URGENT SECURITY ALERT: SharePoint Server

URGENT SECURITY ALERT: SharePoint Server

Vulnerability Under Active Attack – 07/21/2025 

Microsoft has issued a critical alert regarding active attacks targeting on-premises SharePoint Server software. These attacks exploit a newly discovered "zero-day" vulnerability, meaning it was previously unknown to Microsoft and the public. 

What you need to know: 

    • Impacted software: The vulnerability affects SharePoint Servers used by organizations to share documents internally. 

    • Not affected: SharePoint Online in Microsoft 365 (cloud-based) is not impacted by these attacks. 

    • The threat: This "spoofing" vulnerability could allow an unauthorized attacker to impersonate a trusted identity on your network. 

    • Who is affected: Government agencies and businesses globally have been targeted. 

    • Coordination: Microsoft is closely coordinating with agencies like CISA and the DOD Cyber Defense Command in their response. 

Microsoft is urging customers to apply security updates immediately. 

    • Apply security updates: If you are running an on-premise SharePoint Server, it is crucial to install the latest security updates as soon as possible. 

    • Disconnect from internet (if updates not possible): For those unable to apply the recommended updates, Microsoft advises disconnecting your SharePoint servers from the internet until a security update can be installed. 

    • Older versions: Microsoft is also working on updates for SharePoint 2016 and 2019 versions. 

We understand the urgency of this situation and recommend that all affected customers prioritize these security measures. If you have any questions or require assistance, please contact Team Venti support at support@teamventi.com.

    • Related Articles

    • Add users to a SharePoint Online Site

      Adding members to a Sharepoint site is necessary so they can have access to that site and its information. Upon creating a new user and assigning a Sharepoint license, the user will be able to access Sharepoint, but will only see public sites. See ...
    • Disable 'Sync' in SharePoint Document Libraries

      Go to the Office 365 settings on the top right corner. Then, select the 'Site settings' option in the drop-down menu. Scroll down to the Search section, then select ''Search and online availability'' Once in this page, select no in the ''Allow items ...
    • Admin roles in Office 365

      Assign admin roles in Office 365 for business. As the person who purchased your Office 365 business subscription, you are the global administrator. This means you have complete control over the Office 365 suite of products. To help you manage Office ...
    • Microsoft 365 GDAP Relationship Expirations

      What is GDAP (Granular Delegated Admin Privileges)? Granular Delegated Admin Privileges (GDAP) is a Microsoft security framework that enables authorized partners to access and manage a customer's Microsoft 365 environment securely. GDAP helps ensure ...
    • Overview

      If you're new to Teams, watch this short video, Welcome to Teams. Teams is built on Office 365 groups, Office Graph, and the same enterprise-level security, compliance, and manageability as the rest of Office 365. Teams leverages identities stored in ...