Every Microsoft Patch Tuesday, I link to my Zero-day Primer, as it is important that you understand even with every technical cyber security tool in place and a well-trained team, you are still vulnerable to the cyber security flaw that only the threat actors know about.
The Zero-day reality
So it was no suprise that there was a lot of serious chatter, when a zero-day flaw was discovered in Microsoft’s SharePoint system – software that many organisations depend on being secure, including us and many of our clients – which was being exploited and that there was no patch available.
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available – BleepingComputer
With something as serious as this meant no one could wait until the next Microsoft Patch Tuesday in August and Microsoft rapidly released out-of-band (OOB) updates for fix the problem.
A Real Threat
If you dismiss this as techo-hype trying to get you to spend your precious cash – read this:
Analyzing Sharepoint Exploits (CVE-2025-53770, CVE-2025-53771) – SANS Internet Storm Center
The threat actors are stepping up their attacks looking for those organisations where the CEO’s new car was placed above a couple of quid per month, per user for better cyber security protection.
Your Takeaway
If you do not have some type of remote monitoring and management (RMM) tool installed on all of your endpoints then you are leaving yourself open to a wide range of possible attacks and issues, including team members skipping cyber security patches and updates.
Clive Catton MSc (Cyber Security) – by-line and other articles
Summer Cyber Security Webinars
The summer webinar series has started. It is not too late to sign up for the rest of the series and then you can get access to the recording of the episodes you missed.
