Microsoft’s Emergency Patch Party: SharePoint Servers Under Siege in “ToolShell” Chaos
Microsoft has released emergency patches for SharePoint zero-days exploited in “ToolShell” attacks. The SharePoint zero-day vulnerability CVE-2025-53770 is currently being exploited, with attackers running commands pre-authentication. Microsoft advises enabling AMSI integration and deploying Microsoft Defender to protect against these vulnerabilities.
Hot Take:
Microsoft’s SharePoint servers are feeling more heat than a summer barbecue, as the company scrambles to patch a couple of feisty zero-day vulnerabilities. Dubbed “ToolShell,” these exploits are wreaking havoc on on-premises servers like a toddler in a candy store, leaving IT professionals with more headaches than a broken air conditioner in July. It’s a classic case of “patch or perish” as Microsoft urges everyone to batten down the hatches and deploy the necessary mitigations faster than a cat on a hot tin roof. SharePoint Online users can sit back and relax with their popcorn, while on-prem servers get the emergency treatment they desperately need. Grab your security blankets, folks; it’s going to be a bumpy ride!
Key Points:
– Microsoft has released emergency patches for two zero-day vulnerabilities in SharePoint, CVE-2025-53770 and CVE-2025-53771.
– The “ToolShell” attacks exploit these flaws, with CVE-2025-53770 being actively used in the wild.
– Both vulnerabilities impact only on-premises SharePoint servers, not SharePoint Online in Microsoft 365.
– Attackers use these vulnerabilities to execute remote commands and move laterally, making detection tough.
– Microsoft emphasizes the importance of enabling AMSI integration and deploying Microsoft Defender for protection.