:::
目前位置:主選單>最新消息>最新消息

【資安漏洞預警】Microsoft 旗下SharePoint Server 存在2個重大資安漏洞
[Security Vulnerability Warning] There are 2 major security vulnerabilities in Microsoft's SharePoint Server

公告類型: 行政公告
點閱次數: 60
轉發 台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202507-00000014

[內容說明]
Microsoft SharePoint Server 是一款企業級協作平台,提供文件管理與團隊協作等功能,是企業資訊整合的核心平台。

【CVE-2025-49704,CVSS:8.8】 此為程式碼注入漏洞,允許經過授權的攻擊者遠端執行任意程式碼。

【CVE-2025-53770,CVSS:9.8】 此為不受信任資料之反序列化漏洞,允許未經授權的攻擊者執行任意程式碼。

此外,據目前情資,發現Microsoft SharePoint 的 CVE-2025-49704、CVE-2025-49706 及CVE-2025-53770 已遭駭客利用,請儘速完成更新作業,並檢視是否有遭異常存取情況。

[影響平台]
● Microsoft SharePoint Enterprise Server 2016
● Microsoft SharePoint Server 2019  
● Microsoft SharePoint Server Subscription Edition

[建議措施]
根據官方網站釋出解決方式進行修補:
【CVE-2025-49704】 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704

【CVE-2025-53770】 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770

[參考資料]
https://www.twcert.org.tw/tw/cp-169-10277-e0fc0-1.html
Forwarded by Taiwan Computer Network Crisis Management and Coordination Center TWCERTCC-200-202507-00000014

[Content Description]
Microsoft SharePoint Server is an enterprise-level collaboration platform that provides document management and team collaboration functions. It is the core platform for enterprise information integration.

【CVE-2025-49704, CVSS: 8.8】 This is a code injection vulnerability that allows an authorized attacker to remotely execute arbitrary code.

【CVE-2025-53770, CVSS: 9.8】 This is an untrusted data deserialization vulnerability that allows unauthorized attackers to execute arbitrary code.

In addition, according to current information, it is found that Microsoft SharePoint's CVE-2025-49704, CVE-2025-49706 and CVE-2025-53770 have been exploited by hackers. Please complete the update as soon as possible and check whether there is any abnormal access.

[Affected Platforms]
● Microsoft SharePoint Enterprise Server 2016
● Microsoft SharePoint Server 2019
● Microsoft SharePoint Server Subscription Edition

[Recommended Measures]
Patch according to the solution released on the official website:
[CVE-2025-49704] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704

[CVE-2025-53770] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770

[References]
https://www.twcert.org.tw/tw/cp-169-10277-e0fc0-1.html
發布日期: 2025/07/22 至 2026/01/22
<<回上頁