NEW DELHI— Microsoft has released an urgent security patch after detecting active cyberattacks targeting on-premises versions of SharePoint Server, a document-sharing platform widely used by government agencies and businesses.
According to the company’s security advisory, the vulnerabilities affect only on-premises SharePoint servers. SharePoint Online, the cloud-based version available through Microsoft 365, remains unaffected.
“Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update,” the company stated.
Microsoft urged all affected organizations to apply the latest security updates immediately.
The vulnerability stems from a remote code execution flaw caused by the deserialization of untrusted data. If exploited, the flaw could allow attackers to execute arbitrary code on vulnerable servers.
The U.S. Federal Bureau of Investigation (FBI) confirmed it is aware of the attacks and is working with both federal and private-sector partners to address the threat.
Microsoft clarified that although earlier documentation contained inconsistencies, the guidance for customers remains accurate and unchanged.
“After applying the latest security updates or enabling AMSI [Antimalware Scan Interface], it is critical that customers rotate their SharePoint server ASP.NET machine keys and restart IIS on all SharePoint servers,” the advisory added. “If AMSI cannot be enabled, key rotation should be performed after installing the new updates.”
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the critical vulnerability — tracked as CVE-2025-53770 — to its Known Exploited Vulnerabilities (KEV) catalog. Federal Civilian Executive Branch (FCEB) agencies are required to patch the vulnerability by July 21, 2025.
Microsoft said the latest updates fully protect users of SharePoint Subscription Edition and SharePoint 2019 against CVE-2025-53770 and CVE-2025-53771.
“Customers should apply these updates immediately to ensure they’re protected,” the company emphasized. (Source: IANS)
