{"id":351573,"date":"2025-07-23T07:16:17","date_gmt":"2025-07-23T14:16:17","guid":{"rendered":"https:\/\/msftnewsnow.com\/?p=351573"},"modified":"2025-07-25T12:47:11","modified_gmt":"2025-07-25T16:47:11","slug":"microsoft-sharepoint-zero-day-hacks-us-nuclear-set","status":"publish","type":"post","link":"https:\/\/msftnewsnow.com\/microsoft-sharepoint-zero-day-hacks-us-nuclear-set\/","title":{"rendered":"Microsoft SharePoint Zero-Day Exploit Exposes U.S. National Nuclear Security Administration (NNSA)"},"content":{"rendered":"<div class=\"relative\">\n<div class=\"prose text-pretty dark:prose-invert inline leading-normal break-words min-w-0 [word-break:break-word]\">\n<p class=\"my-0\"><a href=\"https:\/\/msftnewsnow.com\/microsoft-sharepoint-zero-day-attack-toolshell\/\" target=\"_blank\" rel=\"noopener\">A severe zero-day vulnerability in Microsoft SharePoint Server has triggered a cybersecurity crisis<\/a>, culminating in breaches of over 50 organizations, including the U.S. National Nuclear Security Administration (NNSA) \u2014 the agency responsible for America\u2019s nuclear arsenal security<span class=\"whitespace-nowrap\">.<\/span> <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2025-07-23\/us-nuclear-weapons-agency-breached-in-microsoft-sharepoint-hack\" target=\"_blank\" rel=\"noopener\">As reported by <em>Bloomberg<\/em><\/a>, Microsoft and federal authorities confirm that the exploit has enabled hackers, <a href=\"https:\/\/msftnewsnow.com\/chinese-hackers-exploit-sharepoint-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">reportedly affiliated with the Chinese government<\/a>, to access sensitive internal networks using a chain of vulnerabilities named &#8220;ToolShell&#8221; and tracked as <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53770\" target=\"_blank\" rel=\"noopener\">CVE-2025-53770<\/a> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53771\" target=\"_blank\" rel=\"noopener\">CVE-2025-53771<\/a><span class=\"whitespace-nowrap\">.<\/span><\/p>\n<h2 id=\"timeline-of-the-microsoft-sharepoint-zero-day-atta\" class=\"mb-2 mt-6 text-base font-[500] first:mt-0 md:text-lg dark:font-[475] [hr+&amp;]:mt-4\"><strong>Timeline of the Microsoft SharePoint Zero-Day Attack<\/strong><\/h2>\n<p><a href=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/07\/48d3b9e0-b87d-4796-a3b2-ade8685c027a-scaled.jpg?strip=all&lossy=1&quality=88&sharp=1&w=2560&ssl=1\"><img decoding=\"async\" data-attachment-id=\"351624\" data-permalink=\"https:\/\/msftnewsnow.com\/microsoft-sharepoint-zero-day-hacks-us-nuclear-set\/48d3b9e0-b87d-4796-a3b2-ade8685c027a\/#main\" data-orig-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/07\/48d3b9e0-b87d-4796-a3b2-ade8685c027a-scaled.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" data-orig-size=\"1080,720\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"48d3b9e0-b87d-4796-a3b2-ade8685c027a\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/07\/48d3b9e0-b87d-4796-a3b2-ade8685c027a-scaled.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" data-large-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/07\/48d3b9e0-b87d-4796-a3b2-ade8685c027a-scaled.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" class=\"alignnone wp-image-351624 size-full\" src=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/07\/48d3b9e0-b87d-4796-a3b2-ade8685c027a-scaled.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" alt=\"Microsoft SharePoint Zero-Day Exploit Exposes U.S. National Nuclear Security Administration (NNSA)\" width=\"1080\" height=\"720\" srcset=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/07\/48d3b9e0-b87d-4796-a3b2-ade8685c027a-scaled.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;ssl=1 1080w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/07\/48d3b9e0-b87d-4796-a3b2-ade8685c027a-150x100.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;ssl=1 150w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/07\/48d3b9e0-b87d-4796-a3b2-ade8685c027a-scaled.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=216&amp;ssl=1 216w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/07\/48d3b9e0-b87d-4796-a3b2-ade8685c027a-scaled.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=432&amp;ssl=1 432w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/07\/48d3b9e0-b87d-4796-a3b2-ade8685c027a-scaled.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=648&amp;ssl=1 648w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/07\/48d3b9e0-b87d-4796-a3b2-ade8685c027a-scaled.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=864&amp;ssl=1 864w\" sizes=\"(max-width: 1080px) 100vw, 1080px\" \/><\/a><\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\"><strong>May 2025:<\/strong> Two critical SharePoint bugs first demonstrated at the <a href=\"https:\/\/unit42.paloaltonetworks.com\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/\" target=\"_blank\" rel=\"noopener\">Pwn2Own hacking contest<\/a>, later identified as the attack vector for ToolShell<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>July 8, 2025:<\/strong> Microsoft acknowledges initial SharePoint vulnerabilities (CVE-2025-49704\/49706) and issues a patch for some, but full exploitation had not yet been observed<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>July 14\u201317, 2025:<\/strong> Security researchers and Microsoft observe proof-of-concept exploit code released and the first clusters of active attacks targeting organizations<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>July 18, 2025:<\/strong> Breaches begin at several federal agencies, including the NNSA. Hackers gain unauthorized access to on-premises SharePoint servers and connected services<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>July 19\u201321, 2025:<\/strong> Emergency out-of-band patches released by Microsoft for SharePoint Subscription Edition and 2019, with mitigation steps for SharePoint 2016 pending<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>July 22\u201323, 2025:<\/strong> More than 50 organizations confirmed as breached, with advisory updates from Microsoft, CISA, and cybersecurity firms<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<\/li>\n<\/ul>\n<h2 id=\"details-of-the-sharepoint-vulnerabilities-toolshel\" class=\"mb-2 mt-6 text-base font-[500] first:mt-0 md:text-lg dark:font-[475] [hr+&amp;]:mt-4\"><strong>Details of the SharePoint Vulnerabilities (ToolShell)<\/strong><\/h2>\n<p class=\"my-0\">ToolShell is the name given to the <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/update-microsoft-releases-guidance-exploitation-sharepoint-vulnerabilities\" target=\"_blank\" rel=\"noopener\">new SharePoint zero-day attack chain<\/a>, exploiting CVE-2025-53770 (a critical remote code execution flaw) and CVE-2025-53771 (a server spoofing bug).<\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\"><strong>CVE-2025-53770:<\/strong> Allows unauthenticated attackers to execute arbitrary code on vulnerable SharePoint servers due to insecure data deserialization. CVSS score: 9.8\/10.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>CVE-2025-53771:<\/strong> Enables server spoofing by bypassing directory restrictions.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-0\"><strong>On-Premises at Risk:<\/strong><br \/>\nOnly on-premises versions of SharePoint Server are affected. SharePoint Online and Microsoft 365 cloud-hosted environments remain secure<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<p class=\"my-0\"><strong>Attack Impact:<\/strong><\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\">Complete system compromise<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Unauthorized access to sensitive documents and credentials<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Potential lateral movement to linked apps (Teams, OneDrive, Outlook)<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Persistent, unauthenticated access that could potentially evade future patches<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"who-was-breached-us-national-nuclear-security-admi\" class=\"mb-2 mt-6 text-base font-[500] first:mt-0 md:text-lg dark:font-[475] [hr+&amp;]:mt-4\"><strong>U.S. National Nuclear Security Administration Breached<\/strong><\/h2>\n<p class=\"my-0\">The NNSA, part of the U.S. Department of Energy, was one of the highest-profile targets. Hackers leveraged the SharePoint bug to access a &#8220;small number of systems,&#8221; but <strong>no classified or sensitive nuclear data was compromised<\/strong>. This limited impact is credited to the agency&#8217;s extensive adoption of Microsoft 365 cloud solutions, robust cybersecurity defenses, and quick mitigation actions<span class=\"whitespace-nowrap\">.<\/span> All affected systems are reportedly in the process of being restored.<\/p>\n<p class=\"my-0\">Other U.S. federal and state agencies, universities, and energy companies were also reportedly attacked (<a href=\"https:\/\/www.theverge.com\/news\/712080\/microsoft-sharepoint-hack-us-nuclear-weapons-agency\" target=\"_blank\" rel=\"noopener\">via <em>The Verge<\/em><\/a>), with the campaign echoing fears about cyber-espionage and critical infrastructure security<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<h2 id=\"who-is-behind-the-attacks\" class=\"mb-2 mt-6 text-base font-[500] first:mt-0 md:text-lg dark:font-[475] [hr+&amp;]:mt-4\"><strong>Who Is Behind the Attacks?<\/strong><\/h2>\n<p class=\"my-0\">Microsoft\u2019s investigation, corroborated by federal cybersecurity agencies, <a href=\"https:\/\/msftnewsnow.com\/chinese-hackers-exploit-sharepoint-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">points to sophisticated groups linked to the Chinese government<\/a> \u2014 notably &#8220;Linen Typhoon,&#8221; &#8220;Violet Typhoon,&#8221; and &#8220;Storm-2603.&#8221; Their operations appear part of broader cyber-espionage efforts targeting not only U.S. government infrastructure but also global organizations, especially those involved in critical sectors.<\/p>\n<h2 id=\"how-was-the-exploit-used\" class=\"mb-2 mt-6 text-base font-[500] first:mt-0 md:text-lg dark:font-[475] [hr+&amp;]:mt-4\"><strong>How Was the Exploit Used?<\/strong><\/h2>\n<p class=\"my-0\">Hackers exploited the on-premises SharePoint servers through the ToolShell chain, enabling them to:<\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\">Install malicious web shells for persistent access<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Exfiltrate credentials, internal files, and configurations remotely<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Move laterally to other systems interconnected via SharePoint<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-0\">Initial exploit attempts began in early July, intensifying rapidly after exploit code became available online and before Microsoft could roll out a comprehensive fix<span class=\"whitespace-nowrap\">.<\/span> Attackers used attack techniques recognizable from cybersecurity competitions and proof-of-concept code made public within days after the CVEs were disclosed<span class=\"whitespace-nowrap\">.<\/span> Evidence shows dozens of distinct compromise attempts across government, telecom, and tech sectors since July 7th<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<h2 id=\"microsofts-emergency-response-and-patch-details\" class=\"mb-2 mt-6 text-base font-[500] first:mt-0 md:text-lg dark:font-[475] [hr+&amp;]:mt-4\"><strong>Microsoft\u2019s Emergency Response and Patch Details<\/strong><\/h2>\n<p class=\"my-0\">In direct response to these attacks, Microsoft has:<\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\">Released emergency security updates for SharePoint Server 2019 and Subscription Edition<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Advised immediate patching and additional mitigations:<\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\">Enable AMSI detection<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Rotate ASP.NET machine keys<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Isolate public-facing SharePoint servers<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p class=\"my-0\">Communicated fixes are ongoing for legacy versions, specifically SharePoint Server 2016<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-0\">Microsoft and cybersecurity agencies emphasize that <strong>SharePoint Online and Microsoft 365 cloud environments are not vulnerable to these exploits<\/strong><span class=\"whitespace-nowrap\">.<\/span><\/p>\n<h2 id=\"security-recommendations-for-all-sharepoint-users\" class=\"mb-2 mt-6 text-base font-[500] first:mt-0 md:text-lg dark:font-[475] [hr+&amp;]:mt-4\"><strong>Security Recommendations for All SharePoint Users<\/strong><\/h2>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\"><strong>Apply all available SharePoint security patches<\/strong> right now, prioritizing on-premises deployments<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Isolate<\/strong> exposed SharePoint servers from the Internet where feasible.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Regularly <strong>rotate server credentials and machine keys<\/strong>.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Implement advanced monitoring<\/strong> (AMSI, endpoint security, intrusion detection systems).<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>Longer-Term Best Practices<\/strong><\/h2>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/sharepointmigration\/introducing-the-sharepoint-migration-tool\" target=\"_blank\" rel=\"noopener\"><strong>Migrate to Microsoft 365 or cloud-hosted SharePoint<\/strong><\/a> where possible, as these versions are more resilient to such attacks.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Conduct regular security assessments and penetration testing.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Limit SharePoint integrations to only essential applications and networks.<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"broader-impact-and-industry-response\" class=\"mb-2 mt-6 text-base font-[500] first:mt-0 md:text-lg dark:font-[475] [hr+&amp;]:mt-4\"><strong>Industry Impact<\/strong><\/h2>\n<p class=\"my-0\">The ToolShell exploit has cast a spotlight on ongoing vulnerabilities in self-hosted enterprise collaboration software and highlighted the urgent need for proactive patching and real-time threat intelligence.<\/p>\n<p class=\"my-0\">Industry reaction includes:<\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\"><a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770\" target=\"_blank\" rel=\"noopener\">CISA adding CVE-2025-53770<\/a> to its catalog of known exploited vulnerabilities<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Government and private sector partners accelerating cloud migrations.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Renewed debate about risks of centralized, widely deployed platforms for critical functions.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-0\">The latest SharePoint zero-day cyberattack represents a <a href=\"https:\/\/msftnewsnow.com\/microsoft-sharepoint-zero-day-attack-toolshell\/\" target=\"_blank\" rel=\"noopener\">wake-up call for organizations managing on-premises servers<\/a>. While Microsoft and security authorities moved quickly to patch these vulnerabilities, the incident underlines the critical importance of defense-in-depth practices, rapid patch application, and a shift to more secure cloud services wherever possible.<\/p>\n<p class=\"my-0\"><strong>If your organization runs self-hosted Microsoft SharePoint, patch immediately and review incident response procedures.<\/strong><\/p>\n<p class=\"my-0\"><strong>For continuous Microsoft news and cybersecurity insights, bookmark <a href=\"https:\/\/msftnewsnow.com\/\" target=\"_blank\" rel=\"noopener\">msftnewsnow.com<\/a> and subscribe for real-time updates.<\/strong><\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A severe zero-day vulnerability in Microsoft SharePoint Server has triggered a cybersecurity crisis, culminating in breaches of over 50 organizations, including the U.S. National Nuclear Security Administration (NNSA) \u2014 the agency responsible for America\u2019s nuclear arsenal security. As reported by Bloomberg, Microsoft and federal authorities confirm that the exploit has enabled hackers, reportedly affiliated with &#8230; <a title=\"Microsoft SharePoint Zero-Day Exploit Exposes U.S. National Nuclear Security Administration (NNSA)\" class=\"read-more\" href=\"https:\/\/msftnewsnow.com\/microsoft-sharepoint-zero-day-hacks-us-nuclear-set\/\" aria-label=\"Read more about Microsoft SharePoint Zero-Day Exploit Exposes U.S. National Nuclear Security Administration (NNSA)\">Read more<\/a><\/p>\n","protected":false},"author":208461344,"featured_media":351640,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[24,2448],"tags":[1271,919,778,668,1272,123,1083,1188],"class_list":["post-351573","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-microsoft-365-and-office","tag-cybersecurity","tag-hacking","tag-microsoft","tag-microsoft-365","tag-onedrive","tag-outlook","tag-security","tag-sharepoint"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/download.jpg","jetpack_shortlink":"https:\/\/wp.me\/pfgCZY-1tsx","jetpack-related-posts":[{"id":352714,"url":"https:\/\/msftnewsnow.com\/sharepoint-zero-day-attacks-surge-over-400-orgshit\/","url_meta":{"origin":351573,"position":0},"title":"SharePoint Zero-Day Attacks Surge: Over 400 Organizations Breached Amid Critical Microsoft Vulnerabilities","author":"Dave W. Shanahan","date":"July 24, 2025","format":false,"excerpt":"A wave of cyberattacks linked to Chinese-backed threat actors is sweeping across global enterprises, exploiting multiple zero-day vulnerabilities in Microsoft SharePoint. These coordinated attacks\u2014leveraging CVE-2025-49704, CVE-2025-49706, and newly identified patch bypasses CVE-2025-53770 and CVE-2025-53771\u2014are fueling both ransomware outbreaks and strategic espionage campaigns. At least 400 organizations have been breached as\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"SharePoint Zero-Day Attacks Surge: Over 400 Organizations Breached Amid Critical Microsoft Vulnerabilities","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/image.jpeg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/image.jpeg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/image.jpeg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/image.jpeg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":351371,"url":"https:\/\/msftnewsnow.com\/microsoft-sharepoint-zero-day-attack-toolshell\/","url_meta":{"origin":351573,"position":1},"title":"Critical Microsoft SharePoint Zero-Day Attack CVE-2025-53770 Exposes On-Premises Servers, Emergency Guidance Issued","author":"Dave W. Shanahan","date":"July 20, 2025","format":false,"excerpt":"Microsoft has confirmed a major zero-day vulnerability is being actively exploited in on-premises SharePoint Server, with no patch currently available for most affected versions. Dubbed CVE-2025-53770\u2014nicknamed \u201cToolShell\u201d by researchers\u2014the Microsoft SharePoint flaw enables unauthenticated attackers to take full control of targeted SharePoint servers. As of July 20, 2025, the attacks\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Critical Microsoft SharePoint Zero-Day Attack Exposes On-Premises Servers: Emergency Guidance Issued","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/24e12846-443b-4210-a446-e47d0e59ecba-scaled.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/24e12846-443b-4210-a446-e47d0e59ecba-scaled.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/24e12846-443b-4210-a446-e47d0e59ecba-scaled.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/24e12846-443b-4210-a446-e47d0e59ecba-scaled.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/24e12846-443b-4210-a446-e47d0e59ecba-scaled.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":16717,"url":"https:\/\/msftnewsnow.com\/may-2024-two-zero-day-vulnerabilities\/","url_meta":{"origin":351573,"position":2},"title":"Microsoft addresses two zero-day vulnerabilities, including 61 security issues in May 2024 security updates","author":"Dave W. Shanahan","date":"May 18, 2024","format":false,"excerpt":"In its May 2024 security updates, Microsoft has patched a total of 61 vulnerabilities across its products, including two zero-day vulnerabilities that were being actively exploited in the wild.","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft addresses two zero-day vulnerabilities, including 61 security issues in May 2024 security updates","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/05\/7080b222-1259-4453-9dc4-dd1c2bba327c.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/05\/7080b222-1259-4453-9dc4-dd1c2bba327c.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/05\/7080b222-1259-4453-9dc4-dd1c2bba327c.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/05\/7080b222-1259-4453-9dc4-dd1c2bba327c.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":11711,"url":"https:\/\/msftnewsnow.com\/microsoft-365-boosts-sharepoint\/","url_meta":{"origin":351573,"position":3},"title":"Microsoft 365 boosts SharePoint security with new access control","author":"Dave W. Shanahan","date":"February 11, 2024","format":false,"excerpt":"The new SharePoint feature enhances Microsoft's access control, allowing precise app permissions on specific site collections.","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"sharepoint, microsoft graph, microsoft 365","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/02\/R-1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/02\/R-1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/02\/R-1.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/02\/R-1.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":351492,"url":"https:\/\/msftnewsnow.com\/chinese-hackers-exploit-sharepoint-vulnerabilities\/","url_meta":{"origin":351573,"position":4},"title":"Microsoft Says Chinese State Actors Exploit New SharePoint Vulnerabilities: CVE-2025-53770, CVE-2025-49704, CVE-2025-49706, and CVE-2025-53771, Immediate Security Updates Required","author":"Dave W. Shanahan","date":"July 22, 2025","format":false,"excerpt":"Microsoft has sounded the alarm after discovering ongoing, active exploitation of multiple critical SharePoint vulnerabilities in on-premises SharePoint Server deployments. The Microsoft Security Response Center (MSRC) blog published on July 19, 2025, reveals that Chinese nation-state actors, including Linen Typhoon, Violet Typhoon, and Storm-2603, are targeting CVE-2025-53770, CVE-2025-49704, CVE-2025-49706, and\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Chinese State Actors Exploit New SharePoint Vulnerabilities: CVE-2025-53770, CVE-2025-49704, CVE-2025-49706, and CVE-2025-53771, Microsoft Urges Immediate Security Updates","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/png-transparent-microsoft-sharepoint-server-microsoft-project-web-part-document-share-blue-text-trademark.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/png-transparent-microsoft-sharepoint-server-microsoft-project-web-part-document-share-blue-text-trademark.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/png-transparent-microsoft-sharepoint-server-microsoft-project-web-part-document-share-blue-text-trademark.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/png-transparent-microsoft-sharepoint-server-microsoft-project-web-part-document-share-blue-text-trademark.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":13656,"url":"https:\/\/msftnewsnow.com\/restricted-sharepoint-search-for-copilot\/","url_meta":{"origin":351573,"position":5},"title":"Unlocking Restricted SharePoint Search: Microsoft 365&#8217;s Copilot enhancement for streamlined access","author":"Dave W. Shanahan","date":"March 8, 2024","format":false,"excerpt":"Microsoft has introduced a new feature called Restricted SharePoint Search to bolster the data governance capabilities of Copilot for Microsoft 365. This addition is designed to give organizations more control over their site permissions while maintaining the deployment momentum of Copilot. Key Features of Restricted SharePoint Search Review and Audit\u2026","rel":"","context":"In &quot;AI and Copilot&quot;","block_context":{"text":"AI and Copilot","link":"https:\/\/msftnewsnow.com\/ai-and-copilot\/"},"img":{"alt_text":"Restricted SharePoint Search","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/03\/image-4.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/03\/image-4.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/03\/image-4.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/03\/image-4.png?resize=700%2C400&ssl=1 2x"},"classes":[]}],"jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts\/351573","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/users\/208461344"}],"replies":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/comments?post=351573"}],"version-history":[{"count":0,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts\/351573\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/media\/351640"}],"wp:attachment":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/media?parent=351573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/categories?post=351573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/tags?post=351573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}