Microsoft fixes SharePoint zero-day exploits used in cyberattacks and ransomware - how to patch them

Microsoft has pointed the finger at three Chinese nation-state actors for exploiting the SharePoint vulnerabilities. Here's what we know about the security flaws and how to guard against future attacks.

Microsoft has patched three critical zero-day SharePoint security flaws that hackers have already exploited to attack more vulnerable organizations. Responding to the exploits, the software giant initially issued fixes just for SharePoint Server Subscription Edition and SharePoint Server 2019, and then eventually rolled out a patch for SharePoint Server 2016 as well.

Designated as CVE‑2025‑53771 and CVE‑2025‑53770, the two vulnerabilities apply only to on‑premises versions of SharePoint, so organizations that run cloud‑based SharePoint Online are unaffected.

Also: I replaced my Microsoft account password with a passkey - and you should, too

Rated as important, CVE‑2025‑53771 is a SharePoint Server spoofing vulnerability, which means attackers can impersonate trusted ...