SharePoint Zero-Day Fix for CVE-2025-53770 & 53771

Key Security Strategy Insights From Our Expert Response

In mid-July 2025, cybersecurity researchers began sounding the alarm on what is now considered a “close-to-worst-case scenario” for IT administrators: a wave of zero-day cyberattacks targeting Microsoft SharePoint Servers on-premises.

The campaign dubbed ‘ToolShell’ exploits two critical zero-day vulnerabilities (CVE-2025-53770 and CVE-2025-53771), enabling unauthenticated attackers to bypass login protections, gain access to internal systems, and execute malicious code. The flaws are dangerously simple to exploit and have already led to widespread impact across hundreds of organizations, including government agencies, universities, and critical infrastructure.

While SharePoint Online in Microsoft 365 remains unaffected, these events highlight the inevitability of cyberattacks and the importance of quick, strategic response.

In this article, we share how our team acted fast to protect our client. We also highlight how Microsoft’s shared responsibility model works and how, when combined with a proactive IT partner, it can lighten the load on internal IT team’s and keep businesses a step ahead of today’s threats.

From Discovery to Response: How Managed Solution Protected a Client in Real Time

As news of the ToolShell exploit chain broke, Managed Solution’s cybersecurity team acted immediately. Our team began auditing all managed service clients to identify any instances of on-prem SharePoint.

“Once we knew about the breach, we discussed it on our morning daily call,” said Lloyd Bowen, VCIO of Security & Compliance at Managed Solution. “Within a couple of hours, we had run a full software installation report and pinpointed the affected systems.”

Risk Containment Strategy: A Step-by-Step Incident Response

Following this, our team jumped into action with a focused plan:

1. Identify: The vulnerability was confirmed, and risk to critical data was assessed.
2. Communicate: The client’s Technical Account Manager (TAM) explained the threat, proposed immediate actions, and secured approval.
3. Act: Sensitive files were rapidly migrated to a secure on-prem file share, and the old SharePoint Server was decommissioned.

“We couldn’t just flip a switch,” Bowen explained. “But we made it clear—the longer they waited, the more opportunity a threat actor had. Once they understood the risk, they moved quickly, and we executed.”

Adaptive Security For Evolving Threat Environments

Incidents like ToolShell bring a long-standing debate into sharp focus: on-prem vs. cloud.

With Microsoft 365, the burden of patching, maintaining, and securing the SharePoint infrastructure shifts to Microsoft. Clients still manage their data, while Microsoft takes care of the infrastructure-level vulnerabilities.

Pairing this with the support of a Cloud Service Provider not only improves security but frees up IT teams to focus on strategic initiatives instead of firefighting vulnerabilities. The cost savings, reduced downtime, and lower risk exposure make a compelling business case.

Bowen also noted a recent comparison point: the CrowdStrike bug that caused global outages due to a bad update. “You can’t imagine the kind of manpower that took, because those users were carrying the full weight of remediation.” He explained in his post-incident review.

“When you’re in Microsoft 365 and working with a good CSP, that burden’s not all on you anymore. They move fast, help lock things down, and essentially free up time and resources for IT teams.”

Why It Pays to Have the Right IT Partner

Beyond the technology, it’s the people behind the tools that make the difference when a crisis hits. At Managed Solution, Technical Account Managers (TAMs) play a critical role in our security operations center (SOC) helping clients stay protected. They maintain ongoing visibility into each customer’s environment, proactively monitor for threats, and act as strategic advisors when incidents like ToolShell emerge.

TAMs provide that direct line of support, the kind that helps teams move quickly and confidently. Whether it’s identifying vulnerabilities, outlining remediation steps, or coordinating with Microsoft and other vendors, our TAMs are there to guide the response and reduce the burden on internal IT teams.

But the value of a managed service partner doesn’t stop at emergency patch deployments. At large, clients benefit from access to broader cybersecurity expertise, faster response times, and scalable support that adapts to their needs. It’s this partnership model that turns cloud services into a fully supported, secure, and future-ready solution.

The Takeaway

Cyber threats are evolving, but so are the tools & resources to stay ahead. The key to maintaining resilience is embracing modernization and collaboration. Leveraging the latest security innovations and expertise helps you ensure your environment remains secure, agile, and capable of adapting to whatever challenges arise next.

At Managed Solution, we help businesses reduce their risk, move to the cloud safely, and stay ahead of evolving threats. From security-first strategy to cloud migration and beyond, we’re here to guide and protect your digital environment. Chat with an expert today to learn how we can help to protect your organization.