{"id":7171,"date":"2025-07-22T19:30:00","date_gmt":"2025-07-22T23:30:00","guid":{"rendered":"https:\/\/hostingdiscussion.com\/news\/?p=7171"},"modified":"2025-07-22T19:04:15","modified_gmt":"2025-07-22T23:04:15","slug":"sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections","status":"publish","type":"post","link":"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/","title":{"rendered":"SharePoint Servers under siege as zero-day exploit bypasses MFA protections"},"content":{"rendered":"<p data-start=\"314\" data-end=\"702\"><span id=\"input-sentence~0\">Attackers are currently exploiting a newly identified zero-day vulnerability in <a href=\"https:\/\/www.microsoft.com\/en-ph\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Microsoft<\/a> SharePoint Server\u2014CVE-2025-53770. This flaw enables threat actors to bypass multi-factor authentication controls and achieve remote, full system compromise. The vulnerability puts thousands of organizations at immediate risk, and security professionals have flagged the potential for large-scale disruption if the issue remains unaddressed.<\/span><span id=\"input-sentence~1\"><\/p>\n<p>Although Microsoft rushed out an emergency patch on July 20, researchers argue the fix falls short. In many deployments, especially those on-premises, the flaw continues to offer attackers a viable entry point. Notably, <a href=\"https:\/\/support.microsoft.com\/en-us\/office\/sign-in-to-sharepoint-324a89ec-e77b-4475-b64a-13a0c14c45ec\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">SharePoint Online<\/a> users under <a href=\"https:\/\/hostingdiscussion.com\/news\/microsoft-debuts-365-local-as-eu-pushes-for-tighter-data-control\/\">Microsoft 365<\/a> remain unaffected.<\/span><span id=\"input-sentence~2\"><\/p>\n<p>Security firm Eye Research, which first reported the issue, highlighted the significant attack surface. Many institutions\u2014including universities, hospitals, and government agencies\u2014depend on SharePoint\u2019s tight integration with Outlook, OneDrive, and Teams. Consequently, once attackers break through, they can leap across connected services and escalate their access with alarming speed.<\/span><span id=\"input-sentence~3\"><\/p>\n<p>Even more troubling is the exploit\u2019s connection to ToolShell, a well-established attack framework. Unlike conventional methods, ToolShell allows attackers to silently take over machines without requiring users to click, approve, or even notice anything. This capability transforms a single compromised server into a launchpad for deeper infiltration.<\/span><span id=\"input-sentence~4\"><\/p>\n<p>First things first: patch ASAP. Seriously, just do it. But don\u2019t get too comfortable after that. IT teams need to isolate any exposed servers, dig into network traffic for anything weird, and enable real-time endpoint monitoring. Because, let\u2019s be real, a patch alone won\u2019t stop a determined attacker.<\/span><span id=\"input-sentence~5\"> Layers, people. Layers.<\/p>\n<p>SharePoint isn\u2019t just another app\u2014it\u2019s the backbone of enterprise collaboration. When it\u2019s compromised, the whole operation\u2019s at risk. Microsoft\u2019s fix isn\u2019t the endgame yet, so security teams have to treat this like an active threat. Stay proactive, use every security control you\u2019ve got, and keep monitoring. No room for complacency here.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Attackers are currently exploiting a newly identified zero-day vulnerability in Microsoft SharePoint Server\u2014CVE-2025-53770. This flaw enables threat actors to bypass multi-factor authentication controls and achieve remote, full system compromise. The vulnerability puts thousands of organizations at immediate risk, and security professionals have flagged the potential for large-scale disruption if the issue remains unaddressed. Although Microsoft [&hellip;]<\/p>\n","protected":false},"author":20624,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[71],"tags":[2545,4045,672,140,4043,4046,4044],"class_list":["post-7171","post","type-post","status-publish","format-standard","hentry","category-featured","tag-cyberattacks","tag-eye-research","tag-it","tag-microsoft","tag-sharepoint-servers","tag-toolshell","tag-zero-day-exploit"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SharePoint Servers under siege as zero-day exploit bypasses MFA protections - Web Hosting News<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SharePoint Servers under siege as zero-day exploit bypasses MFA protections - Web Hosting News\" \/>\n<meta property=\"og:description\" content=\"Attackers are currently exploiting a newly identified zero-day vulnerability in Microsoft SharePoint Server\u2014CVE-2025-53770. This flaw enables threat actors to bypass multi-factor authentication controls and achieve remote, full system compromise. The vulnerability puts thousands of organizations at immediate risk, and security professionals have flagged the potential for large-scale disruption if the issue remains unaddressed. Although Microsoft [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/\" \/>\n<meta property=\"og:site_name\" content=\"Web Hosting News\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-22T23:30:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-22T23:04:15+00:00\" \/>\n<meta name=\"author\" content=\"Justine Juyad\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Justine Juyad\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/\",\"url\":\"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/\",\"name\":\"SharePoint Servers under siege as zero-day exploit bypasses MFA protections - Web Hosting News\",\"isPartOf\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#website\"},\"datePublished\":\"2025-07-22T23:30:00+00:00\",\"dateModified\":\"2025-07-22T23:04:15+00:00\",\"author\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3\"},\"breadcrumb\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/hostingdiscussion.com\/news\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SharePoint Servers under siege as zero-day exploit bypasses MFA protections\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#website\",\"url\":\"https:\/\/hostingdiscussion.com\/news\/\",\"name\":\"Web Hosting News\",\"description\":\"Cloud and web hosting industry daily news\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/hostingdiscussion.com\/news\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3\",\"name\":\"Justine Juyad\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g\",\"caption\":\"Justine Juyad\"},\"description\":\"HostingDiscussion.com senior reporter\",\"sameAs\":[\"https:\/\/hostingdiscussion.com\/news\/\"],\"url\":\"https:\/\/hostingdiscussion.com\/news\/author\/justine-juyad\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SharePoint Servers under siege as zero-day exploit bypasses MFA protections - Web Hosting News","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/","og_locale":"en_US","og_type":"article","og_title":"SharePoint Servers under siege as zero-day exploit bypasses MFA protections - Web Hosting News","og_description":"Attackers are currently exploiting a newly identified zero-day vulnerability in Microsoft SharePoint Server\u2014CVE-2025-53770. This flaw enables threat actors to bypass multi-factor authentication controls and achieve remote, full system compromise. The vulnerability puts thousands of organizations at immediate risk, and security professionals have flagged the potential for large-scale disruption if the issue remains unaddressed. Although Microsoft [&hellip;]","og_url":"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/","og_site_name":"Web Hosting News","article_published_time":"2025-07-22T23:30:00+00:00","article_modified_time":"2025-07-22T23:04:15+00:00","author":"Justine Juyad","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Justine Juyad","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/","url":"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/","name":"SharePoint Servers under siege as zero-day exploit bypasses MFA protections - Web Hosting News","isPartOf":{"@id":"https:\/\/hostingdiscussion.com\/news\/#website"},"datePublished":"2025-07-22T23:30:00+00:00","dateModified":"2025-07-22T23:04:15+00:00","author":{"@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3"},"breadcrumb":{"@id":"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostingdiscussion.com\/news\/sharepoint-servers-under-siege-as-zero-day-exploit-bypasses-mfa-protections\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostingdiscussion.com\/news\/"},{"@type":"ListItem","position":2,"name":"SharePoint Servers under siege as zero-day exploit bypasses MFA protections"}]},{"@type":"WebSite","@id":"https:\/\/hostingdiscussion.com\/news\/#website","url":"https:\/\/hostingdiscussion.com\/news\/","name":"Web Hosting News","description":"Cloud and web hosting industry daily news","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostingdiscussion.com\/news\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3","name":"Justine Juyad","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g","caption":"Justine Juyad"},"description":"HostingDiscussion.com senior reporter","sameAs":["https:\/\/hostingdiscussion.com\/news\/"],"url":"https:\/\/hostingdiscussion.com\/news\/author\/justine-juyad\/"}]}},"views":416,"_links":{"self":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/7171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/users\/20624"}],"replies":[{"embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/comments?post=7171"}],"version-history":[{"count":1,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/7171\/revisions"}],"predecessor-version":[{"id":7172,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/7171\/revisions\/7172"}],"wp:attachment":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/media?parent=7171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/categories?post=7171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/tags?post=7171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}