Microsoft SharePoint vulnerability: Why MS has released a ‘zero-day’ urgent update and who is at risk

After confirming that the defect has been actively exploited by the company’s businesses and pirates targeting US state institutions, the SharePoint software published an emergency patch for a critical “zero -day” fragility. The company confirmed the security vulnerability and published the correction between July 19-20, while security agencies advised the affected organizations to allocate non-internet servers.

What is SharePoint Zero Day Safety Vulnerability?

The vulnerability in Microsoft SharePoint is a kind of zero -day defect. Zero -daily security vulnerabilities refer to the unknown security problems that attackers can use before having time to publish a correction. Microsoft Sharepoint is widely used by organizations for internal file sharing, team cooperation and document management.
In a warning on Saturday, July 19, Microsoft confirmed that the vulnerability was already exploited. One day later, on Sunday, July 20, the company issued guidance to apply security patches to the SharePoint Server 2019 and Sharepoint Server subscription version. Microsoft said he’s still working on a patch for Sharepoint Server 2016.

Microsoft SharePoint: Old servers are still at risk

Microsoft’s correction is currently only involved in just new versions of the software. SharePoint Server 2016 users will be released until a patch is developed. Experts warn that any organization that operates in -house Sharepoint servers should urgently handle the situation.

Crowdstrike Senior Vice President Adam Meyers, Crowdstrike Firms, said to Associated Press, “Everyone who has a sharein server has a problem.” “This is an important vulnerability.”

When did the attacks begin?

According to the eye safety of the cyber security company, the attackers may have started to benefit from a security vulnerability in an early time, such as July 18th. The company found that it has been globally scanned by more than 8,000 Sharepoint servers and at least dangerously dangerously. Security researchers described the “vehicle coast ılan, which was reported to have allowed the attackers to have full access to Sharepoint file systems. Like Microsoft Teams and OneDrive, services integrated with SharePoint are also at risk. Google’s threat intelligence group warned that the defect could even provide the attackers to “skip the future patch”.

Government warning and proposed action

The US Cyber Security and Infrastructure Security Agency (CISA) described the abuse as a “current fragile Cve-2025-49706” and threatened its organizations using in-house Sharepoint servers. Agency, affected organizations, the influence of the violation may be common, he said.