After discovering “active attacks” on server software that businesses and government organizations use to transfer information throughout their operations, tech giant Microsoft released an urgent security update. According to Microsoft, the vulnerabilities exclusively affect business-use SharePoint servers. The group claims that the attacks had no effect on SharePoint Online, which is hosted in the cloud and is part of Microsoft 365. “Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update,” the tech giant said in its security note. The company recommended that customers immediately install security upgrades. The US FBI also said it is aware of the attacks and is working closely with its federal and private-sector partners. The vulnerability concerns a case of remote code execution that happens in Microsoft SharePoint Server on-premise editions when unserialized data is deserialized. According to Microsoft, the previously revealed information is true and unrelated to the company’s customer service policies.
“After applying the latest security updates above or enabling AMSI, it is critical that customers rotate SharePoint server ASP.NET machine keys and restart IIS on all SharePoint servers,” Microsoft stated. If you cannot enable AMSI, you will need to rotate your keys after you install the new security update,” it says. The ‘CVE-2025-53770’ vulnerability has been added to the Known Exploited Vulnerabilities (KEV) database maintained by the US Cybersecurity and Infrastructure Security Agency (CISA). By July 21, 2025, agencies under the Federal Civilian Executive Branch (FCEB) are required to apply the patches.
Microsoft has implemented security updates that provide customers using SharePoint Subscription Edition and SharePoint 2019 with complete protection against the vulnerabilities posed by CVE-2025-53770 and CVE-2025-53771. The company recommended that users install these updates immediately in order to ensure their safety in its security update.
