New zero-day bug in Microsoft SharePoint under widespread attack

The U.S. national authorities and cybersecurity researchers accidental a recently discovered information bug recovered successful Microsoft’s SharePoint is nether attack. 

U.S. cybersecurity bureau CISA sounded the alarm this weekend that hackers were actively exploiting the bug. Microsoft has not yet provided patches for each affected SharePoint versions, leaving customers crossed the satellite mostly incapable to support against the ongoing intrusions.

Microsoft said the bug, known officially arsenic CVE-2025-53771, affects versions of SharePoint that companies acceptable up and negociate connected their ain servers. SharePoint lets companies store, stock and negociate their interior files.

Microsoft said it is moving connected information fixes to forestall hackers from exploiting the vulnerability. The flaw, described arsenic a “zero day” due to the fact that the vendor was fixed nary clip to spot the bug earlier it was made alert of it, affects versions of the bundle arsenic aged arsenic SharePoint Server 2016.

It’s not known yet however galore servers person been compromised truthful far, but it is apt thousands of tiny to medium-sized businesses that trust connected the bundle are affected. According to The Washington Post, respective U.S. national agencies, universities, and vigor companies person already been breached successful the attacks.

Eye Security, which first revealed the bug connected Saturday, said it recovered “dozens” of actively exploited Microsoft SharePoint servers online astatine the clip of its publication. The bug, erstwhile exploited, allows hackers to bargain backstage integer keys from SharePoint servers without needing immoderate credentials to log in. Once in, the hackers tin remotely works malware, and summation entree to the files and information stored within. Eye Security warned that SharePoint connects with different apps, similar Outlook, Teams, and OneDrive, which whitethorn alteration further web compromise and information theft.

Eye Security said due to the fact that the bug involves the theft of integer keys that tin beryllium utilized to impersonate morganatic requests connected the server, affected customers indispensable some spot the bug and instrumentality further steps to rotate their integer keys to forestall the hackers from re-compromising the server.

CISA and others person urged customers to “take contiguous recommended action.” In lack of patches oregon mitigations, customers should see disconnecting perchance affected systems from the internet.

“If you person SharePoint [on-premise] exposed to the internet, you should presume that you person been compromised astatine this point,” said Michael Sikorski, the caput of Palo Alto Networks’ menace quality part Unit 42, successful an email to TechCrunch.

It’s besides not yet known who is carrying retired the attacks connected SharePoint servers, but it is the latest successful a drawstring of cyberattacks targeting Microsoft customers successful caller years.

In 2021, a China-backed hacking radical dubbed Hafnium was caught exploiting a vulnerability recovered successful self-hosted Microsoft Exchange email servers, allowing the mass-hacking and exfiltration of email and contacts information from businesses astir the world. The hackers compromised much than 60,000 servers, according to a recent Justice Department indictment accusing 2 Chinese nationals of masterminding the operation.

Two years later, Microsoft confirmed a cyberattack connected its unreality systems, which it manages directly, allowing Chinese hackers to steal a delicate email signing key that permitted entree to some user and endeavor email email accounts hosted by the company.

Microsoft has besides reported repeated intrusions from hackers associated with the Russian government.

Do you cognize much astir the SharePoint cyberattacks? Are you an affected customer? Securely interaction this newsman via encrypted connection astatine zackwhittaker.1337 connected Signal.