IMPORTANT: Microsoft 365 / SharePoint Online is not impacted. On-prem SharePoint 2016, 2019, and Subscription Edition users must act immediately.
🚨 Critical Security Notice for All On-Premises SharePoint Server Users🚨
A critical zero-day vulnerability, identified as CVE-2025-53770, is actively being exploited in on-premises SharePoint servers. This severe flaw allows unauthenticated remote code execution (RCE) and has already impacted approximately 100 organizations and threatens to put 10,000 companies at risk across various sectors, including U.S. and European government agencies, federal/state bodies, universities, energy firms, healthcare providers, financial services companies, and at least one Asian telecom.
💥 What’s Happening?
Beginning July 18, 2025, attackers began exploiting CVE-2025-53770 using a tool dubbed “ToolShell.” Researchers at Eye Security have scanned around 8,000 servers and discovered dozens of infections. This widespread compromise highlights the urgency for affected organizations to take immediate action.
🔧 How the Attack Works
The vulnerability stems from SharePoint’s deserialization of object states, which attackers abuse to extract crucial machine keys, specifically ValidationKey and DecryptionKey. With these keys in hand, attackers can craft legitimate payloads, establish persistent access, and move laterally throughout the compromised network, significantly increasing the risk of further damage.
What You Need to Know
- The vulnerability allows unauthenticated remote code execution, giving attackers deep access to internal systems.
- Microsoft has confirmed nation-state actors are behind some of the breaches.
- Affected users must patch their systems immediately to avoid compromise.
📥 Download the security updates here:
- SharePoint Subscription Edition Patch
- SharePoint Server 2019 Patch
- SharePoint Server 2016 – Patch not yet released
🛡 How a Dedicated SOC (Security Operations Centre) Team Helps
In light of these zero-day threats, having a dedicated SOC team is no longer optional — it’s critical.
Here’s how a Managed SOC Team like ours can help:
✅ Real-time Threat Intelligence
We stay tapped into global cybersecurity intelligence networks, so your organization is alerted early when zero-day vulnerabilities emerge — often before they make headlines.
✅ Immediate Containment & Response
Our SOC team can isolate vulnerable systems, apply vendor patches quickly, and monitor for signs of compromise to prevent lateral movement.
✅ Patch Management & Advisory
We ensure your on-premises software — like SharePoint — is updated, hardened, and verified for integrity in response to active threat campaigns.
Don’t Wait – Let’s Secure Your Infrastructure Today
If you are using on-prem SharePoint or unsure whether your current setup is secure, contact us now for a no-obligation consultation or a demo of our Managed SOC services.
Learn More: https://www2.internetnow.com.my/insightnow-managed-security-services/
Email us directly: enquiry@internetnow.com.my
WhatsApp: (+60)16-262 0853
Let us help you stay a step ahead of cyber threats — before they become cyber disasters.