Microsoft SharePoint zero-day exploits target on-prem servers

Businesses relying on Microsoft SharePoint Server face urgent security risks as hackers actively exploit newly discovered vulnerabilities in on-premises deployments. Security teams worldwide have observed multiple successful attacks since mid-July, with compromised systems showing signs of unauthorized access and data exposure.

Microsoft’s latest security patches provide partial protection against these threats, identified as CVE-2025-53770 and CVE-2025-53771, but require additional defensive measures for complete security. The company released guidance over the weekend outlining critical configuration changes that organizations should implement immediately.

The recommended mitigation strategy involves two key actions: activating the AMSI (Antimalware Scan Interface) integration within SharePoint environments and deploying Microsoft Defender across all server farms. These measures work together to detect and block exploitation attempts targeting the vulnerability chain. Security analysts emphasize that patching alone won’t fully address the risk without these complementary protections.

IT administrators managing SharePoint instances should prioritize these updates, particularly for systems handling sensitive business data. The attacks appear to focus on gaining persistent access to corporate networks through compromised collaboration platforms. Early indicators suggest the exploits allow attackers to bypass authentication controls and execute arbitrary code on vulnerable servers.

Organizations running older SharePoint versions face heightened risks, as some security enhancements require current software builds. Microsoft continues investigating the attack patterns and may release additional safeguards as more information becomes available. Until then, security teams should monitor SharePoint servers for unusual activity while implementing the prescribed countermeasures.

(Source: CSO Online)