Microsoft has confirmed that two zero‑day flaws (CVE‑2025‑53770; CVE‑2025‑53771) in on‑premises SharePoint servers are actively being attacked. Early reports from Reuters, SecurityWeek, The Register, and The Record identify approximately 80 known compromises, with details emerging rapidly. Microsoft issued urgent customer guidance with suggestions for IT and security teams. (This impacts only on-premises servers. SharePoint Online is not impacted.)

Legal teams: this is an important time to coordinate with your IT and security counterparts. If your organization uses on-prem SharePoint, legal can help evaluate exposure, establish privileged communications, support preserving evidence, and identify legal notice obligations. Even if your organization isn't using on-prem SharePoint, other third parties like your vendors may be. Similarly, critical attacks in the past have resulted in cascading impacts, including litigation against downstream organizations breached because they were using the impacted software. Consider proactively reviewing your organization's contracts and vendor due diligence now. Godfrey & Kahn's Data Privacy, Cybersecurity & Technology team is also ready to help.