Microsoft Releases Emergency Patches for Actively Exploited SharePoint Zero-Days (bleepingcomputer.com) 9
Microsoft has released emergency security updates for two actively exploited zero-day vulnerabilities in SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, that have compromised servers worldwide in what researchers call "ToolShell" attacks. The U.S. Cybersecurity and Infrastructure Security Agency warned over the weekend that hackers were exploiting the vulnerabilities to gain remote code execution on on-premises SharePoint installations, while Microsoft has not yet provided patches for all affected versions.
The vulnerabilities allow hackers to steal private digital keys from SharePoint servers without requiring credentials, enabling them to plant malware and access stored files and data. Eye Security, which first identified the attacks on Saturday, found dozens of actively exploited servers and warned that SharePoint's integration with Outlook, Teams, and OneDrive could enable further network compromise. Researcher Silas Cutler at cybersecurity firm Censys estimated more than 10,000 companies with SharePoint servers were at risk, with the largest concentrations in the United States, Netherlands, United Kingdom, and Canada.
Microsoft released patches for SharePoint 2019 and Subscription Edition but is still working on fixes for SharePoint Server 2016. Administrators must install available updates immediately and rotate machine keys to prevent re-compromise, according to Microsoft's security guidance.
The vulnerabilities allow hackers to steal private digital keys from SharePoint servers without requiring credentials, enabling them to plant malware and access stored files and data. Eye Security, which first identified the attacks on Saturday, found dozens of actively exploited servers and warned that SharePoint's integration with Outlook, Teams, and OneDrive could enable further network compromise. Researcher Silas Cutler at cybersecurity firm Censys estimated more than 10,000 companies with SharePoint servers were at risk, with the largest concentrations in the United States, Netherlands, United Kingdom, and Canada.
Microsoft released patches for SharePoint 2019 and Subscription Edition but is still working on fixes for SharePoint Server 2016. Administrators must install available updates immediately and rotate machine keys to prevent re-compromise, according to Microsoft's security guidance.
ah Microsoft's dance (Score:2, Interesting)
MS: We wont support old versions
Press: Millions getting pwnd
MS: okay we will release patches...
Same old story. They just needed accept their support for at least security patches needs to be 15 years. That seems to be what market really wants.
Cause and Effect. (Score:1)
They just needed accept their support for at least security patches needs to be 15 years. That seems to be what market really wants.
No one wants 15 years of support other than the cheap-ass greedy executives who always choose an executive bonus over the kind of proper IT funding that replaces both hardware and software at regular intervals and within the expected lifetime.
Even the books aren’t benefitting after that long, since tax laws don’t often count IT depreciation in decades.
Re:Cause and Effect. (Score:4, Insightful)
I don't think this true. It may have been true in 2005 but it is not true now. You can be rocking SharePoint 2013 and it is well 'just fine'
The vast vast majority of users use it as a basic document repository with checking/checkout and versioning. They may have some things like "lists" and WIKI pages they actively use as well. It is maybe 20% of the product but its 80% of the use cases.
For all of those users anything new is just change for change's own sake. It actually is a waste of of their time. If they are lucky they have a few hours re-learning where the buttons they need got moved. If they are unlucky Sharepoint/IT messed up the migration, history is screwed up, SIDs are busted, links are broken and it is all mess that will go on wasting their time for six months until they fix things and or the older records have mostly aged beyond much interest or regular use.
Users absolutely don't want a new CMS, they want to open their spreadsheet add this weeks production data save the file and go on to their next task. It might even be mostly midlevel IT drones trying to justify their jobs with activity more than 'greedy executives' right now. The "intranet" is mature. Until we really move to a different way of handling information like moving from the analog era to the digital type shift, saying you need to update sharepoint is like saying in 1975 you need to replace all those 1945 SteelCase file drawers with new ones. You didn't and you don't the new stuff just isn't appreciably better.
Re: (Score:3)
I Feel Terrible (Score:2)
I feel terrible for those that have to run Sharepoint on-premise in this day and age.
That's a level of misery and pain that not even a masochist would enjoy.
Re: (Score:2)
I feel terrible for those that have to run Sharepoint on-premise in this day and age.
That's a level of misery and pain that not even a masochist would enjoy.
Sounds like they could work as screeners at TSA [tsa.gov].
Re:I Feel Terrible [this was not my problem] (Score:2)
Hmm... I actually had a weird security "encounter" yesterday, but I'm pretty sure this story has no relation. On the other hand, I do hate weird coincidences, so I'll throw it out here...
Any idea what can shut off an activity monitor? Never seen such an event before--but I saw two of them at the same time. I am wearing an old one and a new one at the same time, and they both went dark. Connecting them to power restarted both of them, so no harm done, but WTF? Did the cat do it? What if the friendly cat had