share-point-vulnerability-server-microsoft-zero-day-Kotori-tech-IT-MSP-cybersecuirty

ZERO DAY

MICROSOFT ISSUES URGENT ALERT ON ACTIVE EXPLOITS

NBC News reported on Saturday that Microsoft issued a critical security alert about active attacks targeting on-premises SharePoint servers. Government agencies and businesses use this software to share documents internally. Attackers are exploiting a zero-day vulnerability, one that no one had previously discovered or patched, putting tens of thousands of servers at risk.

Microsoft confirmed that SharePoint Online, part of Microsoft 365, remains unaffected. The threat only impacts SharePoint Server 2016, 2019, and Subscription Edition.

AFFECTED SYSTEMS

Impacted:

  • SharePoint Server 2016
  • SharePoint Server 2019
  • SharePoint Server Subscription Edition

Not Impacted:

  • SharePoint Online (Microsoft 365)

Note: Kotori Technologies clients remain unaffected because none of them use on-premises SharePoint Server deployments.

WHY THIS COUNTS AS A ZERO-DAY THREAT

A “zero-day” attack occurs when attackers exploit a vulnerability before anyone releases a patch, giving organizations no time to prepare. This incident follows Microsoft’s previous security lapse, where a government panel blamed the company for enabling a Chinese hack of U.S. government emails, including those of then-Commerce Secretary Gina Raimondo.

THREAT DETAILS

This vulnerability enables authorized attackers to spoof identities over a network. In such attacks, they impersonate trusted users, systems, or websites—potentially manipulating sensitive data or gaining unauthorized access.

Microsoft worked with the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Defense Cyber Defense Command, and other global cybersecurity partners to respond. The company released security updates and urged customers to apply them immediately.

FBI RESPONSE

The FBI acknowledged the attacks on Sunday and began collaborating with federal and private-sector partners. They have not released further details yet.

KOTORI TECHNOLOGIES’ RECOMMENDATIONS

Kotori Technologies urges all organizations using SharePoint Server to take the following actions immediately:

RECOMMENDED ACTIONS

  • Apply Microsoft’s July 2025 Security Updates for SharePoint 2019 and Subscription Edition.
  • Rotate ASP.NET machine keys to block spoofing attempts.
  • Enable AMSI (Antimalware Scan Interface) and verify antivirus configurations.
  • Deploy Sophos MDR Complete or a similar threat detection solution.
  • Disconnect SharePoint 2016 servers from the internet if updates remain unavailable.

WHY THIS MATTERS

Spoofing attacks can cause serious damage. Attackers who pose as trusted entities can manipulate financial systems, steal sensitive data, or disrupt operations. This vulnerability poses a severe risk because attackers exploited it before Microsoft released a patch—making it a textbook zero-day threat.

SPOOFING ATTACKS CAN RESULT IN:

  • Unauthorized access to internal systems and documents
  • Manipulation of financial or operational data
  • Loss of trust in internal communications and workflows

CONCLUSION

If your organization uses SharePoint Server, take immediate action.

Contact Kotori Technologies to schedule a vulnerability assessment and ensure your systems stay patched and protected.

Related Posts