Threat alert – Microsoft SharePoint

  • Threat

– Date: 22nd of July –

📢 Threat Alert – Microsoft SharePoint – 🚨 Critical Security Alert! 🚨 

Don’t let CVE-2025-53770 slip through the cracks. A critical vulnerability is being actively exploited as part of the ToolShell campaign. This affects on-premise SharePoint servers only. Here’s how to protect your SharePoint environment! 🔐📌

What’s going on?

⚠️ This vulnerability stems from the deserialization of untrusted data, allowing a remote, unauthenticated attacker to execute arbitrary code over the network.

⚠️ It is actively being exploited in the wild as part of a known campaign called ToolShell.

⚠️ Affected products and versions:

ProductAffected VersionMitigation
Microsoft SharePoint Server Subscription EditionVersions before (<) 16.0.18526.20508Apply Security Update KB5002768
Microsoft SharePoint Server 2016Versions before (<) 16.0.5513.1001Apply Security Update KB5002760
Microsoft SharePoint Server 2019Versions before (<) 16.0.10417.20037Apply Security Update KB5002754

Why is this a problem?

❗ The vulnerability enables remote code execution without authentication, attackers don’t need credentials to get started.

❗ Since it is being actively exploited, organizations are at immediate risk, especially if security patches are not applied.

❗ Once exploited, threat actors may attempt to escalate privileges, move laterally, and exfiltrate data from your network.

How does Nynox protect its customers?

🔹 Free threat hunting based on ToolShell campaign IOCs.
🔹 Custom detection scenarios across logs (Windows, Firewalls, M365, etc.).
🔹 24×7 Incident Response (CSIRT) availability.
🔹 24×7 monitoring of SharePoint environments.
🔹 If you’re using SentinelOne via Nynox, our XDR helps block many of these attack techniques.

What can you do to mitigate the attack?

✅ Apply the latest SharePoint patches based on your version.
✅ Reference Microsoft’s official updates: KB5002768, KB5002760, KB5002754.
✅ Review system and application logs for available indicators.

But what if you can’t?

🛡️ Isolate vulnerable systems from the internet and limit exposure.
🛡️ Use network security controls (VPN, firewall rules).

In need of assistance?

We’re here for you! Nynox has a dedicated team of cybersecurity experts who can help you remediate this threat.

Contact us today

More insights

Gain valuable insights from our team of cybersecurity experts.

  • Threat

Threat alert – SonicWall SonicOS SSL VPN

Read more
Smarter SOC with Nynox and Tenable: handling incidents
  • Blog

Proactive Defense: Tenable’s Role in our SOC’s Incident Prevention Strategy

Read more
  • Blog

Webinar: Check Point from a SOC perspective

Read more
Back to overview
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.