Close Menu
Truth Republican
  • Home
  • News
  • Politics
  • Business
  • Guns & Gear
  • Healthy Tips
  • Prepping & Survival
  • Videos
Facebook X (Twitter) Instagram
Truth Republican
  • Home
  • News
  • Politics
  • Business
  • Guns & Gear
  • Healthy Tips
  • Prepping & Survival
  • Videos
Newsletter
Truth Republican
You are at:Home»News»Microsoft SharePoint bug puts critical government agencies at risk
News

Microsoft SharePoint bug puts critical government agencies at risk

Buddy DoyleBy Buddy DoyleAugust 3, 2025No Comments5 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
Microsoft SharePoint bug puts critical government agencies at risk
Share
Facebook Twitter LinkedIn Pinterest Email

NEWYou can now listen to Fox News articles!

Hackers are actively exploiting a new zero-day bug in Microsoft’s SharePoint Server software. The same software is used by key U.S. government agencies, including those tied to national security. 

The vulnerability affects on-premise versions of SharePoint, allowing attackers to break into systems, steal data and quietly move through connected services. While the cloud version is unaffected, the on-premise version is widely used by major U.S. agencies, universities and private companies. That puts far more than just internal systems at risk.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

NATIONAL SECURITY EXPERTS RAISE CONCERNS AFTER MICROSOFT PROGRAM EXPOSED AS POSSIBLE AVENUE FOR CHINESE SPYING

SharePoint zero-day: What you need to know about the exploit

The exploit was first identified by cybersecurity firm Eye Security July 18. Researchers say it stems from a previously unknown vulnerability chain that can give attackers full control of vulnerable SharePoint servers without needing any credentials. The flaw lets them steal machine keys used to sign authentication tokens, meaning attackers can impersonate legitimate users or services even after a system is patched or rebooted.

According to Eye Security, the vulnerability appears to be based on two bugs demonstrated at the Pwn2Own security conference earlier this year. While those exploits were initially shared as proof-of-concept research, attackers have now weaponized the technique to target real-world organizations. The exploit chain has been dubbed “ToolShell.”

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

How the SharePoint vulnerability lets hackers access Microsoft services

Once inside a compromised SharePoint server, hackers can access connected Microsoft services. These include Outlook, Teams and OneDrive. This puts a wide range of corporate data at risk. The attack also allows hackers to maintain long-term access. They can do this by stealing cryptographic material that signs authentication tokens. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to act. It recommends checking systems for signs of compromise and isolating vulnerable servers from the internet.

Early reports confirmed about 100 victims. Now, researchers believe attackers have compromised more than 400 SharePoint servers worldwide. However, this number refers to servers, not necessarily organizations. According to reports, the number of affected groups is growing rapidly. One of the highest-profile targets is the National Nuclear Security Administration (NNSA). Microsoft confirmed it was targeted but has not confirmed a successful breach.

Other affected agencies include the Department of Education, Florida’s Department of Revenue and the Rhode Island General Assembly.

microsoft hackers 2

Microsoft confirms SharePoint exploit and releases patches

Microsoft confirmed the issue, disclosing that it was aware of “active attacks” exploiting the vulnerability. The company has released patches for SharePoint Server 2016, SharePoint Server 2019 and SharePoint Subscription Edition. Patches for all supported on-prem versions were issued as of July 21.

What you should do about the SharePoint security risk

If you’re part of a business or organization that runs its own SharePoint servers, especially older on-premise versions, your IT or security team should take this seriously. Even if a system is patched, it could still be at risk if machine keys were stolen. Administrators should also rotate cryptographic keys and audit authentication tokens. For the general public, there’s no action needed right now since this issue doesn’t affect cloud-based Microsoft accounts like Outlook.com, OneDrive or Microsoft 365. But it’s a good reminder to stay cautious online.

microsoft hackers 3

What you should do about the SharePoint security risk

If your organization uses on-premise SharePoint servers, take the following steps right away to reduce risk and limit potential damage:

1. Disconnect vulnerable servers: Take unpatched SharePoint servers offline immediately to prevent active exploitation.

2. Install available updates: Apply Microsoft’s emergency patches for SharePoint Server 2016, 2019 and Subscription Edition without delay.

3. Rotate authentication keys: Replace all machine keys used to sign authentication tokens. These may have been stolen and can allow ongoing access even after patching.

4. Scan for compromise: Check systems for signs of unauthorized access. Look for abnormal login behavior, token misuse or lateral movement within the network.

5. Enable security logging: Turn on detailed logging and monitoring tools to help detect suspicious activity going forward.

6. Review connected services: Audit access to Outlook, Teams and OneDrive for signs of suspicious behavior linked to the SharePoint breach.

7. Subscribe to threat alerts: Sign up for advisories from CISA and Microsoft to stay updated on patches and future exploits.

8. Consider migration to the cloud: If possible, transition to SharePoint Online, which offers built-in security protection and automatic patching.

9. Strengthen passwords and use two-factor authentication: Encourage employees to stay vigilant. Even though this exploit targets organizations, it’s a good reminder to enable two-factor authentication (2FA) and use strong passwords. Create strong passwords for all your accounts and devices, and avoid using the same password for multiple online accounts. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords

Kurt’s key takeaway

This SharePoint zero-day shows how fast research can turn into real attacks. What started as a proof-of-concept is now hitting hundreds of real systems, including major government agencies. The scariest part isn’t just the access it gives but how it lets hackers stay hidden even after you patch. 

Should there be stricter rules around using secure software in government? Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com.  All rights reserved.  

Read the full article here

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleFCC seeks to shift power from national programmers to local broadcasters in public interest push
Next Article White House economist backs Trump firing Labor stats head, hits ‘partisan pattern’ in jobs data: ‘Propaganda’

Related Articles

Florida woman arrested for unlicensed dental work allegedly used superglue on victims’ teeth: police

Florida woman arrested for unlicensed dental work allegedly used superglue on victims’ teeth: police

August 24, 2025
British foreign secretary lands in hot water after fishing trip with JD Vance

British foreign secretary lands in hot water after fishing trip with JD Vance

August 24, 2025
Micah Parsons’ antics during preseason finale spark controversy, fuel Cowboys contact drama

Micah Parsons’ antics during preseason finale spark controversy, fuel Cowboys contact drama

August 24, 2025
America’s last surviving WWII ace Navy fighter pilot Donald McPherson dies at 103 years old

America’s last surviving WWII ace Navy fighter pilot Donald McPherson dies at 103 years old

August 24, 2025
Country star Ronnie McDowell told son he was ‘having a stroke’ during live performance

Country star Ronnie McDowell told son he was ‘having a stroke’ during live performance

August 24, 2025
Men In Ski Masks Impersonate Officers, Shot Dead By Armed Homeowner

Men In Ski Masks Impersonate Officers, Shot Dead By Armed Homeowner

August 23, 2025
Smoke from unknown passenger device forces emergency landing of American Airlines flight to Washington-Dulles

Smoke from unknown passenger device forces emergency landing of American Airlines flight to Washington-Dulles

August 23, 2025
Detroiters largely stand by Biden over Trump when comparing presidencies

Detroiters largely stand by Biden over Trump when comparing presidencies

August 23, 2025
Kate Gosselin slams rumors she stole her children’s college funds

Kate Gosselin slams rumors she stole her children’s college funds

August 23, 2025
Don't Miss
Florida woman arrested for unlicensed dental work allegedly used superglue on victims’ teeth: police

Florida woman arrested for unlicensed dental work allegedly used superglue on victims’ teeth: police

British foreign secretary lands in hot water after fishing trip with JD Vance

British foreign secretary lands in hot water after fishing trip with JD Vance

Micah Parsons’ antics during preseason finale spark controversy, fuel Cowboys contact drama

Micah Parsons’ antics during preseason finale spark controversy, fuel Cowboys contact drama

Unauthorized immigrant population soared to an all-time high under Biden, new report shows

Unauthorized immigrant population soared to an all-time high under Biden, new report shows

Latest News
Meet Joe Gruters, the Trump ally now at the helm of Republican National Committee

Meet Joe Gruters, the Trump ally now at the helm of Republican National Committee

August 24, 2025
Country star Ronnie McDowell told son he was ‘having a stroke’ during live performance

Country star Ronnie McDowell told son he was ‘having a stroke’ during live performance

August 24, 2025
Men In Ski Masks Impersonate Officers, Shot Dead By Armed Homeowner

Men In Ski Masks Impersonate Officers, Shot Dead By Armed Homeowner

August 23, 2025
European, Asian postal services halt shipments to US after end of de minimis tariff exemption

European, Asian postal services halt shipments to US after end of de minimis tariff exemption

August 23, 2025
Virginia leaders rebuke racist sign targeting GOP gubernatorial candidate Winsome Earle-Sears: ‘Repulsive’

Virginia leaders rebuke racist sign targeting GOP gubernatorial candidate Winsome Earle-Sears: ‘Repulsive’

August 23, 2025
Copyright © 2025. Truth Republican. All rights reserved.
  • Privacy Policy
  • Terms of use
  • Contact

Type above and press Enter to search. Press Esc to cancel.