According to Kaspersky, Microsoft is to blame for the recent SharePoint vulnerabilities. Microsoft reportedly handled a similar vulnerability from 2020 carelessly.
On July 19, the Dutch security company EyeSecurity raised the alarm. A potentially dangerous and actively exploited vulnerability in SharePoint was discovered. Attacks are now occurring worldwide: more than four hundred organizations have already fallen victim. Microsoft points the finger at Chinese hacker groups.
But Microsoft also needs to take responsibility, according to Kaspersky. The security company examined the SharePoint vulnerabilities and concluded that they did not arise out of nowhere. The cause can be traced back to an unresolved vulnerability from 2020.
Emergency Patch
Hackers can attack companies’ SharePoint environments by exploiting multiple related vulnerabilities. These include somewhat older vulnerabilities (CVE-2025-49704 & CVE-2025-49706) as well as two newly discovered zero-days (CVE-2025-53770 & CVE-2025-53771). The vulnerabilities allow for bypassing authentication and planting ransomware seeds in XML content.
Microsoft has since released emergency patches to close the zero-days and advises companies to update SharePoint as soon as possible. Failing to apply patches in time can lead to complete system compromise. The vulnerabilities affect on-premises versions of SharePoint and are reminiscent of past Exchange attacks from the past.
Five Years Too Late
According to Kaspersky, the updates are merely a band-aid on a wound that should have been treated long ago. The security company sees strong similarities with a SharePoint vulnerability from 2020 (CVE-2020-1147). Microsoft inadequately addressed that vulnerability at the time, allowing attackers to easily replicate the exploit. The most recent patch is therefore actually five years too late, concludes Kaspersky.
Microsoft has received much criticism in the past for how it handles its security. A Chinese espionage campaign in 2023 even resulted in a government investigation. Microsoft promised improvement, but past mistakes threaten to haunt it again.
read also
Cause of SharePoint Vulnerability Lies with “Incomplete” Patch by Microsoft
Security companies and national security organizations are warning companies about active attacks on SharePoint servers. The Belgian CCB is asking Belgian companies to report if they have become victims.