Microsoft has confirmed that a serious security vulnerability in SharePoint is being actively exploited. Attackers can use it to steal sensitive data, compromise passwords and gain long-term access to IT systems. Numerous organizations, including government agencies, have already been affected.
Microsoft urges all those affected to take immediate countermeasures.
Recommended immediate measures:
- Install the latest security updates:
Microsoft regularly provides cumulative updates for SharePoint. The current overview and direct download links can be found at:
https://learn.microsoft.com/en-us/officeupdates/sharepoint-updates - Read the official Microsoft blog post on the vulnerability:
Here you will find technical details, recommendations for action (e.g. machine key rotation) and tips for protecting your systems:
https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/ - Disconnect affected systems from the network if an immediate update is not possible
- Monitor your systems for unusual activities, in particular unauthorized access or suspicious file changes.
Background:
The vulnerability affects SharePoint Server (Subscription Edition, 2019, 2016) in on-premises environments. The attacks are highly professional and target critical infrastructures.
Act now to protect your systems and data. If you have any questions, please contact your IT security officer or Microsoft Support.