Microsoft Warns of Active Zero-Day Exploit in On-Premises SharePoint Servers
Microsoft has issued a warning about an active exploit of a zero-day vulnerability in on-premises SharePoint servers, identified as CVE-2025-53770. The vulnerability does not affect SharePoint Online in Microsoft 365. The tech giant is working on a fix, but interim measures are advised.
The vulnerability, a deserialization issue, allows attackers to remotely execute code without authorization. It's a variant of CVE-2025-49706, patched earlier this year. Microsoft recommends enabling AMSI integration and deploying Microsoft Defender across all SharePoint Server farms as temporary solutions.
Attackers are exploiting this flaw to run commands before authentication, persist, and move laterally using stolen machine keys. This makes detection challenging without deep endpoint visibility. Security researchers from Eye Security and Palo Alto Networks have warned of attacks combining this flaw with others in a chain dubbed 'ToolShell'.
Microsoft is working on a comprehensive update to address CVE-2025-53770. Until then, they advise enabling AMSI integration and deploying Microsoft Defender. Users should stay vigilant and monitor their systems for any unusual activity.
Read also:
- Benadryl: Impact on Pregnancy, Breastfeeding, and Beyond
- Affordable Luxury and Economy Converge in the 2025 Lexus LBX: Compact luxury car unites budget-friendly pricing, efficiency
- Company manufacturing Plumpy'Nut is thrilled beyond belief!
- Enhancements to Networking in Senior Care, Fedding Positive Experiences for Service Providers and Elderly Residents
