Emergency Fix Released: Microsoft Battles Zero-Day Vulnerability in SharePoint
Microsoft has issued an emergency fix for SharePoint software due to a zero-day vulnerability. Hackers exploited this flaw, affecting businesses and possibly U.S. government agencies. Known as 'ToolShell,' the exploit risks exposing all on-prem SharePoint servers to attacks. Urgent patching and disconnection from the internet are recommended.
In a swift response to a serious security breach, Microsoft has rolled out an emergency fix to address a vulnerability in its SharePoint software, heavily utilized by businesses and U.S. government agencies. Reports indicate that hackers have leveraged this flaw in a wave of attacks.
The tech giant acknowledged the zero-day exploit, releasing guidelines to rectify the issue for SharePoint Server 2019 and SharePoint Server Subscription Edition users, though a solution for the older SharePoint Server 2016 is still in progress. 'SharePoint poses a significant risk to users,' said Adam Meyers of CrowdStrike, highlighting the widespread reliance on the software for document management and collaboration.
The Cybersecurity and Infrastructure Security Agency (CISA) identified the issue as a variant of CVE-2025-49706, emphasizing the risk to on-premise servers. Security teams globally are urged to implement patches immediately, disconnect systems from the internet, and seek professional incident response to thwart potential damages by the 'ToolShell' exploit.
(With inputs from agencies.)
- READ MORE ON:
- Microsoft
- SharePoint
- vulnerability
- cyberattack
- zero-day
- security
- patching
- CISA
- ToolShell
- exploit
ALSO READ
UN Security Council Extends Monitoring of Houthi Attacks in Red Sea
Sickle Attack Over Salary Dispute: Security Guards' Clash in Mumbai
Assam Strikes Oil: A Boost for State and National Energy Security
Deadly Encounter in Bokaro: Security Forces Clash with Maoists
Security Forces Strike Blow Against Naxal Command in Jharkhand
Google News