Microsoft sharepoint: urgent fixes critical new: For example,
Microsoft sharepoint: urgent fixes critical:
In May. Similarly. Additionally, Similarly, during the PWN2OWN event in Berlin, researchers from Viettel had shown how they could take control of a SharePoint server on site thanks to the sequence of two flaws. Nevertheless, These farms, stamped CVE-2025-49706 and CVE-2025-49704, were corrected in the Tuesday patch on Tuesday July 8. Furthermore, It was better: the attack, named Toolshell, could lead to an execution of arbitrary code from a distance.
However, throughout the weekend, attacks took place everywhere to aim for the same flaws. Consequently, The problem was not this time the lack of installation of the fixes. Therefore, but a bypass of the methods implemented by Microsoft.
Two wild flaws microsoft sharepoint: urgent fixes critical new appear – Microsoft sharepoint: urgent fixes critical
From the microsoft sharepoint: urgent fixes critical night of 18 to 19. Nevertheless, several dozen SharePoint servers on site were attacked with the same method as for Toolshell. Meanwhile, But if the method is the same, the faults are not. Therefore, Two new vulnerabilities have been used to achieve the result, CVE-2025-53770 and CVE-2025-53771. Similarly, The first displays a very high CVSS score of 9.8 out of 10, which makes it a critical flaw. Consequently, The second has a note of 6.3. Moreover, Known and corrected flaws have therefore been transformed into a new 0-day threat.
The situation quickly became serious. Consequently, to the point that Microsoft published a few hours ago two new emergency fixes. Furthermore, In its technical note on the subject. However, the company indicates that the solutions microsoft sharepoint: urgent fixes critical new provided are more robust than those broadcast two weeks ago.
It is therefore recommended to microsoft sharepoint: urgent fixes critical install these fixes as quickly as possible.. However, at least a hundred servers having already been hacked. Used. the new flaws lead to the execution of arbitrary code remotely. allow hackers to take control of the servers, with all that that requires danger to the data hosted.
It should also be noted that these fixes only concern only two editions of SharePoint: Server 2019. Subscription Edition. The 2016 version has no solution yet, but Microsoft promises the rapid publication of a dedicated fix.
In the United States. the CISA (Cybersecurity. Infrastructure Security Agency) added the critical fault CVE-2025-53770 to its catalog of actively exploited vulnerabilities (KEV). In theory, this addition gives American microsoft sharepoint: urgent fixes critical new administrations 24 hours to apply the fixes.
Additional handling
The pirates microsoft sharepoint: urgent fixes critical seek above all to recover the cryptographic keys of the. SharePoint server. Known as Machinekeys. they include validationkey and DecryptionKey, which represent the foundation of confidence for state management mechanisms, including __ViewState tokens. The Toolshell channel allows the recovery of this information from memory or configuration. With this information. hackers can then create their own valid __Viewstate charges. signed by the Ysoserial tool which allows the generation of their own tokens.
After installing updates, Microsoft strongly advises to rotate the keys for SharePoint machines. The operation is manual and can be carried out via two methods.
The first is to use PowerShell and launch the command “CMDLET UPDATE-SPMACHINEKEY”. microsoft sharepoint: urgent fixes critical new It is by far the simplest.
The second passes through Central Admin and claims a greater number of steps. You have to go to microsoft sharepoint: urgent fixes critical Central Admin. then go to Monitoring -> Review Job Definition. There, you have to look for “Key Rotation Job” machine “and click on” Run Now “. After which, it will be necessary to restart IIS (Internet Information Services) to all SharePoint servers.
Microsoft also recommends checking the newspapers (logs). file systems to look for traces of an existing infection. In particular, we must seek the presence of the Spinstall0.aspx file present in C: Program ~ 1 Common ~ 1 Micros ~ 1 Webser ~ 1 16 Template Layouts. Another trace of contamination, the presence in the IIS newspapers of a post to _layouts/15/Toolpax? DisplayMode = Edit & A =/Toolpax microsoft sharepoint: urgent fixes critical new and A http Referer of _layouts/Signout.aspx.
Microsoft also gives a Defender request to automate the process:
microsoft sharepoint: urgent fixes criticaleviceFileEvents | where FolderPath has "MICROS~1WEBSER~116TEMPLATELAYOUTS" | where FileName =~ "spinstall0.aspx" or FileName has "spinstall0" | project Timestamp, DeviceName, InitiatingProcessFileName, InitiatingProcessCommandLine, FileName, FolderPath, ReportId, ActionType, SHA256 | order by Timestamp descFour days will have been enough
Microsoft sharepoint: urgent fixes critical new
What exactly happened? When publishing initial fixes by Microsoft on July 8, the researchers’ community considers a priori that the problem is solved. The details of the faults had not been disclosed by Viettel. the researcher at the origin of the discovery. Khoa Dinh, also announced that the problem was resolved on July 10, giving the name Toolshell to the microsoft sharepoint: urgent fixes critical new attack chain. He strongly encouraged the installation of fixes because the exploitation could be done by a single request.
On July 14, however, another security company gets involved: code White. Located in Germany, it announces on X to have reproduced the problem, confirming that a single request was necessary. Code White does not give the request, but publishes a capture in which certain details appear. Enough to put pirates on the track. In addition. on July 18. the researcher Soroush Dalili published other information, indicating having used Gemini to find the initial bypass of Khoa Dinh and rejoicing the use of AI in this area.
We do not know what precise information microsoft sharepoint: urgent fixes critical new was used. but the first attacks were recorded just a few hours later. This very rapid launch. the apparent absence of common features between the victims suggest that it is not an attack coordinated by a state actor. but more of an opportunistic attack by various groups and individuals. microsoft sharepoint: urgent fixes critical It would therefore be the result of the broadcasting of the farm.
Further reading: 9 serious reasons to crack for the LG OLED48G5 Premium delivered free of charge – What are the news provided by iOS 26? – Rumor: a direct Nintendo scheduled for late July, according to Nate the Hate – Von Dutch tries to drinks and spirits – Forty researchers call for monitoring the “thoughts” of AI systems.
Further reading: The price of the Samsung Galaxy S24 Ultra Tumbling during the Prime Day Amazon – First title for the Icelandic Ragga Kristinsdottir in Sweden, New Top 10 for Charlotte Liautier – Expertbook P3: Asus launches robust laptops designed for safety and productivity – The Elder Scrolls VI would already be playable internally – Casio launches affordable watches Edifice EFK-100 Automatic.
