Microsoft Warns of SharePoint Zero-Day Exploits by State Actors
Microsoft has alerted organizations worldwide to active attacks exploiting severe vulnerabilities in SharePoint, attributed to state-backed actors. Emergency patches have been issued to counter the threats.

On July 19, 2025, Microsoft issued a warning regarding ongoing attacks exploiting critical zero-day vulnerabilities in on-premises SharePoint servers. The vulnerabilities in question, identified as CVE-2025-53770, have been assigned a CVSS score of 9.8, categorizing them as highly severe.
The exploitation attempts are reported to have begun as early as July 7, 2025, and investigations led Microsoft to attribute these malicious activities to Chinese state actors, specifically groups known as Linen Typhoon, Violet Typhoon, and an additional group called Storm-2603. The latter has been linked to deploying ransomware during these attacks.
Details of the Attack
Attackers have reportedly stolen cryptographic machine keys from compromised systems, enabling them to maintain persistent access to both government and enterprise targets worldwide. The scale of these attacks and the sensitive nature of the victims underline the potential implications for national security and corporate confidentiality.
In response to the immediate threat, Microsoft has rushed to develop and distribute emergency patches for all supported versions of SharePoint. This proactive measure aims to mitigate the vulnerabilities before they can be exploited further by malicious actors. Organizations utilizing SharePoint are strongly encouraged to apply the patches promptly to safeguard their systems. The urgency of this call to action reflects the heightened risk posed by the attackers' capabilities and the sensitive data at stake.
Responses from Security Experts
Security experts have analyzed the implications of these attacks, with many underscoring the continued risk that state-sponsored hacking efforts pose to global cybersecurity. They note that such incidents highlight an increasing trend in which nation-states use sophisticated cyber operations to gain strategic advantages. The potential for disruption, data theft, and damage to critical infrastructure raises pressing concerns within the cybersecurity community.
“The attribution of these attacks to state-backed groups illustrates the evolving threat landscape, where organized cybercrime intersects with geopolitical tensions,” stated a cybersecurity analyst.
This incident follows a string of attacks attributed to nation-states that have targeted a variety of software, with SharePoint now added to the list of widely-used enterprise tools under siege. As the situation unfolds, vigilance within the IT community is critical.
For further details on the Microsoft response and ongoing threats, refer to the official announcements on Microsoft Security Blog, as well as articles from NBC News and Krebs on Security.
Newsletter
The SIGNAL newsletter
The essentials of AI, tech and cinema, straight to your inbox.