Microsoft Issues Critical Patch for SharePoint Vulnerability Amid Ongoing Exploits

The fix was released between July 19 and 20, and the company has advised affected users to apply the security patch immediately.

Microsoft has issued an urgent patch for a critical "zero-day" vulnerability in its SharePoint software. The patch follows confirmation that hackers had already exploited the flaw to target businesses and U.S. government agencies.

The fix was released between July 19 and 20, and the company has advised affected users to apply the security patch immediately.

The vulnerability is classified as a zero-day, meaning it was unknown to developers and had no fix at the time of discovery. Organizations widely use Microsoft SharePoint for file sharing, collaboration, and internal document management.

In an alert on July 19, Microsoft confirmed active exploitation of the vulnerability. The next day, the company issued guidance for securing SharePoint Server 2019 and SharePoint Server Subscription Edition. However, SharePoint Server 2016 users remain at risk as the patch for that version is still in development.

Cybersecurity firm CrowdStrike’s Adam Meyers said, "Anybody with a hosted SharePoint server has a problem. It's a significant vulnerability."

The exploit, identified as “ToolShell,” reportedly allows attackers full access to SharePoint file systems. Integrated services such as Microsoft Teams and OneDrive are also potentially affected. Eye Security, a cybersecurity company, noted that attacks may have begun as early as July 18. After scanning over 8,000 SharePoint servers worldwide, the company found that dozens had already been compromised.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) labeled the issue as “a variant of the existing vulnerability CVE-2025-49706”. It urged organizations using on-premise SharePoint servers to take them offline until they are patched. CISA warned that the vulnerability could lead to widespread impact if not addressed promptly.

As of now, organizations running SharePoint Server 2016 must remain cautious until Microsoft releases the pending patch.

Stay tuned for more such updates on Digital Health News