Back to news
Microsoft releases emergency security updates to fix SharePoint zero-day flaws — everything you need to know
@Source: tomsguide.com
Skip to main content
Tom's Guide
Tom's Guide
Search Tom's Guide
View Profile
Newsletters
Best Picks
Entertainment
OpenAI announcement
Switch 2 Restock
Galaxy Z Fold 7
iPhone 17 Air
Best laptops
Wordle Today
Best Mattress
Recommended reading
Online Security
It’s time to update Chrome — zero-day bug is being exploited in the wild by hackers
Online Security
Google just fixed a high-severity Chrome flaw that can be used to take over your account — update right now
Online Security
Google just patched an actively exploited zero-day flaw — update your Android phone right now
Malware & Adware
Major Windows Secure Boot flaw can be used by hackers to install bootkit malware — update your PC right now
Malware & Adware
New FileFix attack brings ClickFix social engineering to Windows File Explorer — how to stay safe
Online Security
More than 184 million passwords exposed in massive data breach — Apple, Google, Microsoft and more
Malware & Adware
AirPlay flaw exposes all Apple devices to hacking over Wi-Fi — what you need to know
Online Security
Microsoft releases emergency security updates to fix SharePoint zero-day flaws — everything you need to know
Amber Bouman
21 July 2025
Two zero-day flaws are versions of vulnerabilities that were patched earlier this year
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Paolo Bona / Shutterstock.com)
Microsoft has released two emergency patches to address zero-day vulnerabilities that have been found in SharePoint RCE. Actively exploited in attacks, the two flaws (tracked as CVE-2025-53770 and CVE-2025-53771) are both “ToolShell” attacks that compromise services and that build on flaws that were fixed as part of July’s Patch Tuesday updates.
As reported by Bleeping Computer, the new flaws were exploited by researchers back in May at a Berlin hacking contest. They did so by using a vulnerability chain that enabled the researchers to achieve remote code execution in Microsoft SharePoint. Threat actors were then able to use zero-day flaws that built on the patches from previous issues and have been conducting toolshell attacks on SharePoint servers that have directly affected over 50 organizations.
The emergency patches that Microsoft has pushed out have fixed both flaws in Microsoft SharePoint Subscription Edition and SharePoint 2019 but there is currently no fix available for SharePoint 2016.
You may like
It’s time to update Chrome — zero-day bug is being exploited in the wild by hackers
Google just fixed a high-severity Chrome flaw that can be used to take over your account — update right now
Google just patched an actively exploited zero-day flaw — update your Android phone right now
Administrators should install the available updates immediately, and then rotate the machine keys as well as consider analyzing the logs and file system for the presence of malicious files or any evidence of exploitation.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
More from Tom's Guide
12 signs your phone has been hacked — and what to do next
Over 200 million Amazon Prime customers warned about scammers trying to steal their accounts — how to stay safe
Co-op cyberattack exposes personal data of all 6.5 million members — what to do next
Today's Norton 360 with LifeLock deals
61% off - 1st year
Norton 360 with LifeLock Select -
Norton 360 with LifeLock Advantage -
Norton 360 with LifeLock Ultimate Plus
We check over 250 million products every day for the best prices
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
See more Computing News
Amber Bouman
Social Links Navigation
Senior Editor Security
Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
It’s time to update Chrome — zero-day bug is being exploited in the wild by hackers
Google just fixed a high-severity Chrome flaw that can be used to take over your account — update right now
Google just patched an actively exploited zero-day flaw — update your Android phone right now
Major Windows Secure Boot flaw can be used by hackers to install bootkit malware — update your PC right now
New FileFix attack brings ClickFix social engineering to Windows File Explorer — how to stay safe
More than 184 million passwords exposed in massive data breach — Apple, Google, Microsoft and more
Latest in Online Security
Over 200 million Amazon Prime customers warned about scammers trying to steal their accounts — how to stay safe
Co-op cyberattack exposes personal data of all 6.5 million members — what to do next
12 signs your phone has been hacked — and what to do next
Meta AI was leaking chatbot prompts and answers to unauthorized users
This Android malware poses as real apps to take you to dangerous sites and flood your phone with spam
5.4 million hit in major healthcare data breach — names, emails, SSNs and more exposed
Latest in News
iOS 26 public beta could release later this week — here’s what we know
The MSI Claw A8 is now available to pre-order in Europe — when is it coming to North America?
Apple reportedly begins work on iOS 27 — and it's built for the iPhone Fold
How to watch First Nations & Pasifika XV vs British & Irish Lions: Live stream the 2025 rugby game, team news
New Meta prototype headsets combine goggle-like design with ultra-wide VR — and it could be a sneak peek at the Meta Quest 4
'Alien: Earth' producer says the series will feature 'more Xenomorph' than any of the movies — and I'm here for it
LATEST ARTICLES
Walmart's massive summer sale is live — save big on patio furniture, grills, back to school essentials and more
The MSI Claw A8 is now available to pre-order in Europe — when is it coming to North America?
iOS 26 public beta could release later this week — here’s what we know
Apple reportedly begins work on iOS 27 — and it's built for the iPhone Fold
Huge Amazon sale is live from £7 — 31 deals I’d shop this week on apparel, TVs, Apple, Lego, Shark, Ninja and more
Tom's Guide is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
Terms and conditions
Contact Future's experts
Privacy policy
Cookies policy
Accessibility Statement
Advertise with us
Future US, Inc. Full 7th Floor, 130 West 42nd Street,
Please login or signup to comment
Please wait...
Related News
30 Jun, 2025
‘I don’t really feel pain, got a lot of . . .
01 Jul, 2025
По делу агентства "Sputnik Азербайджан" . . .
08 May, 2025
New L.A. community college Chancellor Al . . .
14 Mar, 2025
Tiger Woods Is Dating Donald Trump Jr.’s . . .
23 Jun, 2025
USA trip about more than the results for . . .
02 Jun, 2025
SEC tasks African capital markets on fin . . .
25 May, 2025
When was the last time Jordan Spieth won . . .
06 May, 2025
Donald Trump bans 'dangerous' virus rese . . .