Microsoft’s SharePoint SOS: Patch Party for 2019 & Subscription Users, 2016 Left Hanging!
Microsoft has released new security updates to fix serious vulnerabilities affecting on-premises SharePoint servers. While patches are available for SharePoint 2019 and Subscription Edition, SharePoint 2016 users are still waiting. Microsoft recommends updating immediately and taking additional precautions, like rotating machine keys and deploying endpoint protection, to fully protect your SharePoint server.
Hot Take:
Ah, SharePoint—it’s the trusty old workhorse of on-premises file sharing. But, much like that one colleague who always forgets their lunch in the fridge, it also has a knack for showing up in cybersecurity reports for all the wrong reasons. This time, Microsoft’s got some serious bugs to squash, and they’re urging everyone to patch up before their SharePoint servers start moonlighting as a hacker’s playground. At least now, when that one IT guy tells you to “update your system,” you’ll have a solid reason to listen. For SharePoint 2016 users, however, it’s like you’re stuck at a traffic light that never turns green—just apply those patches and hope for the best!
Key Points:
- Microsoft has released updates for two vulnerabilities, CVE-2025-53770 and CVE-2025-53771, in on-premises SharePoint servers.
- The vulnerabilities allow attackers to execute code and plant web shells, with exploitation already reported in active campaigns.
- Fixes are available for SharePoint 2019 and Subscription Edition, but SharePoint 2016 users are still waiting for updates.
- Microsoft advises rotating machine keys and restarting IIS as part of the mitigation strategy.
- Older SharePoint versions like 2010 and 2013 are no longer supported and remain vulnerable.