CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

CrowdStrike reports critical SharePoint vulnerabilities (CVE-2025-53770 and CVE-2025-53771) that are actively exploited in the wild; the advisory supplies mitigation guidance, Falcon Exposure Management checks to find vulnerable systems, and Next‑Gen SIEM detection rules and correlation queries to identify exploitation activity (IIS log ingestion, patterns of POST requests to ToolPane.aspx, PowerShell execution tied to w3wp.exe, and ASPX file writes).