The above vulnerability allows the deserialization of untrusted data bypassing authentication, and allows an attacker to bypass fixes made in July security bulletins for vulnerabilities CVE-2025-49704 and CVE-2025-49706. CVE-2025-53771, a patch bypass for another vulnerability from the ToolShell chain (CVE-2025-49706), which allows an unauthenticated user to access information without affecting service availability, was published simultaneously. Both security vulnerabilities – for unauthorized access to data and unauthorized code execution – were disclosed at Trend Micro’s Zero Day Initiative Pwn2Own Berlin 2025, but the new patches contain more robust protections than their originals developed at that conference.

Attack mechanism

• The attacker sends a crafted POST request to the endpoint /_layouts/*/ToolPane.aspx which deserializes malicious objects in the IIS context.
• After obtaining code execution, the webshell spinstall0.aspx is installed in the Layouts directory.
• From the webshell, the ValidationKey and DecryptionKey cryptographic keys are extracted.
• Using the stolen keys, the attackers sign further requests to the server and fully take control of the server, regardless of the subsequent removal of the webshell.

Vulnerable SharePoint Versions and Recommended Protective Actions

To protect against vulnerabilities, immediately apply the latest patches for all supported versions of SharePoint Server 2016, 2019 and Subscription Edition and make sure Antimalware Scan Interface (AMSI) integration is enabled and properly configured, preferably in Full Mode with Microsoft Defender Antivirus on SharePoint servers.

After installing patches and running AMSI, it’s a good idea to rotate ASP.NET Machine Keys and restart IIS according to SharePoint documentation.

If it is not possible to patch immediately, disconnect SharePoint servers from the Internet or restrict traffic to an authenticated VPN/proxy.

The SharePoint versions affected by the vulnerability and their corresponding security updates are summarized below.

Attacks exploiting CVE-2025-53770 vulnerability

The first attempts to exploit the CVE-2025-53770 vulnerability were reported as early as July 7, 2025, against government infrastructure in the US and Western Europe. Microsoft has officially confirmed active attempts to exploit the vulnerabilities, so far more than 80 SharePoint installations have been confirmed infected using the vulnerability, including a SharePoint farm belonging to the National Nuclear Security Administration, part of the US government’s Department of Energy.

Researchers noted that Chinese state groups Linen Typhoon and Violet Typhoon and the Storm-2603 actor were involved in the attack attempts, using the ToolShell chain for unauthorized access.

The post Microsoft SharePoint zero-day exploit (CVE-2025-53770) appeared first on Engagy360.

Well, but as of May 2025 that won’t be a problem, because… well the easiest way would be to give Copilot for businesses the same capabilities that free has, right? But it’s also possible to make an add-on that will be available in the agent store (Agent Store), and that’s the route Microsoft chose.

There will be a Researcher (Researcher) and an Analyst (Analyst) in the agent store, which will extend the capabilities of Copilot for Business, while being available as part of the Copilot for Business package . Third-party agents will also appear, including Jira, Monday.com and Miro, and it will also be possible to add company agents available internally.

The idea of an agent store seems ok with this, only if LLM being the basis of the intellectual capabilities of “bare” Copilot for companies doesn’t change, it won’t want to talk to them anymore .

This feature is still in the process of implementation, and you need to join The Frontier to enable it. The capabilities for inferring and analyzing corporate data are impressive and will save a lot of work time. Below are videos demonstrating the capabilities of the new agents .

Copilot will also get user memory based on information from chats, from the user’s profile, and the ability to customize operation through individual prompts and other settings. Also, administrators will get the ability to measure usage, set management policies and configure Copilot thoroughly within the organization’s Copilot Control System. These features have been sorely lacking so far, they’re already there .

There’s also a new, better Copilot Enterprise Search, allowing you to find everything you need with rich, contextual… goodness, just a new, better search function that includes third-party applications in addition to documents and emails. So far, Copilot for Business’ ability to search and count document or event occurrences has been so legendary that I can’t wait for the new version. Currently, Copilot for Business is very flexible on the correct answer to a question about the number of occurrences and documents that meet the criteria and often changes its mind, but it can be persuaded what the correct answer is. The new, better Enterprise Search may change that .

And then there’s something a little more controversial – People Skills Agent. Its purpose is to make it easier to find people in the organization who have the skills we are looking for. But also building a taxonomy of those skills based on the use of those skills on the job

Also now, checking whether an employee during the probationary period has demonstrated the skills he declared as part of the recruitment process will be at the price of his digital companion. To paraphrase an iconic quote – Copilot will help and advise, sometimes it will also reveal something about you .

This feature is so good for business that the European Union will surely ban it

There are more new features of Microsoft Copilot Wave 2, but there are also Microsoft programs for medium and large enterprises to learn about Copilot’s capabilities individually and to plan its adoption in the organization. If your organization already has Copilot licenses for businesses and you want to use its potential in a secure and planned way, contact us.

Our expert Szymon Bochniak, an MVP with a specialization in Copilot, will guide your organization through key scenarios for using Copilot’s enterprise features and classifying company data to safely use Copilot’s features, especially those that allow employees to discover information they previously had no idea about

We can implement your organization’s Copilot Vision and Value or Copilot Studio Vision and Value workshops and also discuss issues related to automatic classification and protection of information from unknowing access to unauthorized recipients. If you’re wondering whether you can benefit from these workshops, you’d better fill out the form and we’ll be in touch in a moment to discuss possible support for your case .

The post Microsoft Copilot news for spring 2025 appeared first on Engagy360.