Latest:
Cyber Crime
Tech

Microsoft Warns of Major Cyber Threat as SharePoint Servers Hit by Zero-Day Exploit

Majira Media

Microsoft has issued an urgent global alert warning organizations, businesses, and government institutions about a critical zero-day vulnerability actively being exploited in its on-premises SharePoint Server software.

The tech giant has confirmed that a sophisticated exploit, identified as CVE‑2025‑53770, is being used by hackers to deploy a malicious tool known as ToolShell, enabling them to remotely execute code, bypass authentication mechanisms, and maintain long-term access to compromised systems.

What Is ToolShell and Why It Matters

ToolShell, the webshell being used in this attack, grants attackers remote access to infected servers. With it, they can steal data, install backdoors, exfiltrate encryption keys, and potentially move laterally across an organization’s internal network. The vulnerability, with a CVSS severity score of 9.8, affects legacy versions of SharePoint that have not yet been patched, making it a major risk for any institution still running on-premises versions of Microsoft SharePoint 2016, 2019, or earlier.

Security researchers from Palo Alto Networks and Microsoft’s Threat Intelligence teams confirmed that at least 29 organizations—including governments, energy companies, healthcare providers, and universities—have already been affected. The vulnerability allows attackers to bypass multi-factor authentication (MFA) and single sign-on (SSO) protections, posing significant national security and data integrity risks.

Scale of the Threat

The breach has already had global consequences. Reports suggest that critical infrastructure in the United States, parts of Europe, and the Middle East have been targeted. According to investigations, more than 85 servers have been compromised so far. The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. has included this vulnerability in its Known Exploited Vulnerabilities Catalog, signaling the high risk posed to public and private sectors alike.

The FBI has also been roped in to investigate the threat, working with Microsoft to coordinate responses across multiple jurisdictions.

Microsoft’s Response

Microsoft has responded by releasing an emergency patch for the SharePoint Subscription Edition and is currently working on updates for older versions such as SharePoint 2016 and 2019. Organizations using these versions are urged to immediately disconnect their SharePoint servers from the internet, enable antivirus protections, and closely monitor for indicators of compromise.

In the meantime, Microsoft advises the following:

  • Apply available patches: Especially for Subscription Edition.
  • Harden security layers: Enable AMSI and Defender Antivirus, and restrict internet access to vulnerable servers.
  • Change authentication keys: Rotate machine keys and certificates where compromise is suspected.
  • Threat hunt aggressively: Look for signs of ToolShell activity such as suspicious webshell files (e.g., spinstallo.aspx) and unusual outbound network traffic.

Call to Action for Organizations

Given the widespread use of SharePoint in enterprise environments for document management and collaboration, the potential impact of this exploit is massive. Organizations are being urged to:

  1. Patch all systems immediately or apply temporary mitigations if a patch is not yet available.
  2. Assume breach and conduct forensic audits, especially if systems were exposed to the internet.
  3. Prepare for broader attacks that could use the same exploit path.
  4. Strengthen incident response protocols and ensure backups are secure and offline.

This exploit is a harsh reminder that legacy systems are increasingly becoming prime targets for sophisticated cybercriminal groups. The scale and stealth of the SharePoint vulnerability underscore the importance of timely patching, security monitoring, and adopting cloud-native or hybrid solutions that benefit from continuous security updates.

As cyber threats evolve, so must organizational defenses. Microsoft’s warning is not just a technical bulletin—it is a call for immediate action to prevent what could become one of the most disruptive enterprise software breaches in recent memory.

Get your own website today with the leading web hosting company in Kenya: HostPinnacle. No Skills Required.

 

Majira Media

Keeping you in the loop. I write to share information that matter. From technology to business tips, I share information to inspire and educate

You May Also Like

Dimension Data Limited

Dimension Data Nigeria Launches N20 Billion Bond Programme to Expand Digital Infrastructure

Majira Media
OPIT - Open Institute of Technology

OPIT Expands Access to EU-Accredited Computer Science Education for Africa’s Growing Digital Workforce

Majira Media
Mpesa transation charges

How to activate 4G network on your smartphone

Majira Media