Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
NEWYou can now hear FOX News Articles!
Hackers actively take advantage of A new zero-day error in the SharePoint server software from Microsoft. The same software is used by important US government authorities, including those associated with national security.
The susceptibility to security affects local versions of SharePoint and enables the attackers to penetrate systems, steal data and move quietly through connected services. While the cloud version is not affected, the on-premise version of large US agencies, universities and private companies is often used. That is much more than just internal systems.
Register for my free Cyberguy report
Get my best tech tips, urgent security warnings and exclusive offers that are delivered directly to your inbox. You will also receive immediate access to my ultimate fraud survival manual – free of charge if you join me Cyberguy.com/newsletter
Microsoft apps on the homescreen of a smartphone (Kurt “Cyberguy” Knutson)
SharePoint Zero-Day: What you need to know about the exploit
The Exploit was first identified by the cybersecurity company of eye safety on July 18. Researchers say it comes from a previously unknown vulnerability chain that gives the attackers full control over vulnerable SharePoint server without needing login information. With the error you can steal machine key that is used to sign authentication token, which means that attackers can also be started after the patch or new.
After eye safety, the vulnerability seems to be based on two mistakes that were shown at the PWN2own Security Conference at the beginning of this year. While these exploits were originally divided as proof of concept research, attackers have now built the technology for the organization of real organizations. The Exploit chain was referred to as the “Toolshell”.
What is artificial intelligence (AI)?
With the SharePoint weak point, hackers can access Microsoft Services
Once in a compromised SharePoint server, hackers can access Connected Microsoft services. These include Outlook, teams and OneDrive. This is at risk of a wide range of company data. With the attack, hackers can also maintain long -term access. You can do this by stealing cryptographic material, signing authentication token. The US Cybersecurity and Infrastructure Security Agency (CISA) asks organizations to act. It is recommended to check systems for signs of compromises and to isolate servers from the Internet.
Around 100 victims confirmed early reports. Now researchers believe that attackers have endangered more than 400 SharePoint servers worldwide. However, this number refers to server, not necessarily organizations. According to reports, the number of groups concerned grows quickly. One of the highest goals is the National Nuclear Security Administration (NNSA). Microsoft confirmed that it was targeted, but has not confirmed a successful violation.
Other affected agencies are the Ministry of Education, the Ministry of Finance of Florida and the General Assembly of Rhode Island.
Microsoft’s name and logo in a building (Kurt “Cyberguy” Knutson)
Microsoft confirms SharePoint Exploit and publishes patches
Microsoft confirmed the problem and announced that it was aware of the “active attacks” that exploited the vulnerability. The company has published patches for SharePoint Server 2016, SharePoint Server 2019 and SharePoint subscription Edition. From July 21st, patches were exhibited for all supported on-prem versions.
Get Fox Business on the go by clicking here
What you should do about the SharePoint security risk
If you are part of a company or an organization that operates its own SharePoint servers, especially older on-premise versions, your IT or security team should take this seriously. Even if a system is patched, it could still be endangered if the machine key were stolen. Administrators should also shoot cryptographic keys and audit authentication token. No measures are currently required for the general public because this problem does not affect cloud-based microsoft accounts such as Outlook.com, OneDrive or Microsoft 365. However, it is a good memory of staying careful online.
Microsoft’s name and logo in a building (Kurt “Cyberguy” Knutson)
What you should do about the SharePoint security risk
If your organization uses local SharePoint servers, take the following steps immediately to reduce the risk and limit potential damage:
1 .. Separate servers in need of protection: Take Unpatched SharePoint servers offline immediately to prevent active exploitation.
2. Install available updates: Use Microsoft’s emergency platch for SharePoint Server 2016, 2019 and the subscription Edition immediately.
3. Turn the authentication key: Replace all machine keys that are used to sign authentication -token. These can have been stolen and can also enable continuous access even after the patch.
4 .. Scan compromises: Check the systems for signs of an unauthorized access. Search for abnormal registration behavior, token abuse or lateral movement within the network.
5. Activate security protocol: Switch on detailed logging and surveillance tools to recognize suspicious activities in the future.
6. Review connected: Exam access to Outlook, teams and OneDrive for signs of suspicious behavior associated with the SharePoint violation.
7. Subscribe to threat warnings: Register for CISA and Microsoft advice to stay up to date via patches and future exploits.
8. Look at migration to the cloud: If possible, switch to SharePoint Online that offers integrated safety protection and automatic patching.
9. Strengthen passwords and use the two-factor authentication: Encourage the employees to stay vigilant. Although this exploitation of organizations is aimed at, this is a good memory to enable the two-factor authentication (2fa) and use strong passwords. Create strong passwords for all your accounts and devices and avoid using the same password for several online accounts. Consider using a password manager that safely stores and generates complex passwords, which reduces the risk of reuse of passwords. Take a look at the best expert-well-maintained password managers from 2025 at Cyberguy.com/passwords
Click here to get the FOX News app
Kurts important snack bar
This SharePoint Zero-Day shows how quickly research can become real attacks. What started as a Proof-of-Concept is now hundreds of real systems, including the large government agencies. The creepiest part is not only access, but also how Hackers remain hidden after the patch.
Should there be stricter rules for the use of secure software in the government? Let us know by writing us Cyberguy.com/contact
Register for my free Cyberguy report
Get my best tech tips, urgent security warnings and exclusive offers that are delivered directly to your inbox. You will also receive immediate access to my ultimate fraud survival manual – free of charge if you join me Cyberguy.com/newsletter
Copyright 2025 Cyberguy.com. All rights reserved.
