UK Microsoft Office SharePoint Server vulnerability found – remediate now

Are you using SharePoint on-premises?

Microsoft has released a security notice regarding a on-premises SharePoint server vulnerability, cve-2025-52770.

The NCSC has said that this vulnerability allows an attacker to remotely execute arbitrary code via the deserialisation of untrusted data. A separate vulnerability, CVE-2025-53771, allows this attack to be performed while bypassing your authentication.

If you have any of the following products, you're affected by this vulnerability:

• Microsoft SharePoint Server Subscription Edition
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server 2016

How to fix the SharePoint server vulnerability

Microsoft and NCSC have advised that you take the following steps as soon as possible:

1. Use supported versions of on-premises SharePoint Server
2. Apply the latest security updates
3. Deploy Microsoft Defender for Endpoint protection, or equivalent threat solutions
4. Ensure the Antimalware Scan Interface (AMSI) is turned on and configured correctly, with an appropriate antivirus solution such as Defender Antivirus
5. Rotate SharePoint Server ASP.NET machine keys

The NCSC has guidance on vulnerability management, an early warning notification service, and a vulnerability disclosure toolkit.

Need help improving your security?

Create a better defence against threats and spot vulnerabilities before they become an issue.

We can help you with Microsoft Defender for Endpoint, threat protection and antivirus solutions. Book a call with our security expert now. Fill in the form below or call +44 (0) 1364 655181. He can take you through the seven layers of security and identify gaps that need remediating to make your security posture more robust.