On Saturday, July 20, 2025, a vulnerability in SharePoint Server, Microsoft’s collaborative management software, was identified by Eye Security, a young Belgian company specializing in cybersecurity. The flaw only affects locally installed (on-premises) SharePoint environments, which are mainly used by large organizations with internal servers.
Microsoft responded quickly by releasing a patch. However, some organizations had already noticed abnormal behavior prior to this announcement.
An important clarification: only on-premises SharePoint servers are affected
It is important to note that this vulnerability only affects locally installed (on-premises) versions of SharePoint. Cloud versions of SharePoint are not vulnerable to this flaw and are not affected, as confirmed by Microsoft. For the vast majority of SMEs, who use modern cloud solutions, this risk is therefore non-existent. This reinforces the value of adopting the cloud as a lever for security and resilience.
A reminder about zero-day vulnerabilities
Eye Security, founded in 2021, is recognized for its ability to quickly identify zero-day vulnerabilities. A zero-day vulnerability is a vulnerability that is unknown to the publisher at the time it is discovered or exploited. In this specific case, certain malicious groups exploited the vulnerability to access internal servers via vulnerable authentication tokens, potentially allowing them to steal service identities. According to The Verge, even patched servers could remain at risk if traces of the intrusion remained (source: The Verge).
Microsoft has also confirmed the involvement of cyber groups linked to China, including Linen Typhoon and Violet Typhoon. Axios reports that the malicious activity began as early as July 7, 2025 (source: Axios).
Quebec takes precautions—but no need to panic
In Quebec, the Ministry of Cybersecurity and Digital Technology (MCN) has taken preventive measures to secure SharePoint Server environments within certain public agencies. As a precaution, government websites have been temporarily shut down. This response illustrates a desire to act primarily out of caution, even though the direct risk does not affect the majority of government digital services, which have often already migrated to the cloud.
For SMEs, a good time to review the basics
Although this vulnerability does not affect SMEs using SharePoint Online, it provides a valuable opportunity to review some basic cybersecurity practices:
- Maintain active monitoring of vendor vulnerability announcements.
- Ensure that systems are up to date, even when hosted in the cloud.
- Control access rights and activity logs.
- Validate the technology environment: cloud solutions such as Microsoft 365 offer a layer of automated protection that on-premises infrastructures do not always have.
What this incident reveals: the strength of the cloud and specialized partners
This event highlights the importance of a flexible and modern approach to IT security. It also underscores the growing role of small firms such as Eye Security in the rapid detection of targeted threats. With specialized partners and a migration to the cloud, SMEs can remain agile and protected.
What about you?
Does your organization use SharePoint Online or other Microsoft cloud solutions? Are you sure your environment is well protected, even in the event of an isolated breach?
At My Technician, we support SMEs every day in their transition to more secure environments. Our customers were not affected by this breach—and that’s no accident.
in your taskbar.