–Michael Lyles, B1Daily

State agencies and businesses using Microsoft’s sharepoint server and proprietary software experienced a recent surge in vulnerability exploits.

Attackers appear to be bypassing security credentials and other security measures like SSO or MFA in order to gain access to the wider network. 

The shortcoming is a spoofing flaw in SharePoint (CVE-2025-53771, CVSS score: 7.1). Viettel Cyber Security and an anonymous researcher has been credited with discovering and reporting the bug, and on Sunday night Microsoft released a series of security patches aimed at remedying the problem.

“Improper limitation of a pathname to a restricted directory (‘path traversal’) in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network,” 

“The update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704,” the company continued. “The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706.” Microsoft said in an advisory released on July 20, 2025.

B1 Daily advises any of its readers who use Sharepoint or Microsoft Office 365 Suite to only use supported versions of on-premises SharePoint Server (SharePoint Server 2016, 2019, and SharePoint Subscription Edition) and to run the security update. Lastly ensure the Antimalware Scan Interface (AMSI) is turned on, running in ‘Full Mode’ is optional but recommended to run for a full protective boot.

The bigger issue is the hackers’ deployment of backdoor routes for future exploits. Microsoft stupidly integrated Sharepoint server access and back-end code onto several of its other products like Office, Teams, OneDrive and Outlook. 

This may end up being a network wide hack for Microsoft, stay on the lookout for more updates.

–Michael Lyles, B1Daily