CyberSecurity news
FlagThis
@www.microsoft.com
//
Microsoft is enhancing the security of its Exchange Server and SharePoint Server platforms by integrating the Windows Antimalware Scan Interface (AMSI). These servers, considered "crown jewels" for many organizations, have become frequent targets for cyberattacks. The AMSI integration provides a vital layer of defense by preventing malicious web requests from reaching backend endpoints, effectively stopping attacks before they can cause harm. Microsoft emphasizes that threat actors often exploit outdated or misconfigured assets and vulnerabilities, highlighting the importance of this proactive security measure.
The integration of AMSI with Exchange and SharePoint Servers enables them to work seamlessly with any AMSI-compatible antimalware product. This measure is designed to counter sophisticated attack vectors targeting on-premises infrastructure. The enhanced AMSI capabilities extend scanning to HTTP request bodies, allowing for a broader detection of malicious payloads. While these features are not enabled by default, Microsoft strongly recommends that organizations activate them to bolster defenses against remote code execution and post-authentication vulnerabilities.
Microsoft also addressed a zero-day vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824, with a security update released on April 8, 2025. This vulnerability allowed attackers with user access to escalate privileges and deploy ransomware. The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) discovered exploitation of this flaw against a limited number of targets, including organizations in the IT, real estate, and financial sectors. Microsoft urges organizations to prioritize security updates for elevation of privilege vulnerabilities to defend against ransomware attacks.
ImgSrc: www.microsoft.c
References :
The integration of AMSI with Exchange and SharePoint Servers enables them to work seamlessly with any AMSI-compatible antimalware product. This measure is designed to counter sophisticated attack vectors targeting on-premises infrastructure. The enhanced AMSI capabilities extend scanning to HTTP request bodies, allowing for a broader detection of malicious payloads. While these features are not enabled by default, Microsoft strongly recommends that organizations activate them to bolster defenses against remote code execution and post-authentication vulnerabilities.
Microsoft also addressed a zero-day vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824, with a security update released on April 8, 2025. This vulnerability allowed attackers with user access to escalate privileges and deploy ransomware. The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) discovered exploitation of this flaw against a limited number of targets, including organizations in the IT, real estate, and financial sectors. Microsoft urges organizations to prioritize security updates for elevation of privilege vulnerabilities to defend against ransomware attacks.
ImgSrc: www.microsoft.c
Share:
References :
- Security | TechRepublic: Microsoft warns CVE-2025-29824 lets attackers with user access escalate privileges to deploy ransomware via a flaw in Windows CLFS.
- Microsoft Security Blog: Exchange Server and SharePoint Server are business-critical assets and considered crown-jewels for many organizations, making them attractive targets for attacks.
- www.microsoft.com: Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI
- Microsoft Security Blog: Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets.
- gbhackers.com: Microsoft Boosts Exchange and SharePoint Security with Updated Antimalware Scan
Classification:
- HashTags: #Cybersecurity #Ransomware #AMSI
- Company: Microsoft
- Target: On-premises Exchange Server and SharePoint Server
- Product: Windows
- Feature: Security Enhancements
- Malware: CLFS Zero-Day Exploit
- Type: Vulnerability
- Severity: Major