Microsoft vulnerability: hacker attacks on dozens of organizations!

Microsoft vulnerability: hacker attacks on dozens of organizations!

Things aren't always safe in the digital world, but now things are getting dicey: IT security experts are sounding the alarm about a newly discovered vulnerability in Microsoft SharePoint that is already affecting numerous organizations. Loud PZ News The first attacks were registered on Friday, July 20, 2025, and the US agency CISA warns that unauthorized access to local servers can be dangerously expanded.

The affected vulnerability, officially known as CVE-2025-53770, allows attackers to gain access to sensitive data through the SharePoint system and even execute arbitrary code. What is particularly alarming is that the vulnerability is being actively exploited in more than 75 organizations worldwide IT Boltwise reported. The security rating of this vulnerability is 9.8 - a clear indication of the severity of the threat.

What is behind the threat?

As the experts explain, CVE-2025-53770 is a variant of a previous vulnerability that was exploited in various attack scenarios. The “ToolShell” exploit allows access to sensitive information and the execution of attacks on local SharePoint servers. This can have serious consequences, as attackers can not only steal data, but also obtain digital keys that later give them renewed access to the affected systems.

The dangers are not just theoretical. In recent days, organizations including government agencies in the US have already fallen victim to these attacks. Microsoft has confirmed the security hole in a blog entry and promised an update to fix it, but until then experts advise taking quick action: “Isolate or shut down affected servers,” according to the recommendations. CISA also calls on companies and authorities to immediately check their systems and implement recommended security measures, such as configuring the Antimalware Scan Interface (AMSI).

Recommended actions for companies

How All About Security shows, affected companies should implement the following steps:

• Aktivieren des Antimalware Scan Interface (AMSI) für SharePoint.
• Implementierung des Microsoft Defender Antivirus auf allen SharePoint-Servern.
• Trennung betroffener Server vom Netzwerk, falls AMSI nicht konfiguriert werden kann.
• Überwachung spezifischer Datenverkehrsmuster und Scans nach bestimmten IP-Adressen.
• Umfassende Protokollierung zur Identifizierung von Exploit-Aktivitäten.

The scope of this threat remains to be studied in detail. Many companies are not yet adequately prepared for such attacks, but the current situation shows that cybersecurity is of utmost importance. Security experts are urging increased vigilance as the first signs of the attacks have already been detected and the trend could only increase, especially if suspicious activity is not detected in time.

Concerns about hacker attacks are more than justified, and time is running out for those who still have inadequate security measures. Stay vigilant and take the necessary measures to protect your data and systems. As a digital age, every individual and every company should be well prepared to assert themselves in this tense situation.