The critical ToolShell zero-day vulnerability (CVE-2025-53770) allows unauthenticated attackers to gain full access to SharePoint on-premises servers and execute arbitrary code remotely. Since July 7th, dozens of organizations across government, telecommunications, and software sectors have been compromised.

How Check Point Customers Are Protected

Check Point customers are safeguarded through multiple layers of defense:

• Our Intrusion Prevention System, embedded in Quantum gateways, has added protections against this attack since it was first reported by Microsoft last week. These protections are automatically downloaded to Quantum Gateways, protecting our customers

• Check Point's SASE platform with Private Access enforces strict access policies to SharePoint with multi-factor authentication, device posture checks, and granular controls that prevent unauthorized access even if vulnerabilities exist

• Infinity Global Services with Managed Microsoft 365 provides 24/7 monitoring and real-time threat detection that ensures your SharePoint environment remains secure against advanced threats like ToolShell

Still concerned about your SharePoint security or want to learn more about how Check Point can protect your organization? Contact one of Check Point's security consultants to discuss your specific requirements and implement comprehensive protection.