<div id="readability-page-1"><div><div>Microsoft Corp MSFT has issued a critical warning regarding ongoing attacks on on-premises SharePoint servers, urging organizations to apply newly released security updates immediately.The alert, published July 19 by the Microsoft Security Response Center, highlights active exploitation of two key vulnerabilities—a spoofing flaw and a remote code execution flaw—by state-linked threat actors.These vulnerabilities do not impact SharePoint Online hosted on Microsoft 365.The new updates cover supported versions of SharePoint Server, including Subscription Edition, 2019, and 2016.Also Read: Microsoft Raids Google DeepMind To Supercharge AI Copilot, Even As Redmond Cuts 9,000 Jobs Elsewhere: ReportMicrosoft emphasized that the patches also address additional related flaws—CVE-2025-53770 and a bypass vulnerability CVE-2025-53771—providing a more comprehensive security fix.Microsoft attributed the exploitation campaigns to three China-based threat actors: Linen Typhoon, Violet Typhoon, and Storm-2603.According to the company, these groups have been actively targeting internet-facing SharePoint servers since at least July 7.The attacks observed involve sending a specially crafted POST request to the SharePoint server’s ToolPane endpoint, allowing threat actors to upload malicious ASP.NET scripts—often named variations of &#34;spinstall0.aspx.&#34;These scripts enable the extraction of MachineKey data through GET requests, which supports deeper compromise of the target systems. Microsoft has published indicators of compromise (IOCs) and threat-hunting queries to assist defenders in identifying such activities.Linen Typhoon, active since 2012, has previously targeted government and defense sectors for intellectual property theft. Violet Typhoon, active since 2015, focuses on espionage involving NGOs, media, and educational institutions. Storm-2603, a separate Chinese actor, has previously been linked to ransomware deployment, although its current motives remain unclear.<div><div>Trending Investment Opportunities</div></div>Microsoft continues to monitor the situation and urges administrators to respond quickly. It warns that delayed patching could leave systems vulnerable to expanding campaigns.A security update released by Microsoft this month did not completely fix a serious flaw in its SharePoint server software, according to a timeline seen by Reuters. This left systems vulnerable to a major global cyber spying campaign.On Tuesday, a Microsoft spokesperson admitted the original patch—based on a flaw discovered during a hacker competition in May—was ineffective.However, the company said it has since released additional updates that fully address the problem.It's still unknown who carried out the spying, which affected around 100 organizations.The security flaw used in the attack was first discovered in May during a hacking competition in Berlin hosted by cybersecurity company Trend Micro. The event offered cash rewards for finding bugs in widely used software.At the competition, a researcher from Viettel—a telecom company owned by Vietnam's military—found a bug in Microsoft SharePoint. He called it “ToolShell” and showed how it could be used to launch an attack.Price Action: MSFT stock is down 0.64% at $502.05 at the last check on Wednesday.<ul> <li>Boeing Just Supercharged Global Internet With New Satellites</li> </ul>Photo: Shutterstock</div></div></div>

MSFT

MSFL

MSFO

MSFD

MSFU

MSFX

MSFY

Microsoft has issued a critical warning about ongoing attacks targeting on-premises SharePoint servers, urging immediate application of security updates. The vulnerabilities, exploited by state-linked actors, include a spoofing flaw and a remote code execution flaw. Microsoft has released updates for SharePoint Server versions 2016, 2019, and Subscription Edition. The company attributed the attacks to three China-based groups: Linen Typhoon, Violet Typhoon, and Storm-2603. Delayed patching could leave systems vulnerable, and Microsoft continues to monitor the situation. MSFT stock is down 0.64% at $502.05.

- Microsoft Corp has issued a warning about ongoing attacks on on-premises SharePoint servers, urging immediate application of security updates.  
- The vulnerabilities, exploited by state-linked threat actors, do not affect SharePoint Online and include a spoofing flaw and a remote code execution flaw.  
- Microsoft has attributed the attacks to three China-based groups and emphasized the importance of timely patching to prevent further exploitation.

Microsoft Warns Of Active Exploits Targeting SharePoint Vulnerabilities