Microsoft Sharepoint security crisis: Faulty patches, Toolshell zero-days
Three Buddy Problem - Episode 55: We dig into Microsoft's latest security nightmare: a SharePoint zero-day exploit chain from Pwn2Own Berlin becomes a full-blown security crisis, with Chinese nation-state actors exploiting vulnerabilities that Microsoft struggled to patch properly, leading to trivial bypasses and a cascade of new CVEs. The timeline is messy, the patches are faulty, and ransomware groups are lining up to join the party. We also revisit the ProPublica bombshell about Microsoft's "digital escorts" and U.S. government data exposure to Chinese adversaries and the company's "oops, we will stop" response. Plus, trusting Google's Big Sleep AI claims and a cautionary tale about AI agents gone rogue that wiped out a production database. Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
Audio is streamed directly from the publisher (aphid.fireside.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Three Buddy Problem - Episode 55: A SharePoint zero-day exploit chain from Pwn2Own Berlin becomes a full-blown security crisis with Chinese nation-state actors exploiting vulnerabilities that Microsoft struggled to patch properly, leading to trivial bypasses and a cascade of new CVEs. The timeline is messy, the patches are faulty, and ransomware groups are lining up to join the party.
We also revisit the ProPublica bombshell about Microsoft's "digital escorts" and U.S. government data exposure to Chinese adversaries and the company's "oops, we will stop" response. Plus, trusting Google's Big Sleep AI claims and a cautionary tale about AI agents gone rogue that wiped out a production database.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
Links:
- Transcript (unedited, AI-generated)
- Three Buddy Problem LIVE at Black Hat
- TBP at Countermeasures 2025
- CODE WHITE GmbH ToolShell exploit
- Microsoft guidance for SharePoint vulnerability CVE-2025-53770
- Kaspersky on ToolShell: A story of five Sharepoint vulns
- Ryan's EkoParty keynote on Microsoft culture
- Microsoft Disrupting active exploitation of on-prem SharePoint flaws
- SentinelLabs on Sharepoint zero-day in-the-wild
- ESET on ToolShell: An all-you-can-eat buffet for threat actors
- Microsoft Stops Using China-Based Engineers for DoD Computer Systems
- AI coding platform goes rogue during code freeze and deletes entire company database
- Jason Lemkin: Replit goes rogue
- John Hultquist on Big Dream AI
- LABScon 2025