A security vulnerability exists in Microsoft SharePoint Server 2019 Core that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.| Microsoft Store - Download Center
A security vulnerability exists in Microsoft SharePoint Server Subscription Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.| Microsoft Store - Download Center
Customer guidance for SharePoint vulnerability CVE-2025-53770| msrc.microsoft.com
Lateral Tool Transfer| attack.mitre.org
Command and Scripting Interpreter:| attack.mitre.org
Exploit Public-Facing Application| attack.mitre.org
Hear directly from the Microsoft Threat Intelligence community as they navigate the evolving threat landscape, uncovering untold stories of APTs, malware, and other weird and cool tools and tactics in the world of cyber threats.| N2K CyberWire
DS0017| attack.mitre.org
Monitor network traffic for WMI connections for potential use to remotely edit configuration, start services, or query files. When remote WMI requests are over RPC it connects to a DCOM interface within the RPC group netsvcs. To detect this activity, a sensor is needed at the network level that can decode RPC traffic or on the host where the communication can be detected more natively, such as Event Tracing for Windows. Using wireshark/tshark decoders, the WMI interfaces can be extracted so ...| attack.mitre.org
Adversaries may attempt to access credential material stored in the process memory of the Local Security Authority Subsystem Service (LSASS). After a user logs on, the system generates and stores a variety of credential materials in LSASS process memory. These credential materials can be harvested by an administrative user or SYSTEM and used to conduct Lateral Movement using Use Alternate Authentication Material.| attack.mitre.org
