In July 2025, a major security vulnerability—identified as CVE-2025-53770—was uncovered in on-premises versions of Microsoft SharePoint Server. This isn’t just another small bug fix. The flaw is so serious that attackers are actively exploiting it around the world, gaining unauthorized access to organizational data and systems, even bypassing identity protections like Multi-Factor Authentication and Single Sign-On.
How Serious Is It?
First off, we’re okay! Our SharePoint is located in the cloud at sharepoint.com, so we are unaffected. But let’s not mince words: this vulnerability is rated critical. Attackers who take advantage of it can execute remote code on affected servers, access all SharePoint content, system files, and potentially spread throughout a company or university’s IT network. Making matters worse, once attackers are in, they can steal cryptographic keys, meaning they might still be able to impersonate users or services even after a security patch is applied—unless organizations also rotate those keys.
Why SMU Users Can Breathe Easy
The good news: SMU’s instance of SharePoint isn’t run on those on-premises servers. Instead, we rely on SharePoint Online, which is part of Microsoft 365’s cloud suite. As confirmed by both Microsoft and credible reports, SharePoint Online is not affected by this vulnerability. The flaw is strictly limited to servers operated directly by organizations themselves, not those hosted and managed in Microsoft’s secure, always-updated cloud.
Microsoft’s cloud security teams take care of patches and proactive monitoring; the entire cloud platform is segmented from the underlying issues causing the trouble for local, on-prem installations. That means neither SMU’s data nor its users are exposed to the risks posed by CVE-2025-53770.
Is There a Fix?
When the vulnerability was first disclosed, there was no patch available; Microsoft was scrambling for a solution. In the meantime, they urged organizations with on-premises SharePoint servers to integrate antimalware tools and consider temporarily disconnecting from the internet if possible. They also recommended enabling the Antimalware Scan Interface (AMSI) and running Microsoft Defender Antivirus.
Eventually, Microsoft released security updates and additional mitigation steps for affected systems, but remediation involves more than just applying an update—it’s now also about changing cryptographic keys and maintaining vigilant monitoring for signs of prior exploitation.
Should You Do Anything?
While there’s no action required for SMU SharePoint Online users when it comes to this vulnerability, it’s always wise to stick to everyday cybersecurity best practices: keep your devices updated, use strong passwords, and make the most of multi-factor authentication across all your university accounts.
If you have any concerns or questions about your SharePoint sites or SMU’s IT security practices, you’re encouraged to reach out to us.
