(CAPITAL GOVERNANCE SHAREPOINT – UNAFFECTED, FULLY SECURE)

Capital Governance – SharePoint Operations Update

The cyberattack affected SharePoint on-premises or hybrid installations. Our SharePoint servers which are cloud-based and constantly monitored and REMAIN FULLY SECURE.

Background

On 20 July 2025, Microsoft SharePoint servers were targeted in a widespread cyberattack exploiting a zero-day vulnerability chain dubbed “ToolShell.” The attack primarily affected on-premises SharePoint deployments linked apparently to groups tracked as Linen Typhoon, Violet Typhoon, and Storm-2603. These actors exploited vulnerabilities CVE-2025-49706 and CVE-2025-49704, which allowed unauthenticated access, remote code execution, and full control over SharePoint content and configurations.

Microsoft responded by releasing emergency patches for SharePoint Subscription Edition, 2019, and 2016. Despite these updates, attackers continued breaching even fully patched systems, prompting Microsoft to assign new CVEs (CVE-2025-53770 and CVE-2025-53771) and issue further mitigations.

Management Action

• Microsoft urged all organizations using on-premises SharePoint to apply updates, rotate machine keys, restart IIS, and enable advanced security features like AMSI and Defender Antivirus.
• All IT operations should be scanned for any breaches or data corruptions. Big branded IT services are generally robust but are constantly under attack and are compromised with increasing regularity – BE VIGILANT AND NOT COMPLACENT.

Contact Us today to discuss how we can provide the risk and compliance advisory solutions for cybersecurity. Find out more here.