Recent SharePoint Server Attacks Exploiting Zero-Day Vulnerabilities

800error

As of July 18, 2025, various security providers like Sophos have reported increased waves of attacks targeting Microsoft SharePoint servers accessible via the internet. These attacks involved an exploit utilizing recently patched vulnerabilities (CVE-2025-49704 and CVE-2025-49706) as well as previously unknown zero-day vulnerabilities (CVE-2025-53770 and CVE-2025-53771). Initial attacks were noted on July 17, 2025, but no web shells were installed until later. Microsoft has released special updates to address these issues in multiple SharePoint server versions. The investigation is ongoing as to whether hackers gained access to information about these vulnerabilities before they were publicly known through a potential leak from Microsoft’s internal systems or the MAPPS program designed to alert cybersecurity companies of upcoming threats.

Microsoft is now investigating if there was a security breach in its early warning system for cyber firms, which could have allowed Chinese hackers to exploit zero-day vulnerabilities in SharePoint servers before patches were available. This incident raises significant questions about how such sensitive information is managed and shared within the industry. The potential implications for the MAPPS program are severe; any compromise could undermine trust among participants. Microsoft’s response includes an investigation into what went wrong, with a focus on enhancing security measures moving forward.

Industry Experts Weigh In On Zero-Day Exploits

Experts suggest that the recent spate of attacks exploiting zero-day vulnerabilities underscores the importance of robust internal security practices and rapid incident response mechanisms for technology companies. The ability to detect and respond swiftly to such threats is crucial in minimizing damage. There are calls for tighter controls around how information about unpatched vulnerabilities is communicated among stakeholders, especially when dealing with sensitive issues like zero-day exploits.

Similar questions

What are CVE-2025-49704 and CVE-2025-49706?
When were these vulnerabilities patched by Microsoft?
How do hackers use previously unknown zero-day vulnerabilities in attacks?
Why did it take time for web shells to be installed after initial attacks on July 17, 2025?
What is the MAPPS program and how does it work?
Could Chinese hackers have obtained information about these vulnerabilities through a leak from Microsoft’s internal systems or the MAPPS program?
How might this incident affect trust among cybersecurity companies participating in early warning programs like MAPPS?
What specific security measures is Microsoft planning to enhance following this breach?
Is there evidence that suggests hackers had inside information before the vulnerabilities were publicly known?
Could this event indicate flaws in how sensitive vulnerability data is managed and shared within tech companies?

Related Posts

Solved: Resolving Error Code 0x8024401f Issue in Windows Updates

Error Code 0x8024401f Summary The error code 0x8024401f typically indicates an issue with Windows Update on Microsoft Windows operating systems. This error can occur during the installation or update process of system files and components through Windows Update, often signaling problems related to corrupt or incomplete download attempts, incorrect permissions set for critical directories, issues […]

Solved: Overcoming the 0x80004004 Error in Windows Updates

Error Code 0x80004004 Summary The error code 0x80004004 is often encountered as an access denied or invalid handle error. It can occur in various Microsoft Windows applications and services, including Active Directory integration, Office automation scripts, COM (Component Object Model) programming, and system administration tasks like registry operations. This error typically signifies that the process […]

Solved: Troubleshooting Guide for Windows Error Code 0x80000B0F

Error Code 0x80000B0F Summary The error code 0x80000B0F is generally associated with issues related to Windows Update or problems during the installation of updates. This error can occur when a user attempts to install an update, repair a corrupted system file using System File Checker (SFC) tool, or perform other maintenance tasks that interact with […]