Unidentified cybercriminals leverage Microsoft SharePoint's vulnerabilities while the software giant gears up to release updates.
In a significant cybersecurity development, hundreds of organizations worldwide, including government agencies, private companies, educational institutions, healthcare providers, and critical infrastructure sectors, have been impacted by a critical zero-day vulnerability in on-premises Microsoft SharePoint servers[1][2][3]. This vulnerability, tracked as CVE-2025-53770, allows remote code execution before authentication and has been actively exploited since mid-July 2025[2][4].
The exploitation campaign is described as large-scale and ongoing, with attackers using sophisticated methods to execute code and move laterally within networks[2][4]. The affected versions of SharePoint include the Enterprise Server 2016, 2019, and Subscription Edition, but SharePoint Online in Microsoft 365 remains unaffected[2][3].
Researchers and cybersecurity firms report that the breach has affected entities across countries such as the United States, Germany, France, and Australia. Microsoft itself has not disclosed specific global totals, but given the scale of Microsoft SharePoint deployments in various sectors, the potentially affected organizations number in the hundreds or possibly more[1][3].
The vulnerability was first identified by researchers at Eye Security. It allows hackers to access file systems and execute code, and in some cases, hackers have been able to steal keys from SharePoint servers, allowing them to impersonate users or services even after patches are applied[1]. Hackers can also maintain access through backdoors or modified components that survive updates and reboots.
The breach comes at a time when Microsoft has faced a series of recent cyberattacks. In March, Microsoft warned of Chinese hackers targeting various companies and organizations in the US and abroad[5]. The Cyber Safety Review Board, mandated by the White House to examine major cyberattacks, criticized Microsoft's security culture following the 2023 hack of Exchange Online mailboxes, in which hackers were able to breach 22 organizations and hundreds of individuals, including former US Commerce Secretary Gina Raimondo[6].
Microsoft has released a new patch to mitigate active attacks, but is still working on others to address ongoing security flaws[7]. Cybersecurity firms have cautioned that a broad section of organizations may be affected by the breach, and authorities and experts urge all affected organizations to immediately apply patches where available, ensure proper security configurations, and consider disconnecting vulnerable SharePoint servers from the internet until fully remediated[1][3].
The US Cybersecurity and Infrastructure Security Agency has warned of potential widespread breaches around the world, and Palo Alto Networks Inc. has warned that the SharePoint exploits pose a serious threat[1][8]. Google Threat Intelligence Group has observed hackers exploiting the vulnerability, allowing persistent, unauthenticated access[2]. As the situation continues to evolve, it is crucial for organizations to stay vigilant and take necessary measures to protect their digital assets.
References: [1] https://www.cnbc.com/2025/08/01/hackers-target-microsoft-sharepoint-servers-in-global-cyberattack.html [2] https://www.zdnet.com/article/hackers-exploiting-sharepoint-server-vulnerability-to-gain-persistent-access-google-says/ [3] https://www.securityweek.com/hackers-exploiting-sharepoint-server-vulnerability-allowing-remote-code-execution [4] https://www.bleepingcomputer.com/news/security/hackers-exploiting-sharepoint-server-vulnerability-to-gain-persistent-access-google-says/ [5] https://www.cnbc.com/2023/03/23/microsoft-warns-of-chinese-hackers-targeting-remote-management-tools-cloud-applications.html [6] https://www.reuters.com/business/cybersecurity/white-house-cyber-review-board-criticizes-microsofts-security-culture-2023-03-30/ [7] https://www.zdnet.com/article/microsoft-releases-patch-to-mitigate-active-attacks-on-sharepoint-servers/ [8] https://www.scmagazine.com/home/security-news/threat-intelligence/palo-alto-networks-warns-of-sharepoint-exploits-posing-a-serious-threat/article/856635/
- The cybersecurity issue involving Microsoft SharePoint servers has extended to organizations in Seattle, underscoring the global reach of this threats, as indicated by the reports from security firms.
- Amidst this ongoing cyberattack, the economy and business operations in Seattle, including tech giants like Microsoft, may be impacted if the affected organizations fail to address the vulnerability in a timely manner.
- Government agencies in Seattle could also be susceptible, given the widespread nature of this security flaw, making cybersecurity and politics intertwined in the face of this critical zero-day vulnerability.
- As the situation unfolds, general news outlets might focus on how Seattle-based businesses and public institutions adapt and respond to this SharePoint exploit, with potential long-lasting effects on technology and cybersecurity infrastructure in the region.
