Microsoft Releases Emergency Patches for Actively Exploited SharePoint Zero-Days (bleepingcomputer.com) 14
Microsoft has released emergency security updates for two actively exploited zero-day vulnerabilities in SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, that have compromised servers worldwide in what researchers call "ToolShell" attacks. The U.S. Cybersecurity and Infrastructure Security Agency warned over the weekend that hackers were exploiting the vulnerabilities to gain remote code execution on on-premises SharePoint installations, while Microsoft has not yet provided patches for all affected versions.
The vulnerabilities allow hackers to steal private digital keys from SharePoint servers without requiring credentials, enabling them to plant malware and access stored files and data. Eye Security, which first identified the attacks on Saturday, found dozens of actively exploited servers and warned that SharePoint's integration with Outlook, Teams, and OneDrive could enable further network compromise. Researcher Silas Cutler at cybersecurity firm Censys estimated more than 10,000 companies with SharePoint servers were at risk, with the largest concentrations in the United States, Netherlands, United Kingdom, and Canada.
Microsoft released patches for SharePoint 2019 and Subscription Edition but is still working on fixes for SharePoint Server 2016. Administrators must install available updates immediately and rotate machine keys to prevent re-compromise, according to Microsoft's security guidance.
The vulnerabilities allow hackers to steal private digital keys from SharePoint servers without requiring credentials, enabling them to plant malware and access stored files and data. Eye Security, which first identified the attacks on Saturday, found dozens of actively exploited servers and warned that SharePoint's integration with Outlook, Teams, and OneDrive could enable further network compromise. Researcher Silas Cutler at cybersecurity firm Censys estimated more than 10,000 companies with SharePoint servers were at risk, with the largest concentrations in the United States, Netherlands, United Kingdom, and Canada.
Microsoft released patches for SharePoint 2019 and Subscription Edition but is still working on fixes for SharePoint Server 2016. Administrators must install available updates immediately and rotate machine keys to prevent re-compromise, according to Microsoft's security guidance.
ah Microsoft's dance (Score:2, Interesting)
MS: We wont support old versions
Press: Millions getting pwnd
MS: okay we will release patches...
Same old story. They just needed accept their support for at least security patches needs to be 15 years. That seems to be what market really wants.
Cause and Effect. (Score:1)
They just needed accept their support for at least security patches needs to be 15 years. That seems to be what market really wants.
No one wants 15 years of support other than the cheap-ass greedy executives who always choose an executive bonus over the kind of proper IT funding that replaces both hardware and software at regular intervals and within the expected lifetime.
Even the books aren’t benefitting after that long, since tax laws don’t often count IT depreciation in decades.
Re:Cause and Effect. (Score:5, Informative)
I don't think this true. It may have been true in 2005 but it is not true now. You can be rocking SharePoint 2013 and it is well 'just fine'
The vast vast majority of users use it as a basic document repository with checking/checkout and versioning. They may have some things like "lists" and WIKI pages they actively use as well. It is maybe 20% of the product but its 80% of the use cases.
For all of those users anything new is just change for change's own sake. It actually is a waste of of their time. If they are lucky they have a few hours re-learning where the buttons they need got moved. If they are unlucky Sharepoint/IT messed up the migration, history is screwed up, SIDs are busted, links are broken and it is all mess that will go on wasting their time for six months until they fix things and or the older records have mostly aged beyond much interest or regular use.
Users absolutely don't want a new CMS, they want to open their spreadsheet add this weeks production data save the file and go on to their next task. It might even be mostly midlevel IT drones trying to justify their jobs with activity more than 'greedy executives' right now. The "intranet" is mature. Until we really move to a different way of handling information like moving from the analog era to the digital type shift, saying you need to update sharepoint is like saying in 1975 you need to replace all those 1945 SteelCase file drawers with new ones. You didn't and you don't the new stuff just isn't appreciably better.
Re: (Score:2)
The real answer is to install p[roper application security appliances. Shelter this and your internal services from the outside.
And your users transporting nastiness into the internal environment. Because they will. Zero trust security is the only way.
Re: (Score:2)
...and the IT professionals who dare not update that 'internal' server that is as old as their firstborn, just runs, and would take a yar, a new team, and a new budget to replace - and it isn't a problem, except for the reliance on emergency security patches.
Microsoft is expected to maintain 15 year old server software so that you don't have to update regularly. Sounds like nothing has changed since 1995...
Re:ah Microsoft's dance (Score:4, Informative)
I Feel Terrible (Score:3)
I feel terrible for those that have to run Sharepoint on-premise in this day and age.
That's a level of misery and pain that not even a masochist would enjoy.
Re: (Score:2)
I feel terrible for those that have to run Sharepoint on-premise in this day and age.
That's a level of misery and pain that not even a masochist would enjoy.
Sounds like they could work as screeners at TSA [tsa.gov].
Re:I Feel Terrible [this was not my problem] (Score:2)
Hmm... I actually had a weird security "encounter" yesterday, but I'm pretty sure this story has no relation. On the other hand, I do hate weird coincidences, so I'll throw it out here...
Any idea what can shut off an activity monitor? Never seen such an event before--but I saw two of them at the same time. I am wearing an old one and a new one at the same time, and they both went dark. Connecting them to power restarted both of them, so no harm done, but WTF? Did the cat do it? What if the friendly cat had
Re: I Feel Terrible (Score:2)
SP expert for 20 years here - can confirm. SP2016 and 2019 were much smoother and easier to install and manage than 2013 and earlier. Even 2013 was okay-ish after you installed the first major update, but 2010 and lower were utter nightmares.
Call me a conspiracy theorist, but this does fit the Microsoft MO of getting people to migrate to M365.
Good old MicroCrap (Score:3)
Always late, never secure. And this is in a phase where they still have IT security as their "highest priority". They simply cannot do it. They are still stuck in the era of single-user computers and no Internet. And they will never be able to catch up.