SharePoint 2019/SharePoint 2016 Vulnerability – CVE-2025-53770

If you are using the Microsoft Identity Manager 2016 (MIM) Portal, this is important:

A critical vulnerability (CVE-2025-53770) affecting SharePoint 2016 and 2019 is being actively exploited. Microsoft has published official guidance here.

All Oxford Computer Group’s support contract customers were contacted and patched within days of this issue coming to light.

If your implementation is not under our support contract, here are the required steps (based on your SharePoint version):

1. Install the SharePoint July 2025 update
   • SP2019 Update
   • SP2016 Update
2. Install the security update for CVE-2025-53770
   • SP2019
   • SP2016
3. Configure AMSI (Antimalware Scan Interface) integration in SharePoint.
   Note: If AMSI is not supported in your version of SharePoint, you must apply the patches and proceed with step 5.
4. Enable Microsoft Defender for Endpoint integration
   Note: This requires a paid subscription in your Azure tenant. If this is not available, ensure patches are applied and continue with step 5.
5. Rotate the ASP.NET machine keys for your SharePoint web application
   • This step must be done after installing the patches
   • Run an IIS reset on all SharePoint servers after the machine key update
   • The web application for the MIM Portal is usually named ‘MIM Portal’ – confirm this in SharePoint Central Admin
   • Use this PowerShell command (run as a Farm Admin account, e.g a ‘MIM Installer’ account): Update-SPMachineKey -WebApplication “MIM Portal

Need Help?

• Contact us to find out how you can benefit from our fixed-price, all-you-can-eat MIM support contract
• Contact us if you need assistance implementing the vulnerability patch