Tag Archives: EyeSecurity

August “In the Trend of VM” (#18): vulnerabilities in Microsoft Windows and SharePoint

Leave a reply

August In the Trend of VM (#18): vulnerabilities in Microsoft Windows and SharePoint

August “In the Trend of VM” (#18): vulnerabilities in Microsoft Windows and SharePoint. A traditional monthly roundup – this time, it’s extremely short.

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

Only two trending vulnerabilities:

🔻 Remote Code Execution – Microsoft SharePoint Server “ToolShell” (CVE-2025-53770). The vulnerability is being widely exploited; attackers may even have gained access to U.S. nuclear secrets. The vulnerability is also relevant for Russia.
🔻 Elevation of Privilege – Windows Update Service (CVE-2025-48799). The vulnerability affects Windows 10/11 installations with at least two hard drives.

На русском

About Remote Code Execution – Microsoft SharePoint Server “ToolShell” (CVE-2025-53770) vulnerability

1 Reply

About Remote Code Execution - Microsoft SharePoint Server ToolShell (CVE-2025-53770) vulnerability

About Remote Code Execution – Microsoft SharePoint Server “ToolShell” (CVE-2025-53770) vulnerability. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work. A flaw in the deserialization mechanism of an on-premises SharePoint Server instance allows remote unauthenticated attackers to execute arbitrary code.

👾 On July 18, Eye Security researchers reported mass exploitation of this vulnerability in conjunction with the spoofing vulnerability CVE-2025-53771. CVE-2025-53770 and CVE-2025-53771 are evolutions of the vulnerabilities CVE-2025-49704 and CVE-2025-49706 from the July MSPT.

🔻 On July 19, Microsoft released updates for SharePoint Server 2016, 2019, and Subscription Edition. They also recommended integrating with the Antimalware Scan Interface.

🔨 Public exploits have been available on GitHub since July 21.

На русском