In this week’s episode, I’m joined as usual by Paul Robichaux – plus my co-host Bastiaan Verdonk and our special guest, Microsoft MVP, Tom Arbuthnot. We’re diving into two critical areas: the recent wave of exploits targeting on-premises SharePoint servers and the challenge of keeping up with the pace of changes within Microsoft 365.
The SharePoint On-Prem Crisis: Exploits and Exposure
The past few weeks have been dominated by serious security concerns for organizations still running on-premises SharePoint. We’re seeing widespread, active exploitation of vulnerabilities like those in the “ToolShell” exploit chain, including CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771.56 These flaws are particularly concerning as they allow for unauthenticated remote code execution (RCE), meaning attackers can gain a foothold without needing credentials.
On the show, we discussed that these vulnerabilities can lead to lateral movement within an environment once a machine key is compromised, emphasizing the need to rotate these keys as part of remediation. The scale of the issue is significant, with reports of over 50, and potentially over 400, organizations already compromised, including governmental bodies.
Key points of note:
- On-premises SharePoint servers are under active exploitation due to multiple vulnerabilities (ToolShell chain).
- These vulnerabilities allow for unauthenticated remote code execution (RCE).
- Compromised servers can be a gateway for lateral movement and ransomware deployment.
- Immediate patching is critical for all supported on-premises SharePoint versions.
- Organizations need to ensure they have visibility into all their SharePoint deployments.
- Updates are available for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint 2016.
- Microsoft has confirmed that these vulnerabilities apply to on-premises SharePoint Servers only – Microsoft 365/SharePoint online is not affected.
- If your organization still runs SharePoint on-premises, then it’s likely this won’t be the last vulnerability, and planning a migration to SharePoint online should be high on your priority list.
Navigating the Microsoft 365 Message Center Deluge
The second major topic of the episode centered on the overwhelming task of managing the constant stream of updates and announcements from Microsoft 365. Long-time Microsoft MVP, Tom Arbuthnot, founder of Empowering.Cloud, shared his experience running their ChangePilot service. This service leverages Azure OpenAI to summarize Microsoft 365 Message Center notifications, which are then reviewed by MVPs to assess their impact.
Tom highlighted that the volume of messages has increased by approximately 27% year-over-year, with many messages being informational but a significant portion requiring actual action (“plan for change” or “prevent or fix”). The challenge for many organizations is the lack of a structured process to triage, prioritize, and communicate these changes effectively.
On the show, Tom recommends the following:
- A structured process for triaging, prioritizing, and communicating changes is vital.
- Utilizing AI for summarization and expert review can help manage the influx of information.
- Impact assessments (admin and user) are crucial for effective communication and action.
- The interconnectedness of M365 services means a holistic approach to change management is necessary.
Join us in two weeks for our next episode of the Practical 365 Podcast, where we’ll continue to explore the vital topics shaping the Microsoft 365 landscape.
