in News, Tech

Microsoft SharePoint Under Attack: What Businesses & Governments Must Know in 2025

298 Views

Microsoft

Just when you thought cybersecurity headlines couldn’t get more urgent, a stunning revelation this week: Microsoft has confirmed “active attacks” targeting its widely-used SharePoint collaboration software. If your organization relies on SharePoint, or you work in IT, now’s the time to get the facts—and act fast.

What’s Going On with Microsoft SharePoint?

Late Sunday, Microsoft and top security agencies globally issued a rare red-alert warning. A critical vulnerability—tracked as CVE-2025-53770—has been found in self-hosted (on-premises) versions of Microsoft SharePoint Server. Security researchers and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) say this bug is already being exploited by hackers.

Affected Versions:

  • SharePoint Server 2019
  • SharePoint Subscription Edition
  • SharePoint Server 2016 (still unpatched as of July 21)
    SharePoint Online (the cloud/Microsoft 365 version) is NOT affected.

Why Is This Vulnerability So Alarming?

Let’s break down what makes this threat so severe:

  • No password or login needed: Attackers can get in without any authentication.
  • Full access: They can read, copy, or even steal all the files in your SharePoint.
  • Run malicious code: Hackers can install malware, backdoors, or steal cryptographic keys.
  • Persistence: Experts warn that attackers may still be able to impersonate users and hide in the system even after a patch is applied.

Palo Alto Networks researchers estimate that thousands of organizations worldwide—businesses, government offices, healthcare, universities—could be exposed.

How Are Organizations Responding?

  • Microsoft released emergency patches for SharePoint 2019 and Subscription Edition. A patch for SharePoint 2016 is still in the works.
  • CISA (Homeland Security) and European CERT agencies are urging immediate patching and forensic investigation.
  • Big IT teams are scanning for suspicious logins and strange files, warning that even a patch may not remove backdoors if hackers have already gotten inside.

So… What Makes This Attack Possible?

This isn’t your average hack. Here’s the step-by-step risk:

  1. The attacker sends a specially crafted request to the SharePoint server—no login required.
  2. The server is tricked into thinking the hacker is authentic, granting total file access.
  3. The hacker can:
    • Download all files/documents
    • Install malware (that even persists after patching)
    • Steal user passwords and cryptographic keys
    • Move laterally into other Microsoft services (Teams, Outlook, OneDrive)

Even after patching, organizations might need to change all user passwords and replace all critical security keys.

Not Just Businesses: Governments in the Crosshairs

SharePoint isn’t just an office tool. From federal agencies to city governments, hospitals to universities, it’s used everywhere critical information is shared or stored.
Eye Security—a European cyber firm—notes the risk: “Once inside, [attackers are] exfiltrating sensitive data, deploying persistent backdoors, and stealing cryptographic keys.”

A breach here can cascade quickly, with hackers hopping from SharePoint into connected services and wreaking havoc.

What Should You Do If You Use SharePoint Server?

Immediate Action Checklist

  • Update Now: Apply any available Microsoft patches quickly.
  • Monitor logs: Look for suspicious logins, new files, or unknown user actions.
  • Disconnect vulnerable servers: If you haven’t patched, consider disconnecting from the internet.
  • Rotate all passwords and cryptographic keys: Especially if you spot any signs of compromise.
  • Call in the experts: If you handle sensitive data, a full forensic investigation is smart.

FAQs: Microsoft SharePoint Attack 2025

Who should be most worried?

Any organization—private or public—that uses on-premises SharePoint. Large and small businesses, schools, government agencies, and hospitals are all targets.

How can hackers use this to target other systems?

Because SharePoint connects to Teams, Outlook, and other Microsoft tools, attackers can potentially steal data or passwords from related services too.

Can patching remove all risk?

Not always. If hackers got in before you patched, they might have installed backdoors or stolen credentials. That’s why log review and password/key changes are crucial.

What versions of SharePoint are still vulnerable?

As of publication, SharePoint Server 2016 has no official patch. The 2019 and Subscription Editions have updates available.

Is SharePoint Online (Microsoft 365) affected by this vulnerability?

No—this attack targets only self-hosted (on-premises) SharePoint servers.

Final Thoughts

This SharePoint hack is a wake-up call for every business and public agency still running servers on their own premises. With thousands potentially affected and real-world exploits already happening, acting fast isn’t just smart—it’s essential. Will this be the nudge that finally pushes organizations to consider cloud security, or just another item for IT’s “crisis list” in 2025?

What do you think?

0 Points
Upvote Downvote
Contributor

Written by Varsha

Leave a Reply

Opendoor Stock Soars Over 75% Amid Retail Trading Frenzy: Inside the Meme-Stock Surge

Scottie Scheffler

British Open 2025: Scottie Scheffler Cements His Place Among Golf’s Legends