Microsoft SharePoint Hit by Two New Zero-Day Attacks: No Patches Yet

By Alex David
Mon, 21 Jul 2025 12:10 PM (IST)

Source:JND

Microsoft SharePoint is under attack once again, with two newly discovered zero-day vulnerabilities—CVE-2025-53771 and CVE-2025-5770 - being exploited in the wild. Since July 18th 2025 at least 85 on-premise SharePoint servers worldwide have already been compromised despite the lack of patch updates for affected versions.

New Flaws Bypass Earlier Patches

The severity of the new flaws is amplified by their ability to circumvent the July security updates issued for CVE-2025-49704 and CVE-2025-49706, which were showcased during the Pwn2Own event in Berlin and for which Microsoft had previously supplied mitigations. Microsoft’s advisory further clarifies that SharePoint Online—integrated within Microsoft 365—does not exhibit exposure, while on-premises SharePoint 2016 and 2019 installations retain an elevated risk surface.

ALSO READ: Samsung Galaxy Z Fold 8 Could Launch With Crease-Free Display To Rival Foldable iPhone

To date, only the SharePoint Subscription Edition has received an official fix, disseminated via update KB5002768; remediations for the 2016 and 2019 releases remain in the development queue.

As of now, only SharePoint Subscription Edition has received a fix via update KB5002768, while security patches for legacy versions remain under development. Microsoft suggests several mitigations until an official patch can be released.

Microsoft’s Recommended Mitigations

Until a complete patch is released, Microsoft advises administrators to:

Enable AMSI (Antimalware Scan Interface) integration in SharePoint.
Install Microsoft Defender Antivirus.
Rotate ASP.NET machine keys (via PowerShell’s Update-SPMachineKey or Central Administration).
Disconnect unpatched servers from the internet to minimise risk.

ALSO READ: Perplexity AI Targets Mobile Market With Comet Browser Preload Strategy

Detection & Response

To detect breaches, admins should check for the presence of spinstall0.aspx in the SharePoint layouts directory.

Microsoft also recommends using Microsoft 365 Defender with the special detection query shared in its official blog post to identify malicious activity.

Why This Matters

Given how quickly zero-day exploits evolve despite Microsoft releasing patches, companies using on-premise SharePoint must immediately strengthen their security and implement all available safeguards.