CISA urged immediate hardening of Microsoft SharePoint servers after multiple zero-day vulnerabilities were disclosed and several were confirmed as exploited in attacks. The agency warned that affected on-premises SharePoint versions face remote code execution, privilege escalation, and post-exploitation activity, including theft of IIS machine keys and malware deployment. #CVE-2026-56164 #CVE-2026-32201 #CVE-2026-45659 #CVE-2026-55040 #CVE-2026-58644 #Microsoft #SharePoint #CISA
Keypoints
- CISA urged immediate patching of vulnerable Microsoft SharePoint servers.
- CVE-2026-56164 is a remotely exploitable privilege escalation flaw added to the KEV catalog.
- Microsoft also patched CVE-2026-55040 and CVE-2026-58644 in its July 2026 updates.
- CISA highlighted previously exploited flaws, including CVE-2026-32201 and CVE-2026-45659.
- Organizations should monitor for intrusions, rotate IIS machine keys, and restrict internet exposure.
Read More: https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-sharepoint-vulnerabilities/