SharePoint Exploit Prompts Emergency Microsoft Update

22 Jul SharePoint Exploit Prompts Emergency Microsoft Update

Posted at 11:13h in Latest News by stephanie

A major security flaw has been discovered in Microsoft SharePoint Server and it’s already being exploited in the wild.
If your organisation is running on-premise SharePoint 2016, 2019, or Subscription Edition, it’s vital to act now.

🚨 What’s Happened?

Microsoft has confirmed a zero-day vulnerability affecting on-premise SharePoint Server, allowing attackers to gain remote code execution, effectively giving them control over your system.

💥 This exploit can also reach into connected services like Microsoft Teams, OneDrive, and beyond.

✅ Microsoft 365 users (SharePoint Online) are not affected – this only impacts on-prem deployments.

🧩 What Systems Are Affected?

SharePoint Server 2016
SharePoint Server 2019
SharePoint Subscription Edition

If you’re unsure which version you’re running or whether you’re cloud-hosted or on-premise, get this checked urgently.

🧰 Emergency Response Checklist

We’ve created a simple, step-by-step checklist to help you secure your systems and respond effectively:

✅ 1. Confirm Your Version

Check if your organisation is using on-premise SharePoint (not SharePoint Online via Microsoft 365).

🔧 2. Apply the Patch

Install the July 2025 security update immediately (available for 2019 & SE; 2016 patch in progress).
Reboot the server and run the SharePoint Configuration Wizard.

🔑 3. Rotate Keys

Rotate your ASP.NET Machine Keys.
Restart IIS to apply the changes.

🛡️ 4. Enable Protection

Turn on these key defences:

Microsoft Defender Antivirus
Antimalware Scan Interface (AMSI)
Defender for Endpoint (if available)

🕵️ 5. Check for Signs of Compromise

Review logs for unexpected PowerShell commands or web shell activity.
Audit user access and system changes.

📴 6. Isolate if Necessary

If you cannot patch immediately, disconnect the SharePoint server from the internet to prevent exploitation.

💡 7. Consider Moving to the Cloud

Migrating to Microsoft 365 reduces your risk exposure and eases the burden of patching and maintenance.
It’s also often more cost-effective and scalable in the long run.

🧠 Final Thoughts

This is a serious threat to any organisation still running on-prem SharePoint. Exploits are already happening, and delays in patching could result in data breaches, downtime, or worse.

If you need support confirming your setup, patching your systems, or planning a move to the cloud – we can help.

📞 Get in touch with Simply IT – your local partner for smarter, simpler IT.

📤 Share this post to help others stay protected.

Stay Connected on Social Media

Stay in the loop with the latest news and upcoming trends in the tech industry by following us on Facebook and LinkedIn.

Want to Read More?

If you found this blog useful, you may want to read this blog post: Hosted Virtual Servers: What Are the Benefits? (simply-it.co.uk)

Tags:

Blog, cyber threats, cybersecurity, data breaches, IT for Schools, IT services, IT solutions, IT support, ITforbusinesses, Making IT Simple, managed service provider, microsoft, microsoft sharepoint