Microsoft is Fixing Security Flaws Targeting On-Premises SharePoint Servers

Microsoft is working to fix critical security vulnerabilities affecting on-premises SharePoint Servers. The company said that it’s aware of “active attacks targeting on-premises SharePoint Server customers” from threat actors exploiting vulnerabilities in the July security update.

To be clear, the two security flaws, CVE-2025-53770 and CVE-2025-53771, don’t affect SharePoint Online in Microsoft 365. The CVE-2025-53770 vulnerability allows unauthorized attackers to execute code in on-premises Microsoft SharePoint Server over a network. The CVE-2025-53771 vulnerability, however,  allows an authorized attacker to perform spoofing over a network.

Microsoft has released security updates that fully protect customers using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770, and CVE-2025-53771. These vulnerabilities apply to on-premises SharePoint Servers only. Customers should apply…

— Security Response (@msftsecresponse) July 21, 2025

Microsoft has already released security updates to protect customers using SharePoint Subscription Edition and SharePoint 2019. The company recommends customers to apply these updates immediately, and it’s also working on updates for SharePoint 2016.

To protect their environments, Microsoft also recommends that on-premises SharePoint server customers ensure the Antimalware Scan Interface (AMSI) is turned on and configured correctly. Customers are also invited to deploy Microsoft Defender for Endpoint or equivalent solutions and rotate SharePoint Server ASP.NET machine keys.

You can follow updates regarding these security vulnerabilities on the dedicated article on the Microsoft Security Response Center. The team will also share updates on the situation on its X account.