Microsoft Unveils Comprehensive Patch Guidance for All SharePoint Server Remote Vulnerabilities

Microsoft Unveils Comprehensive Patch Guidance for All SharePoint Server Remote Vulnerabilities

Microsoft Addresses Critical SharePoint Vulnerability: CVE-2025-53770

This morning, Microsoft issued an alert regarding a significant vulnerability in SharePoint that cybercriminals are actively exploiting. Designated CVE-2025-53770, this security flaw permits unauthorized users to remotely execute arbitrary code on on-premises SharePoint servers without requiring authentication.

Overview of Vulnerabilities and Patch Status

The Microsoft Defender Vulnerability Management team acknowledges the urgent nature of this situation and has released comprehensive guidance regarding the impact and remediation strategies for the affected vulnerabilities. Along with CVE-2025-53770, the guidance includes information on previously patched vulnerabilities: CVE-2025-49704 and CVE-2025-49706, along with the ongoing patching efforts for CVE-2025-53771.

Details of Key Vulnerabilities

CVE Type CVSS v3.1 Patch Status
CVE-2025-49704 Improper control of code generation → authenticated RCE 8.8 (High) Fixed in the July 8, 2025 security updates — Subscription Edition KB 5002768, SharePoint Server 2019 KB 5002741, SharePoint Server 2016 KB 5002744.Microsoft Support
CVE-2025-49706 Improper authentication / spoofing 6.3 (Medium) Fixed in the same July 8, 2025 updates (KB 5002768 / 5002741 / 5002744).Microsoft Support
CVE-2025-53770 Deserialization of untrusted data → unauthenticated RCE 9.8 (Critical) Emergency patch released for Subscription Edition KB 5002768 and SharePoint 2019 KB 5002754; patch for SharePoint 2016 is pending.Microsoft Security Response Center
CVE-2025-53771 Path traversal / spoofing 6.3 (Medium) Addressed by the same emergency updates as CVE-2025-53770 (SE KB 5002768, 2019 KB 5002754); SharePoint 2016 fix forthcoming.Microsoft Security Response Center

Impacted Products

Product CVE-2025-49704 CVE-2025-49706 CVE-2025-53770 CVE-2025-53771
SharePoint Server Subscription Edition ✅ Affected ✅ Affected ✅ Affected ✅ Affected
SharePoint Server 2019 ✅ Affected ✅ Affected ✅ Affected ✅ Affected
SharePoint Server 2016 ✅ Affected ✅ Affected ✅ Affected ✅ Affected
SharePoint Online ❌ Not affected ❌ Not affected ❌ Not affected ❌ Not affected

For additional insights and in-depth information, you can visit the official blog post on Microsoft’s Tech Community website here.

Source & Images

Leave a Reply

Your email address will not be published. Required fields are marked *