Microsoft's on-premises SharePoint servers experienced widespread zero-day attacks, compromising over 400 organizations, including by Chinese state-sponsored groups and ransomware operators. These attacks exploited vulnerabilities (CVE-2025-49704, CVE-2025-49706) and bypassed initial patches released by Microsoft on July 8, having commenced the day prior. Researchers strongly suspect a leak from Microsoft's Active Protections Program (MAPP), which provides early vulnerability details to partners, as the source of exploit intelligence. This incident raises significant concerns about Microsoft's vulnerability disclosure integrity and has reportedly led the company to withhold MAPP guidance for subsequent related flaws, posing ongoing security risks for enterprises.
A significant security and process failure at Microsoft has led to the widespread exploitation of its on-premises SharePoint servers, compromising over 400 organizations. The attacks, attributed to Chinese state-sponsored groups and ransomware operators, leveraged a zero-day exploit chain (CVE-2025-49704, CVE-2025-49706) that began on July 7, a day before Microsoft released an insufficient patch that was almost immediately bypassed. The timeline strongly suggests a leak from Microsoft's Active Protections Program (MAPP), which provides vulnerability data to security partners two weeks ahead of public disclosure. This incident represents a material breakdown in Microsoft's coordinated vulnerability disclosure process, eroding trust in a key industry program. The company's subsequent decision to withhold MAPP guidance for related vulnerabilities indicates a significant internal disruption and loss of confidence in its own security protocols, posing ongoing risks for its vast enterprise client base and the broader cybersecurity ecosystem.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.70
Ticker Sentiment
