SharePoint Server Vulnerabilities Now Exploited to Deliver Ransomware

3 months ago 1

How We Can Help With Server Ransomware Vulnerabilities | Zelda Security

SharePoint Server Ransomware Vulnerabilities | Zelda Security

Microsoft has confirmed that critical vulnerabilities in on-premises SharePoint Server are being exploited to deploy ransomware. Threat actors are actively targeting businesses across sectors, including government agencies.

If your organization is running SharePoint Server 2016, 2019, or Subscription Edition, it’s time to act.

Illustration of a hacker launching a ransomware attack on SharePoint Server, with a person at a desk facing warning alerts on their laptop, a phishing hook targeting a monitor displaying a red screen with a skull icon and a padlock symbol—representing cybersecurity threats and data breaches.

What’s Happening?

A new set of CVEs—CVE-2025-49706, 49704, 53770, and 53771—are being actively exploited by advanced threat actors.

Unlike previous vulnerabilities, these are now being used to:

  • Gain unauthorized access

  • Escalate privileges

  • Deliver ransomware payloads

Microsoft has confirmed real-world attacks affecting hundreds of organizations, including the U.S. National Nuclear Security Administration.

Not impacted: SharePoint Online (Microsoft 365)
At risk: On-prem versions only

Why SharePoint Exploits Are Dangerous

On-prem SharePoint servers often hold:

  • Internal communication records

  • Confidential documents

  • Credentials, tokens, and system integrations

A successful exploit could:

  • Disrupt operations with ransomware

  • Leak sensitive internal data

  • Create regulatory violations under HIPAA, SOC 2, or ISO 27001

Who's Affected?

Any organization running:

  • SharePoint Server 2016

  • SharePoint Server 2019

  • SharePoint Server Subscription Edition

We’ve seen impact across industries:

  • In Salt Lake City, a legal firm’s SharePoint Server was locked down by a ransomware group.

  • In New York, a fintech startup experienced credential theft tied to this CVE chain.

  • In San Francisco, a healthcare group detected anomalous SharePoint traffic mid-exfiltration.

Zelda Security’s Recommended Response Plan

Our AI-driven response strategy follows best practices aligned to MITRE ATT&CK, NIST, and real-world ransomware response.

StepAction
Isolate SystemsDisconnect affected servers from the network
Patch ImmediatelyApply Microsoft’s latest SharePoint security updates
Rotate CredentialsReset admin, service, and user credentials
Threat HuntUse EDR/XDR to detect attacker presence
Harden DefensesEnable firewalls and disable unused services
Backup CheckVerify offline backups are safe and restorable
Document & ImproveCapture lessons to improve future response

We can assist with every step—from detection to containment to recovery.

Why Businesses Trust Zelda Security

  • Real-time AI + human-led threat detection

  • SharePoint-specific risk assessments

  • Compliance-ready reporting for SOC 2, HIPAA, PCI, and more

  • Local presence in Salt Lake City, San Francisco, and New York

Frequently Asked Questions

Secure Your SharePoint Server Before It’s Too Late

Read Entire Article
  1. Homepage
  2. Technology
  3. SharePoint Server Vulnerabilities Now Exploited to Deliver Ransomware

Related

RFXGen: A simple and easy-to-use fx sounds generator, built on raylib

RFXGen: A simple and easy-to-use fx sounds generator, built ...

12 minutes ago 0
Software Engineering's Greatest Hits [video]

Software Engineering's Greatest Hits [video]

13 minutes ago 0
Ask HN: Will people have online "ambiguous families" in the near future?

Ask HN: Will people have online "ambiguous families" in the ...

15 minutes ago 0
Hostinger Web Hosting