Microsoft SharePoint vulnerability puts critical servers at risk
A newly discovered zero-day exploit targeting Microsoft SharePoint servers is being actively used by hackers, putting thousands of on-premises systems at immediate risk. The vulnerability allows attackers to steal credentials and gain unauthorized access, even after a server has been rebooted or patched. While Microsoft has issued urgent security alerts and patches for certain versions, the scale of this exploit has raised serious concerns across both the public and private sectors. This blog explains what the Microsoft SharePoint vulnerability is, who is affected, and how to protect your systems.
How the Microsoft SharePoint vulnerability was discovered
The flaw was first detected by cybersecurity researchers at Eye Security on July 18, 2025. It impacts specific on-premises versions of SharePoint and lets attackers impersonate users or services, even post-reboot. Researchers believe this exploit evolved from two separate bugs initially showcased during May’s Pwn2Own hacking contest. Once inside, hackers can harvest sensitive data, steal passwords, and move laterally across a network—especially concerning since SharePoint often links directly to tools like Teams, Outlook, and OneDrive.
Scope and severity of the Microsoft SharePoint vulnerability
This isn’t just a hypothetical threat. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that government agencies, universities, and even critical infrastructure—like energy companies—have already been attacked. Reports also indicate an Asian telecom company has been compromised. While Microsoft has released patches for SharePoint 2019 and the Subscription Edition, SharePoint 2016 remains vulnerable, pending an official fix. Until then, experts recommend disconnecting affected servers from the internet to prevent further breaches.
How to respond to the Microsoft SharePoint vulnerability
If you manage on-premises SharePoint servers, immediate action is crucial. Apply all available Microsoft security patches, conduct forensic scans to detect suspicious activity, and disconnect exposed servers from public networks where possible. While cloud-based SharePoint environments remain safe, hybrid environments should still be reviewed for any indirect risks. The best defense right now is a combination of prompt patching, strong monitoring, and reducing your attack surface until Microsoft issues a universal fix.
Access our platform effortlessly on-the-go through our user-friendly mobile apps.
𝗦𝗲𝗺𝗮𝘀𝗼𝗰𝗶𝗮𝗹 𝗶𝘀 𝘄𝗵𝗲𝗿𝗲 𝗿𝗲𝗮𝗹 𝗽𝗲𝗼𝗽𝗹𝗲 𝗰𝗼𝗻𝗻𝗲𝗰𝘁, 𝗴𝗿𝗼𝘄, 𝗮𝗻𝗱 𝗯𝗲𝗹𝗼𝗻𝗴. We’re more than just a social platform — from jobs and blogs to events and daily chats, we bring people and ideas together in one simple, meaningful space.
