Microsoft SharePoint’s error puts critical government agencies at risk
NEWNow you can listen to News articles!
Computer pirates are actively exploiting a new zero day error in Microsoft SharePoint server software. The same software is used by key government agencies of the United States, including those linked to national security.
Vulnerability affects SharePoint’s local versions, which allows attackers to break into systems, steal data and move in silence through connected services. Although the cloud version is not affected, the local version is widely used by the main US agencies, universities and companies. That puts much more than internal systems at risk.
Register for my free Cyberguy report
Get my best technological tips, urgent security alerts and exclusive offers delivered directly to your inbox. In addition, you will get instant access to my final scam survival guide, free when I join me Cyberguy.com/newsletter
National Security experts raise concerns after the Microsoft program exposed as a possible way for Chinese espionage
Microsoft applications on the start screen of a smartphone (Kurt “Cyberguy” Knutsson)
SharePoint Zero Day: What you need to know about the exploit
The exploit was first identified by the cybersecurity firm Eye Security on July 18. Researchers say it derives from a previously unknown vulnerability chain that can give attackers the total control of SharePoint vulnerable servers without any credential. The fault allows them to steal the keys to the machine used to sign authentication tokens, which means that attackers can impersonate legitimate users or services even after a system is parking or restarting.
According to ocular security, vulnerability seems to be based on two errors demonstrated at the PWN2own security conference earlier this year. While these exploits were initially shared as proof of concept proof, the attackers have now armed the technique to attack real world organizations. The exploit chain has been called “Shellshell.”
What is artificial intelligence (AI)?
How SharePoint’s vulnerability allows computer pirates to access Microsoft services
Once inside a committed SharePoint server, computer pirates can access Microsoft Services connected. These include Outlook, Teams and OneDrive. This puts a wide range of corporate data at risk. The attack also allows computer pirates to maintain long -term access. They can do this stealing cryptographic material signed by authentication tokens. The United States Cybersecurity and Infrastructure Security Agency (CISA) urges organizations to act. Recommend verifying systems to obtain compromise signs and isolate vulnerable internet servers.
The first reports confirmed about 100 victims. Now, researchers believe that attackers have committed more than 400 SharePoint servers worldwide. However, this number refers to servers, not necessarily organizations. According to reports, the number of affected groups is growing rapidly. One of the highest profile objectives is the National Nuclear Safety Administration (NNSA). Microsoft confirmed that it was directed but has not confirmed a successful violation.
Other affected agencies include the Department of Education, the Florida Department of Income and the General Assembly of Rhode Island.
Microsoft’s name and logo in a building (Kurt “Cyberguy” Knutsson)
Microsoft confirms SharePoint’s patches exploit and release
Microsoft confirmed the problem, revealing that it was aware of the “active attacks” that exploit vulnerability. The company has published Patches for SharePoint Server 2016, SharePoint Server 2019 and SharePoint Subscription Edition. The patches for all versions in the first compatible were broadcast from July 21.
Get the News business on the fly by clicking here
What you should do regarding SharePoint’s safety risk
If it is part of a business or organization that manages its own SharePoint servers, especially older local versions, your IT team or security should take this seriously. Even if a system is a paveled, it could still be at risk if the machine keys were stolen. Administrators must also rotate cryptographic keys and audit authentication tokens. For the general public, action is not needed at this time since this problem does not affect Microsoft accounts of Microsoft as outlook.com, OneDrive or Microsoft 365. But it is a good reminder to stay cautious online.
Microsoft’s name and logo in a building (Kurt “Cyberguy” Knutsson)
What you should do regarding SharePoint’s safety risk
If your organization uses SharePoint servers at the facilities, take the following steps immediately to reduce risk and limit potential damage:
1. Disconnect vulnerable servers: Take SharePoint servers without patches offline immediately to avoid active exploitation.
2. Install available updates: Apply the Microsoft emergency patches for SharePoint Server 2016, 2019 and the subscription edition without delay.
3. Rotate authentication keys: Replace all the keys to the machine used to sign authentication tokens. These may have been stolen and can allow continuous access even after patch.
4. Scan to see the commitment: Verify the systems to obtain unauthorized access signs. Look for an abnormal login behavior, the misuse of the token or the lateral movement inside the network.
5. Enable the Security Registry: Turn on the detailed registration and monitoring tools to help detect suspicious activities in the future.
6. Review of connected services: Audit access to outlook, equipment and OneDrive to obtain suspicious behavior signs linked to SharePoint’s violation.
7. Subscribe to alerts of threats: Register to get CISA and Microsoft notices to keep updated in future patches and exploits.
8. Consider migration to the cloud: If possible, make the transition to SharePoint Online, which offers built -in security protection and automatic patches.
9. Strengthen passwords and use two factors authentication: Encourage employees to stay attentive. Although this exploitation is directed to organizations, it is a good reminder to enable two factors authentication (2fa) and use safe passwords. Create safe passwords for all your accounts and devices, and avoid using the same password for multiple online accounts. Consider using a password administrator, which stores and generates complex passwords, reducing the risk of password reuse. See the best password administrators reviewed by 2025 experts in Cyberguy.com/Passwords
Click here to get the News application
Kurt key takeway
This Zero SharePoint day shows how quickly research can become real attacks. What began as a proof of concept is now to reach hundreds of real systems, including the main government agencies. The most terrifying part is not only the access it gives, but how it allows computer pirates to remain hidden even after it is parking.
Should there be stricter rules around the use of safe software in the government? Get us knowing in Cyberguy.com/contact
Register for my free Cyberguy report
Get my best technological tips, urgent security alerts and exclusive offers delivered directly to your inbox. In addition, you will get instant access to my final scam survival guide, free when I join me Cyberguy.com/newsletter
Copyright 2025 Cyberguy.com. All rights reserved.
Kurt “Cyberguy” Knutsson is a award -winning technological journalist who has a deep love for technology, equipment and devices that improve life with their contributions for News & News Business Startzing Mornings in “News & Friends”. Do you have a technological question? Get the free Kurt’s free newsletter, share your voice, an idea of the story or comment on Cyberguy.com.