began showing signs of manipulation as early as July 7, 2025. This determination was made by cyber security firm Check Point.
Microsoft has issued emergency fixes for the identified vulnerabilities, but these patches only apply to certain editions of SharePoint.
A “zero-day” attack occurs when an unidentified weak point or flaw in a system is exploited, potentially putting tens of thousands of servers in danger.
Although this current problem shares some similarities with past Microsoft vulnerabilities, it has a unique twist. It specifically targets on-site servers and leaves those in the cloud untouched.
In a Microsoft Defender Vulnerability Management blog post, the issues identified as CVE-2025-53770 and CVE-2025-53771 are thoroughly explained.
The same article touched upon problems identified as CVE-2025-49704 and CVE-2025-49706, which were addressed in Microsoft’s July 8, 2025 updates. However, it’s important to note that these vulnerabilities may still be exploited if an attacker employs the recently discovered exploits.
For your convenience, security patches are available exclusively for Microsoft SharePoint Server 2019 and Microsoft SharePoint Subscription Edition, while no patch has been issued yet for Microsoft SharePoint Enterprise Server 2016 at the time this information was published.
What is ToolShell?
The moniker “ToolShell” refers to a series of attacks that exploit the vulnerabilities identified as CVE-2025-53770 and CVE-2025-53771. As reported by Check Point, these vulnerabilities are currently being actively used in cyberattacks.
Lotem Finkelstein, Head of Intelligence on Threats at Check Point Research, elaborated on the current state of affairs.
There’s an immediate and ongoing danger: a severe zero-day vulnerability in on-premises SharePoint is being exploited worldwide, potentially affecting thousands of organizations. Our team has detected numerous attempts to compromise systems across government, telecom, and tech sectors since July 7. We strongly advise enterprises to upgrade their security measures right away – this attack is highly advanced and swiftly evolving.
Check Point recommends organizations take the following steps to reduce risk:
- Ensure that your Anti-Malware Scan Interface is enabled.
- Rotate SharePoint Server ASP.NET machine keys.
- Deploy Harmony Endpoint to block post-exploit activities on the server.
- If applicable, limit access to the SharePoint Server from the Internet using Private Access tools.
- Update Quantum Gateway IPS Package 635254838 and ensure that the protection is set to Prevent and inspect the traffic of your SharePoint servers.
Microsoft advises taking several precautionary measures, such as promptly installing patches when available, enhancing the Antimalware Scan Interface (AMSI), changing the MachineKey two times, reducing public access temporarily, searching for potential signs, and separating any questionable devices.
Read More
- Microsoft has a new way to use AI in OneNote — but a “dumb” feature excites me more
- Anime’s Greatest Summer 2024 Shonen Hit Drops New Look Ahead of Season 2
- xAI’s $300/month Grok 4, billed as a “maximally truth-seeking AI” — seemingly solicits Elon Musk’s opinion on controversial topics
- Gold Rate Forecast
- Bill Gates says AI will replace humans for most things — but coding will remain “a 100% human profession” centuries later
- Twilight Director Details “Earth-Shattering” Lesson From the Movie
- Tokyo Game Show 2025 exhibitors list and main visual announced
- Jeffrey Epstein’s “Client List” Doesn’t Exist, Justice Department Says
- Ryan Lochte Gets Cozy With New Woman Amid Kayla Reid Divorce
- Why Stephen Baldwin Is “Blessed” By Justin & Hailey Bieber’s Marriage
2025-07-21 22:09