Credentials Authentication Cryptography Microsoft

Microsoft SharePoint Hack. The Curse of Static Credentials.

qwerx

As the news has widely reported, Microsoft SharePoint cloud users are being subject to a zero-day hack (reported as CVE-2025-53770). This breach clearly demonstrates that static cryptographic keys create a single point of failure for affected systems.

Attackers exploited unauthenticated access via a vulnerable SharePoint endpoint, then extracted the keys from the server.
With the stolen static keys the attackers are able to forge authentication tokens, sign malicious payloads and impersonate legitimate network elements, bypassing normal authentication.
As long as they possess the stolen keys, the attackers can repeatedly gain access to the network, giving them the time advantage.

QWERX eliminates this risk by completely doing away with static credentials.

Ephemeral credentials are created in the moment, used once, and remain valid for a very brief period. The keys disappear after each authentication cycle. Time is now the ally of the defender.
The credentials are not stored or exchanged, meaning there is nothing for an attacker to steal.
QWERX technology uses chaotic randomness, making the composition of each ephemeral key unpredictable and non-repeatable.

For affected organizations, the most Microsoft can offer at this juncture is to apply emergency patches, enabling anti-malware scanning, manually rotating machine keys, and even unplugging affected servers from the network.

Related Articles

Ephemeral Rotation Is Key to Success: A Look at Ephemeral vs. Static Digital Credentials

Disappearing Keys Can't Be Stolen: the Case for Ephemeral Credentials

Copyright © 2025 QWERX, Inc. All rights reserved.