Sharepoint

 Urgent SharePoint Update: If you're referring to Microsoft SharePoint, there's a major development you should know about. A critical zero-day vulnerability (CVE-2025-53770) is actively being exploited, targeting on-premises SharePoint servers across sectors like government, healthcare, and education.



Key Details:

  • Impact: Over 75 servers compromised, with 9,000+ exposed globally

  • Threat: Attackers are stealing cryptographic keys, bypassing MFA, and executing remote code

  • Versions Affected: SharePoint Server 2016, 2019, and Subscription Edition (SharePoint Online is not impacted)

  • Indicators of Compromise: Look for suspicious file spinstall0.aspx and unusual outbound traffic

  • Immediate Actions Recommended:

    • Apply patches: Microsoft has released updates for 2019 and Subscription Edition; 2016 patch is pending

    • Rotate keys: Reset MachineKey configurations and restart IIS

    • Isolate servers: Disconnect from the internet if patching is delayed

    • Assume breach: Begin incident response and forensic investigation

passion we share