vul.hatenadiary.com
incidents.hatenablog.com
【脆弱性内容】
| 公開日 |
登録日 |
CVE番号 |
NVD |
ベンダー |
CVSS v3 |
CWE |
脆弱性 |
KEV |
備考 |
|---|---|---|---|---|---|---|---|---|---|
| 2025/07/19 | 2025/07/09 | CVE-2025-53770 | NVD | Microsoft | 9.8(Microsoft) |
CWE-502 | 信頼できないデータのデシリアライゼーション | 2025/07/20 | SharePoint |
| 2025/07/20 | 2025/07/09 | CVE-2025-53771 | NVD | Microsoft | 6.5(Microsoft) |
CWE-287 | 不適切な認証 | - | SharePoint |
【図表】
脆弱なサーバー分布 (ShadowServer)
出典: https://dashboard.shadowserver.org/statistics/iot-devices/tree/?date_range=other_value&day=2025-07-18&vendor=microsoft&model=sharepoint&data_set=count&scale=log&auto_update=on
【概要】
■時系列データ
| リビジョン |
変更内容 |
日 |
|
|---|---|---|---|
| 1.0 | 公開された情報 | 2025/07/19 | |
| 2.0 | 影響を受けるSharePoint製品の概要を明確化 | 2025/07/20 | |
| 修正の可用性に関するガイダンスを追加 | |||
| 追加の保護措置に関するガイダンスを提供: SharePoint製品をサポートされるバージョンにアップグレード(必要に応じて) 2025年7月のセキュリティ更新プログラムをインストール マシンキーのローテーション |
|||
| Microsoft Defender の検出および保護のセクションを更新 | |||
| 追加の MDE アラートを文書化 | |||
| Microsoft Defender 脆弱性管理による露出のマッピング | |||
| CVE-2025-53771 を文書化 | |||
| 3.0 | SharePoint 2019 セキュリティ更新プログラムを公開、CVE へのリンクおよび公開済みのセキュリティ更新プログラムを追加 | ||
| 4.0 | セキュリティ更新プログラムへのリンクを修正、保護に関するガイダンスを明確化 | 2025/07/21 | |
| 5.0 | SharePoint 2016 セキュリティ更新プログラムを公開し、SharePoint 言語パックへのリンクを追加し、顧客ガイドラインを更新しました | 2025/07/21 | |
| 6.0 | Threat Intel ブログへのリンクを追加しました | 2025/07/22 | |
| 7.0 | Defender の検出を追加し、明確化または文法エラーの修正を行いました | 2025/07/23 |
■パッチ提供状況
| 日 |
内容 |
|---|---|
| 2025/07/20 | SharePoint 2019 セキュリティ更新プログラムを公開 |
| 2025/07/21 | SharePoint 2016 セキュリティ更新プログラムを公開 |
【ニュース】
■2025年
◇2025年7月
◆Microsoft SharePoint zero-day exploited in RCE attacks, no patch available (BleepingComputer, 2025/07/20 11:40)
[マイクロソフトのSharePointのゼロデイ脆弱性がリモートコード実行(RCE)攻撃に悪用され、パッチは未公開です]
https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
⇒ https://malware-log.hatenablog.com/entry/2025/07/20/000000
◆Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks (BleepingComputer, 2025/07/21 12:41)
[マイクロソフトは、攻撃で悪用されたSharePointのRCE脆弱性に対処するため、緊急のパッチをリリースしました]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-patches-for-sharepoint-rce-flaws-exploited-in-attacks/
⇒ https://malware-log.hatenablog.com/entry/2025/07/21/000000
◆Microsoft links Sharepoint ToolShell attacks to Chinese hackers (BleepingComputer, 2025/07/22 07:26)
[Microsoft、Sharepoint ToolShell 攻撃を中国のハッカーと関連付け]
https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-toolshell-attacks-linked-to-chinese-hackers/
⇒ https://malware-log.hatenablog.com/entry/2025/07/22/000000
◆What to know about a vulnerability being exploited on Microsoft SharePoint servers (AP, 2025/07/22 09:29)
[Microsoft SharePoint サーバーで悪用されている脆弱性について知っておくべきこと]
https://apnews.com/article/microsoft-sharepoint-zero-point-vulnerability-65ebcae88267e1aa375013adaa283765
https://www.asahi.com/ajw/articles/15919775
⇒ https://malware-log.hatenablog.com/entry/2025/07/22/000000_3
◆US nuclear weapons agency hacked in Microsoft SharePoint attacks (BleepingComputer, 2025/07/23 11:14)
[米国核兵器機関、Microsoft SharePoint 攻撃でハッキング被害]
https://www.bleepingcomputer.com/news/security/us-nuclear-weapons-agency-hacked-in-microsoft-sharepoint-attacks/
⇒ https://malware-log.hatenablog.com/entry/2025/07/23/000000
◆SharePointのゼロデイ脆弱性をLinen TyphoonとViolet Typhoonという2つの中国国家レベルのハッカー集団が悪用しているのをMicrosoftが確認 (Gigazine, 2025/07/23 21:00)
https://gigazine.net/news/20250723-sharepoint-vulnerabilities/
⇒ https://malware-log.hatenablog.com/entry/2025/07/23/000000_2
◆中国複数グループが「ToolShell」攻撃を展開 - 攻撃拡大に懸念 (Security NEXT, 2025/07/24)
https://www.security-next.com/172675
⇒ https://malware-log.hatenablog.com/entry/2025/07/24/000000_2
◆What we know about the Microsoft SharePoint attacks (CyberSecurity DIVE, 2025/07/24)
[Microsoft SharePoint 攻撃について現在把握している情報]
https://www.cybersecuritydive.com/news/what-we-know-microsoft-sharepoint-attacks/753961/
⇒ https://malware-log.hatenablog.com/entry/2025/07/24/000000_5
◆米当局、悪用脆弱性に6件追加 - SharePoint関連はランサムも悪用 (Security NEXT, 2025/07/25)
https://www.security-next.com/172744
⇒ https://malware-log.hatenablog.com/entry/2025/07/25/000000_2
◆Microsoft investigates SharePoint exploit leak tied to Chinese hackers (Cryptopolitan, 2025/07/26 12:59)
[Microsoft、中国のハッカーと関連のある SharePoint の脆弱性の漏洩を調査]
https://www.cryptopolitan.com/ja/microsoft-investigates-sharepoint-exploit/
⇒ https://malware-log.hatenablog.com/entry/2025/07/26/000000
◆SharePoint の脆弱性を悪用した攻撃を確認、セキュリティ更新プログラムの適用を呼びかけ (ScanNetSecurity, 2025/07/30 08:00)
マイクロソフトは7月21日、SharePoint の脆弱性(CVE-2025-53770)について発表した。
https://scan.netsecurity.ne.jp/article/2025/07/30/53321.html
⇒ https://malware-log.hatenablog.com/entry/2025/07/30/000000_2
◇2025年8月
◆Palo Alto Networks、SharePointの脆弱性悪用に関連するランサムウェアの脅威を調査中 (TokyoBlackHatNews, 2025/08/02)
https://blackhatnews.tokyo/archives/4374
⇒ https://malware-log.hatenablog.com/entry/2025/08/02/000000
◆Hackers exploit Microsoft flaw to breach Canada ’s House of Commons (SecurityAffairs, 2025/08/15)
[ハッカーが Microsoft の脆弱性を悪用してカナダ下院を侵害]
https://securityaffairs.com/181155/hacking/hackers-exploit-microsoft-flaw-to-breach-canada-s-house-of-commons.html
⇒ https://incidents.hatenablog.com/entry/2025/08/15/000000 [TT Incident Log]
【ブログ】
◆Understand the SharePoint RCE: Exploitations, Detections, and Mitigations (Akamai, 2025/07/22)
[SharePointのRCE(リモートコード実行)を理解する:攻撃手法、検出方法、および対策]
https://www.akamai.com/blog/security-research/sharepoint-vulnerability-rce-active-exploitation-detections-mitigations
⇒ https://malware-log.hatenablog.com/entry/2025/07/22/000000_4
◆SharePointの脆弱性「CVE-2025-53770」、「CVE-2025-53771」を悪用した攻撃を確認 (Trendmicro, 2025/07/22)
https://www.trendmicro.com/ja_jp/research/25/g/cve-2025-53770-and-cve-2025-53771-sharepoint-attacks.html
⇒ https://malware-log.hatenablog.com/entry/2025/07/22/000000_5
◆Disrupting active exploitation of on-premises SharePoint vulnerabilities (Microsoft, 2025/07/22)
[オンプレミスのSharePointの脆弱性の悪用を阻止する]
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
⇒ https://malware-log.hatenablog.com/entry/2025/07/22/000000_6
◆Microsoft SharePointの脆弱性を積極的に悪用する攻撃活動 (7月31日更新) (UNIT42(Paloalto), 2025/07/31)
https://unit42.paloaltonetworks.com/ja/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770/
⇒ https://malware-log.hatenablog.com/entry/2025/07/31/000000_4
【Exploit Code】
◆CVE-2025-53770-Exploit (soltanali0)
https://github.com/soltanali0/CVE-2025-53770-Exploit
⇒ https://malware-log.hatenablog.com/entry/2025/07/25/000000_4
【検索】
google: SharePoint
google: ToolShell
google: CVE-2025-53770
google: CVE-2025-53771
google:news: SharePoint
google:news: ToolShell
google:news: CVE-2025-53770
google:news: CVE-2025-53771
google: site:virustotal.com SharePoint
google: site:virustotal.com ToolShell
google: site:virustotal.com CVE-2025-53770
google: site:virustotal.com CVE-2025-53771
google: site:github.com SharePoint
google: site:github.com ToolShell
google: site:github.com CVE-2025-53770
google: site:github.com CVE-2025-53771
■Bing
https://www.bing.com/search?q=SharePoint
https://www.bing.com/search?q=ToolShell
https://www.bing.com/search?q=CVE-2025-53770
https://www.bing.com/search?q=CVE-2025-53771
https://www.bing.com/news/search?q=SharePoint
https://www.bing.com/news/search?q=ToolShell
https://www.bing.com/news/search?q=CVE-2025-53770
https://www.bing.com/news/search?q=CVE-2025-53771
https://twitter.com/search?q=%23SharePoint
https://twitter.com/search?q=%23ToolShell
https://twitter.com/search?q=%23CVE-2025-53770
https://twitter.com/search?q=%23CVE-2025-53771
https://twitter.com/hashtag/SharePoint
https://twitter.com/hashtag/ToolShell
https://twitter.com/hashtag/CVE-2025-53770
https://twitter.com/hashtag/CVE-2025-53771
【関連まとめ記事】
