Microsoft has issued updates for SharePoint Server 2016 to address significant vulnerabilities that permit hackers to impersonate users or services. This patch follows previous updates for SharePoint Server 2019 and SharePoint Server Subscription Edition. Notably, two zero-day vulnerabilities, CVE-2025-53770 and CVE-2025-53771, have raised alarms, especially as active attacks targeting on-premises SharePoint Servers have been detected. Tens of thousands of servers, particularly those belonging to US federal and state agencies, remain at risk until fully patched.
The vulnerability allows hackers to impersonate users or services even after the SharePoint server is patched, maintaining access post-security measures.
Attackers found ways to bypass Microsoft's patches for other flaws in the July Patch Tuesday updates, leading to serious security concerns.
Microsoft has issued an emergency patch on July 21 to address two zero-day vulnerabilities, CVE-2025-53770 and CVE-2025-53771.
Tens of thousands of servers, including those of US federal and state agencies, were reported at risk, particularly affecting on-premises SharePoint servers.
Collection
[
|
...
]