Critical Microsoft SharePoint Vulnerability: Act Now or Risk Compromise

Christopher Souza | CEO

In today’s high-stakes digital world, staying on top of cybersecurity threats is a vital part of your business’ everyday operations. It’s survival of the fittest.

Over the weekend, a dangerous vulnerability in Microsoft SharePoint Server came under active exploitation, compromising at least 29 organizations already. But that number is climbing. If you’re still running on-premises SharePoint servers, this is not a drill.

Here’s what’s happening, who’s at risk, and how you can protect your organization.

What’s Going On?

Microsoft has disclosed a critical vulnerability affecting on-premise SharePoint Server deployments, giving attackers a doorway into your internal systems. This isn’t theoretical, as it’s being weaponized right now, and organizations are already paying the price.

Who is at Risk?

Only on-prem SharePoint environments are at risk. If your servers are hosted internally or through a third-party provider, you must act immediately. Every minute left unpatched increases the risk of compromise.

If you’ve already migrated to Microsoft 365, you’re in a safer place. Built-in protection is part of Microsoft’s shared responsibility model, where Microsoft secures the platform, servers, storage, and networking, and you manage your data and user access. This means the threat is neutralized before it ever reaches you.

No Action Needed If You’re Already in the Cloud

SharePoint Online users don’t need to do anything since Microsoft has already patched the cloud side of things. This behind-the-scenes protection is exactly why many organizations are speeding up their cloud migrations.

What TSI is Doing for Our Clients

We’re not waiting. We’re actively:

• Auditing all client environments for any on-prem SharePoint servers
• Opening tickets and developing remediation plans for impacted clients
• Pushing immediate patching for all client-managed or third-party servers
• Advising cloud migration strategies to reduce long-term risk and future headaches

A Lesson from the Real World

In early 2025, UnitedHealth’s Change Healthcare division suffered a crippling ransomware attack directly tied to an unpatched Microsoft vulnerability. This breach caused major disruptions across the U.S. healthcare system, with losses estimated to be in the hundreds of millions.

With over 145,000 organizations worldwide relying on SharePoint, the attack surface is enormous. Hackers know this and are relentlessly searching to take advantage of new vulnerabilities such as this one.

What You Need to Do Next

• Check your environment
  • Are you still running on-prem SharePoint?
• Don’t assume you’re automatically in the cloud
  • Hybrid environments often hide vulnerable on-prem components.
• Apply Microsoft’s latest patches
  • Critical Builds Include:
    • SharePoint 2016 up to 16.0.5508.1000
    • SharePoint 2019 up to 16.0.10417.20027
    • Subscription Edition up to 16.0.18526.20424
• Enable AMSI/Defender Integration
  • Helps detect post-exploit web shell activity
• Change ALL cryptographic keys, credentials, and certificates
  • Extracted keys allow signature forging. Don’t let them get reused.
• Start planning a migration to SharePoint Online
  • Not only is it more secure, but it’s also scalable and designed for the future
• Contact TSI
  • We’ll assess your environment and help you take the next steps of keeping your systems secure. Our dedicated team of experts is ready to assist you day and night. Contact us today to get started!

The Bottom Line

Cybersecurity threats don’t wait and neither should you. This exploited vulnerability isn’t theoretical. It’s surgical, lethal, and spreading at an alarming rate.

Take action today. Don’t be next. Whether you’ve fully embraced the cloud, or are still managing legacy infrastructure, staying vigilant is critical to everyone’s success.

A fantastic way to stay informed is with our monthly newsletter. We cover the latest in cybersecurity, threats, and the best practices for businesses like yours. It’s free to join and keeps you one step ahead.

Ready to take the next steps toward improving your organization’s cybersecurity posture? Contact us today to learn how we can help safeguard your assets against cyber threats and enable you to focus on your core business.

About Technical Support International

TSI is 36-year old cybersecurity (MSSP) and IT support (MSP) company specializing in helping DIB organizations address their NIST 800-171 and CMMC compliance obligations. As a CMMC-AB Registered Provider Organization (RPO), TSI offers a complete NIST 800-171 and CMMC support solution to help guide our clients toward a successful certification audit and provide the assurance that they’re adhering to these expansive compliance requirements.