Microsoft Issues Security Advisory for SharePoint Vulnerability
Microsoft has released a security advisory regarding a newly
discovered vulnerability in SharePoint (CVE-2025-53770) that could allow
attackers to access SharePoint servers without user awareness remotely.
This flaw is linked to a previously reported impersonation
vulnerability (CVE-2025-49706) and poses a serious risk to organizations. The
exploit, known as ToolShell, was recently disclosed and could provide
attackers with unauthenticated system access, enabling them to gain complete
control of SharePoint content, file systems, and internal structures.
Microsoft recommends the following immediate actions for
SharePoint Server users:
- Enable
the Antimalware Scan Interface on SharePoint and install
Microsoft Security Essentials on all servers.
- If
enabling the interface is not possible, disconnect affected servers
from the internet until official fixes are available.
- Install
and update Microsoft Defender or other trusted security
software on all SharePoint servers and user devices.
- Update
information theft prevention systems and
Web Application Firewalls to detect unusual activity.
- Strengthen
monitoring and incident response systems,
using Indicators of Compromise (IoCs) from trusted threat intelligence
sources.
- If
prevention is not possible, implement alternative defensive measures
immediately.
Organizations are urged to act promptly to reduce the risk of
exploitation.
