Daily Archives: July 21, 2025

Microsoft warns on-prem SharePoint users of a zero-day, won’t patch it though

Posted on by

Microsoft has warned users of SharePoint Server that three on-prem versions of the product include a zero-day flaw that is under attack – and that its own failure to completely fix past problems is the cause.

In a July 19 security note, the software giant admitted it is “… aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.”

The attack targets CVE-2025-53770, a flaw rated 9.8/10 on the CVSS scale as it means “Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.”

The US Cybersecurity and Infrastructure Security Agency (CISA) advises CVE-2025-53770 is a variant of CVE-2025-49706, a 6.3-rated flaw that Microsoft tried to fix in its most recent patch Tuesday update.

The flaw is present in SharePoint Enterprise Server 2016. SharePoint Server 2019, and SharePoint Server Subscription Edition. At the time of writing, Microsoft has issued a patch for only the latter product.

That patch addresses a different vulnerability – the 6.3-rated path traversal flaw CVE-2025-53771 which mitigates that flaw and the more dangerous CVE-2025-53770. While admins wait for more patches, Microsoft advised them to ensure the Windows Antimalware Scan Interface (AMSI) is enabled and configured correctly, alongside an appropriate antivirus tool. Redmond also wants users to watch for suspicious IIS worker processes, and rotate SharePoint Server ASP.NET machine keys.

CISA has also issued its own warning. “Conduct scanning for IPs 107.191.58[.]76, 104.238.159[.]149, and 96.9.125[.]147, particularly between July 18-19, 2025,” it said. “Monitor for POSTs to /_layouts/15/ToolPane.aspx?DisplayMode=Edit.”

Source: Microsoft warns on-prem SharePoint users of a zero-day • The Register

As site blocks pile up, European Commission issues subtle slapdown to Italy’s Piracy Shield

Posted on by

As numerous Walled Culture posts attest, site blocking is in the vanguard of the actions by copyright companies against sites engaged in the unauthorised sharing of material. Over the past few months, this approach has become even more pervasive, and even more intrusive. For example, in France, the Internet infrastructure company Cloudflare was forced to geoblock more than 400 sports streaming domain names. More worryingly, leading VPN providers were ordered to block similar sites. This represents another attack on basic Internet infrastructure, something this blog has been warning about for years.

In Spain, LaLiga, the country’s top professional football league, has not only continued to block sites, it has even ignored attempts by the Vercel cloud computing service to prevent overblocking, whereby many other unrelated sites are knocked out too. As TorrentFreak reported:

the company [Vercel] set up an inbox which gave LaLiga direct access to its Site Reliability Engineering incident management system. This effectively meant that high priority requests could be processed swiftly, in line with LaLiga’s demands while avoiding collateral damage.

Despite Vercel’s attempts to give LaLiga the blocks it wanted without harming other users, the football league ignored the new management system, and continued to demand excessively wide blocks. As Walled Culture has noted, this is not some minor, fringe issue: overblocking could have serious social consequences. That’s something Cloudflare’s CEO underlined in the context of LaLiga’s actions. According to TorrentFreak, he warned:

It’s only a matter of time before a Spanish citizen can’t access a life-saving emergency resource because the rights holder in a football match refuses to send a limited request to block one resource versus a broad request to block a whole swath of the Internet.

In India, courts are granting even more powerful site blocks at the request of copyright companies. For example, the High Court in New Delhi has granted a new type of blocking order significantly called a “superlative injunction”. The same court has issued orders to five domain registrars to block a number of sites, and to do so globally – not just in India. In America, meanwhile, there are renewed efforts to bring in site blocking laws, amidst fears that these too could lead to harmful overblocking.

The pioneer of this kind of excessive site blocking is Italy, with its Piracy Shield system. As Walled Culture wrote recently, there are already moves to expand Piracy Shield that will make it worse in a number of ways. The overreach of Piracy Shield has prompted the Computer & Communications Industry Association (CCIA) to write to the European Commission, urging the latter to assess the legality of the Piracy Shield under EU law. And that, finally, is what the European Commission is beginning to do.

A couple of weeks ago, the Commission sent a letter to Antonio Tajani, Italy’s Minister of Foreign Affairs and International Cooperation. In it, the European Commission offered some comments on Italy’s notification of changes in its copyright law. These changes include “amendments in the Anti-Piracy Law that entrusted Agcom [the Italian Authority for Communications Guarantees] to implement the automated platform later called the “Piracy Shield”.” In the letter, the European Commission offers its thoughts on whether Piracy Shield complies with the Digital Services Act (DSA), one of the key pieces of legislation that regulates the online world in the EU. The Commission wrote:

The DSA does not provide a legal basis for the issuing of orders by national administrative or judicial authorities, nor does it regulate the enforcement of such orders. Any such orders, and their means of enforcement, are to be issued on the basis of the applicable Union law or national law in compliance with Union law

In other words, the Italian government cannot just vaguely invoke the DSA to justify Piracy Shield’s extended powers. The letter goes on:

The Commission would also like to emphasise that the effective tackling of illegal content must also take into due account the fundamental right to freedom of expression and information under the Charter of Fundamental Rights of the EU. As stated in Recital 39 of the DSA “[I]n that regard, the national judicial or administrative authority, which might be a law enforcement authority, issuing the order should balance the objective that the order seeks to achieve, in accordance with the legal basis enabling its issuance, with the rights and legitimate interests of all third parties that may be affected by the order, in particular their fundamental rights under the Charter”.

This is a crucial point in the context of overblocking. Shutting down access to thousands, sometimes millions of unrelated sites as the result of a poorly-targeted injunction, clearly fails to take into account “the rights and legitimate interests of all third parties that may be affected by the order”. The European Commission also has a withering comment on Piracy Shield’s limited redress mechanism for those blocked in error:

the notified draft envisages the possibility for the addressee of the order to lodge a complaint (“reclamo”) within 5 days from the notification of the order, while the order itself would have immediate effect. The Authority must then decide on these complaints within 10 days as laid down in Article 8-bis(4), 9-bis(7) and Article 10(9) of the notified draft. The Commission notes that there do not seem to be other measures available to the addressee of the order to help prevent eventual erroneous or excessive blocking of content. Furthermore, as also explained in the Reply, the technical specifications of the Piracy Shield envisage unblocking procedures limited to 24 hours from reporting in the event of an error. This limitation to 24 hours does not seem, in principle, to respond to any justified need and could lead to persisting erroneous blockings not being resolved.

The letter concludes by inviting “the Italian authorities to take into account the above comments in the final text of the notified draft and its implementation.” That “invitation” is, of course, a polite way of ordering the Italian government to fix the problems with Piracy Shield that the letter has just run through. They may be couched in diplomatic language, but the European Commission’s “comments” are in fact a serious slapdown to a bad law that seems not to be compliant with the DSA in several crucial respects. It will be interesting to see how the Italian authorities respond to this subtle but public reprimand.

Source: As site blocks pile up, European Commission issues subtle slapdown to Italy’s Piracy Shield – Walled Culture

Nobel Prize-Winning Physicist Is Stripped of Dutch Citizenship due to stupid xenophobic Dutch rules

Posted on by
In 2010, he and his colleague Konstantin Novoselov — who were by then working in England — won the Nobel Prize in Physics for their experiments creating graphene, the world’s thinnest and strongest material.
His list of honors goes on and on, and Mr. Geim has the unique distinction of having been awarded both a Nobel and an Ig Nobel, a satirical honor for strange scientific achievements (in his case, levitating a frog) that seem laughable but prompt thought.
Dutch authorities were happy to claim him as Dutch. The Netherlands knighted him for his contributions to science, an honor that is officially described as “rare, being given for example to Dutch Nobel Prize laureates.” He was made a corresponding member of the Royal Netherlands Academy of Arts and Sciences.
“My bronze bust is somewhere in Den Haag to show off,” he said, referring to The Hague.
Mr. Geim moved to Britain in 2001 to work at the University of Manchester, where he remains today. His trouble began after he was offered a British knighthood, though he would not discover it until more than a dozen years later.
 
A non-Briton can receive a British knighthood, but only a British citizen is entitled to use the accompanying title, Sir or Dame. So he obtained citizenship.
“I took it to get the U.K. knighthood and to be called officially ‘Sir Andre,’ prestigious in the U.K.,” he said. “I took it only to receive the British knighthood.”
But by adopting British citizenship, he ran afoul of rules in the Netherlands, which seeks to limit dual nationalities. Voluntarily acquiring another citizenship can set off an automatic loss of Dutch citizenship.
The Dutch citizenship rules are not new, and there is a movement to loosen them. Within the European Union, multiple citizenship is fairly common, but people can also move freely from one country to another, living and working in a new home without needing a new legal status. Britain officially left the union in 2020.
In retrospect, Mr. Geim says, he might have made a different choice. “I would probably decline this knighthood if I knew the consequences for my Dutch nationality, but that was before Brexit and no one informed me about the consequences at that time.”
 
Though he says he got no practical benefit from his Dutch nationality, and did not expect to do so in the future, Mr. Geim has long seen himself as European above all else.
In an essay he wrote when he received the Nobel Prize, the physicist described growing up in Russia and experiencing discrimination in his education because of his family’s German roots, concluding that, after moving to the West in 1990, his life and work improved.
“I consider myself European and do not believe that any further taxonomy is necessary,” he wrote.
His loss is far from being the most severe at a time when migrants face increasing pressure around the world, risking — and sometimes losing — their lives to reach new shores and borders, or having rights like birthright citizenship in the United States challenged.
But his struggle with the Dutch authorities does hint at the complications immigrants face everywhere in contending with conflicting and opaque requirements, politics and unforeseeable consequences. And his difficulties show that no one is exempt from bureaucracy.
Mr. Geim — Sir Andre — says he has “spent thousands” in legal fees trying to convince Dutch authorities to let him keep his citizenship, including by citing an exception to the rule if it is in “the interest of the Dutch state,” to no avail.
Nobel or not, he said, “I was kicked out of the country as a useless thing.”

Source: Nobel Prize-Winning Physicist Is Stripped of Dutch Citizenship – The New York Times

There is a Dutch minority opinion buy the anti-islamist Geert Wilders which has become some sort of unassailable mantra that multiple citizenship is some sort of traitorous thing and the Netherlands has been tightening the rules more and more.

Edit: There are two laws going through the system, one since 2016 (!) and the other from 2023, aiming to allow multiple nationalities without having to give up the Dutch one:

Wetsvoorstel : Initiatiefvoorstel van Rijkswet-Paternotte en Mutluer opzegging hoofdstuk I Verdrag beperking van gevallen van meervoudige nationaliteit en militaire verplichtingen

and

34 632 (R2080) Voorstel van Rijkswet van de leden Sjoerdsma en Kuiken tot wijziging van de Rijkswet op het Nederlanderschap teneinde het nationaliteitsrecht te moderniseren, alsmede tot de in verband daarmee houdende goedkeuring van het voornemen tot opzegging van hoofdstuk I van het op 6 mei 1963 te Straatsburg tot stand gekomen Verdrag betreffende beperking van gevallen van meervoudige nationaliteit en betreffende militaire verplichtingen in geval van meervoudige nationaliteit (Trb. 1964, 4) en daarmee van het daarbij behorende Tweede Protocol (Trb. 1994, 265)

Let’s hope they can get through and end the ridiculousness.

NB Andre Geim is also the Winner of an Ig Nobel Prize