Sign up to save your podcasts
Or
Share Emergency SharePoint RCE Warning – CVE-2025-53770 & CVE-2025-53771 Under Active Exploit
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Emergency SharePoint RCE Warning – CVE-2025-53770 & CVE-2025-53771 Under Active Exploit
This week on IT SPARC Cast – CVE of the Week, John and Lou sound the alarm on two critical zero-day vulnerabilities impacting on-premise Microsoft SharePoint servers: CVE-2025-53770 and CVE-2025-53771. Exploited via a chained attack called “ToolShell,” these flaws enable unauthenticated remote code execution (RCE). Nation-state attackers, particularly Chinese APTs, are already exploiting these vulnerabilities, targeting government and infrastructure networks slow to patch. If you’re running SharePoint 2016, 2019, or Subscription Edition on-prem, your window for action is closing fast.
We break down Microsoft’s emergency guidance—including patching beyond last Patch Tuesday, rotating cryptographic keys, enabling AMSI & Defender, auditing for compromise, and cutting off Internet access immediately if patching isn’t feasible. With some organizations still dangerously unpatched, this episode is a must-listen for IT professionals and enterprise defenders. If your SharePoint instance is Internet-facing and not yet patched, assume it’s compromised and begin incident response now.
Links:
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
https://www.tomsguide.com/computing/online-security/microsoft-releases-emergency-security-updates-to-fix-sharepoint-zero-day-flaws-everything-you-need-to-know
https://www.windowscentral.com/software-apps/were-witnessing-an-urgent-and-active-threat-microsoft-sharepoint-toolshell-vulnerability-is-being-attacked-globally
🔒 Keywords: SharePoint RCE exploit, CVE-2025-53770, CVE-2025-53771, ToolShell vulnerability, Microsoft SharePoint security, SharePoint emergency patch, nation-state cyberattacks, enterprise IT security, zero-day vulnerabilities, CVE of the week podcast
⸻
🔗 Social Links:
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/
Hosted on Acast. See acast.com/privacy for more information.
View all episodes
By John BargerThis week on IT SPARC Cast – CVE of the Week, John and Lou sound the alarm on two critical zero-day vulnerabilities impacting on-premise Microsoft SharePoint servers: CVE-2025-53770 and CVE-2025-53771. Exploited via a chained attack called “ToolShell,” these flaws enable unauthenticated remote code execution (RCE). Nation-state attackers, particularly Chinese APTs, are already exploiting these vulnerabilities, targeting government and infrastructure networks slow to patch. If you’re running SharePoint 2016, 2019, or Subscription Edition on-prem, your window for action is closing fast.
We break down Microsoft’s emergency guidance—including patching beyond last Patch Tuesday, rotating cryptographic keys, enabling AMSI & Defender, auditing for compromise, and cutting off Internet access immediately if patching isn’t feasible. With some organizations still dangerously unpatched, this episode is a must-listen for IT professionals and enterprise defenders. If your SharePoint instance is Internet-facing and not yet patched, assume it’s compromised and begin incident response now.
Links:
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
https://www.tomsguide.com/computing/online-security/microsoft-releases-emergency-security-updates-to-fix-sharepoint-zero-day-flaws-everything-you-need-to-know
https://www.windowscentral.com/software-apps/were-witnessing-an-urgent-and-active-threat-microsoft-sharepoint-toolshell-vulnerability-is-being-attacked-globally
🔒 Keywords: SharePoint RCE exploit, CVE-2025-53770, CVE-2025-53771, ToolShell vulnerability, Microsoft SharePoint security, SharePoint emergency patch, nation-state cyberattacks, enterprise IT security, zero-day vulnerabilities, CVE of the week podcast
⸻
🔗 Social Links:
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/
Hosted on Acast. See acast.com/privacy for more information.