Microsoft has announced the release of emergency security updates for its SharePoint work management platform due to identified vulnerabilities that may lead to data compromise.
Overview of SharePoint Vulnerabilities
Microsoft has released emergency patches to address vulnerabilities in its SharePoint software, which have already led to user data attacks. The vulnerabilities affect on-premises SharePoint software and not the cloud version SharePoint 365. The patches are targeted at 'SharePoint Server Subscription Edition,' 'SharePoint Server 2019,' and 'SharePoint Server 2016.'
Attacks and their Consequences
The vulnerabilities labeled CVE-2025-53770 and CVE-2025-53771 were revealed in a blog by Eye Security. It was noted that 'Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.' The cyber-attacks have impacted governments, businesses, and universities worldwide.
SharePoint Statistics and Security Issues
According to Microsoft, over 200,000 organizations and 190 million people use SharePoint for content management, team sites, and intranets. In 2024, Microsoft faced scrutiny from the United States Congress due to a series of security vulnerabilities that jeopardized some federal officials' emails.
The patches for SharePoint are a necessary step to protect users from ongoing attacks, however, security concerns remain a prominent issue for Microsoft.