Zero Day Security Updates Released by Microsoft to Address Active Exploits on SharePoint Servers

Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities CVE-2025-53771 that could allow a cyber attacker to trick SharePoint into giving access to files. The vulnerabilities have been partially addressed by the July Security Update. Customers are required to install the security updates immediately followed by the additional security measures described in this article.

Note: These vulnerabilities apply to on-premises SharePoint Servers only. SharePoint Online in Microsoft 365 is not impacted.

Mitigation
Microsoft has released security updates that protect customers using SharePoint Servers. Customers are required to apply these updates immediately to ensure they’re protected.

To mitigate potential attacks customers should:

1. Use supported versions of on-premises SharePoint Server
2. Apply the latest security updates, including the July 2025 Security Update
3. Ensure the Antimalware Scan Interface (AMSI) is turned on and configured correctly, with an appropriate antivirus solution such as Defender Antivirus
4. Deploy Microsoft Defender for Endpoint protection, or equivalent threat solutions
5. Rotate SharePoint Server ASP.NET machine keys

Conclusion
Helient strongly recommends customers be aware of the active exploits happening in On-Premise SharePoint Servers and take necessary actions to apply the zero-day security updates asap. If you would like more information or assistance, please contact our industry-leading experts at service@helient.com.