Microsoft urgently released security patches to address two zero-day vulnerabilities in SharePoint, exploited in βToolShellβ attacks impacting over 54 organizations. Organizations are advised to update their SharePoint servers immediately and rotate machine keys to prevent further exploitation. #ToolShell #CVE-2025-53770 #CVE-2025-53771 #SharePointSecurity
Keypoints
- Two zero-day vulnerabilities, CVE-2025-53770 and CVE-2025-53771, have been exploited in worldwide ToolShell attacks.
- Microsoft released emergency out-of-band updates for SharePoint Server 2019 and Subscription Edition.
- SharePoint administrators must install the patches immediately and rotate machine keys using PowerShell or Central Admin.
- Threat actors have targeted over 54 organizations using these vulnerabilities, bypassing previous patches.
- Itβs crucial to analyze logs and file systems for malicious files and activity indicative of exploitation.