Hacker attack endangers authorities and companies: Microsoft software affected!

Hacker attack endangers authorities and companies: Microsoft software affected!

In the past few days, the US technology company Microsoft has discovered an alarming vulnerability in its SharePoint software, which has already led to attacks on many organizations, both in the economic and government sector. This weak point affects local servers that are used for sharing files via Sharepoint. The attackers have already achieved successful access to the “dozens” organizations systems, with the IT security company Palo Alto Networks reported on extensive activities. Access to the servers could potentially lead to the theft of sensitive data and passwords, including digital keys, which could grant the attackers later access to closed systems. Security company Crowdstrike describes the weak point as "important".

Microsoft has given the problem in a blog entry and immediately published updates to master the security gap. The US IT Security Authority CISA also commented and asked those affected to act quickly. The first indications of the attacks were found on Friday, although it remains unclear who is behind the attacks. It is particularly worrying that in the USA server was successfully compromised by two federal authorities, but no specific information about the authorities concerned is given.

Details on the security gap

This specific weak point, known as CVE-2025-53770, enables attackers to obtain unauthorized access to locally operated Sharepoint servers. According to CISA, susceptibility to security allows the remote code version (RCE). Exploit tools such as "Toolshell" enable access to confidential data and the execution of any codes. The threat is considerable and the complete extent will continue to be examined. CISA has recommended implementing processes for security check and monitoring to protect the systems.

cisa recommends the following:

• Configuration of the Antimalware Scan Interface (AMSI) in SharePoint to increase security.
• Implementation of Microsoft Defender AV on all SharePoint servers.
• separation of the affected products from the service if Amsi cannot be active.
• application of official remedial measures as soon as they are available.
• Following the BOD 22-01 guidelines especially for federal authorities.

preventive measures and reaction of the authorities

CISA included CVE-2025-53770 on July 20, 2025 in her catalog of the "Known Exploited Vulnerabilities". In order to minimize the threat, CISA advises all organizations to report incidents immediately. Companies are suggested to implement a comprehensive logging and surveillance system for identifying exploit activities as well as checking and minimizing the layout and administrator rights. In addition, specific IP addresses were identified, from which suspicious activities took place between 18 and 19 July 2025.

The continuous remedy of known weaknesses remains crucial to protect organizations from cyber attacks. CISA makes it clear that all those affected have to act as quickly as possible to avoid consequential damage.
Read more on this topic at , All about security and cyber security news .