- By fixing exploited failures, Microsoft may also have introduced new errors
- The problems affected multiple variants of SharePoint on premium
- Computer pirates are already exploiting them in nature, so users should patch now
Microsoft has launched an urgent patch to correct a zero day vulnerability that affects local SharePoint servers.
Vulnerability is already being exploited in nature, so users are established to apply the patch immediately and ensure their assets.
It was said that three Microsoft products were affected: SharePoint Server, SharePoint Server 2019 and SharePoint Server 2016. SharePoint Online (Microsoft 365) is not affected.
How to ensure its final points
The vulnerability that is being described is described as a deerialization of the non -reliable data on the Microsoft SharePoint server in the facilities, which allows an unauthorized attacker to execute code through a network. They are traced as CVE-2025-53770, and entails a gravity score of 9.8/10 (critic).
“Microsoft is aware that there is an exploit for CVE-2025-53770 in nature,” said the National Vulnerability Database (NVD) on its notice.
To ensure the end points, Microsoft recommends applying the July 2025 safety updates immediately, as well as enable the antimalware scan interface (AMSI) for SharePoint and make sure the antivirus defender is implemented.
After patching or enabling AMSI, users must rotate their keys to the ASP.NET machine, implement Microsoft Defender for the end point to detect the activity after the exploitation or update to the compatible versions of SharePoint, if necessary.
Vulnerability was actually introduced while fixing a couple of errors that were also being exploited in nature. Monitoring as CVE-2025-49706 and CVE-2025-49704, these two were set in July, but two new defects introduced: CVE-2025-53770 and CVE-2025-53771, an error of route suit 6.3/10 (medium) that allows the stain on a network.
The new errors were quickly seen by threat actors and abused attacks since July 18, with at least 85 apparently hit organizations, including several multinational and governmental entities, such as a private university and a private energy operator in California, a Federal Government Health Organization and a private company in Fintech in New York.
Through Bleepingcomputer
