Skip to content

Attacks targeting on-premises SharePoint servers

Picture of By Jordan

Microsoft has become aware of vulnerabilities:
CVE-2025-49706 (spoofing)
CVE-2025-49704 (remote code execution)
CVE-2025-53770 and CVE-2025-53771(disclosed vulnerabilities)

Read more here.

Microsoft has released updates to supported versions of SharePoint Server (Subscription Edition, 2019 and 2016). Please apply these updates immediately.

To mitigate any risks please;

  • Use supported versions of on-premises SharePoint Server.
  • Apply the latest security updates, including the July 2025 security update.
  • Ensure the Antimalware Scan Interface (AMSI) is turned on and configured correctly, with an appropriate antivirus solution, such as Antivirus Microsoft Defender.
  • Deploy Microsoft Defender for Endpoint protection or equivalent threat solutions.
  • Rotate SharePoint Server ASP.NET machine keys.
This attack highlights the threat protection, automatic patching, updates and reduced infrastructure that SharePoint Online brings, it isn't affected. If you are not on a supported version, please get in touch with us and we can discuss getting you moved to SharePoint Online.