Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    CISA warns admins to patch actively exploited SharePoint flaws

    July 15, 2026

    ​ ​AsyncAPI npm packages infected with credential-stealing malware

    July 15, 2026

    We built a vulnerability vending machine: AI tokens in, zero-days out

    July 15, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»CISA warns admins to patch actively exploited SharePoint flaws
    News

    CISA warns admins to patch actively exploited SharePoint flaws

    adminBy adminJuly 15, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    CISA

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that attackers are actively exploiting three vulnerabilities to hack Internet-exposed on-premises SharePoint Server instances.

    These security flaws (tracked as CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164) affect all supported self-hosted SharePoint Server versions, including SharePoint Server Subscription Edition (the latest on-premises version, which uses a “continuous update” model).

    As detailed in a Tuesday advisory, attackers are exploiting these vulnerabilities to bypass authentication, gain remote code execution, and carry out post-exploitation activity, including stealing Internet Information Services machine keys and gaining persistence to deploy malware on compromised systems.

    image

    The U.S. cybersecurity agency also flagged two more SharePoint Server vulnerabilities (CVE-2026-55040 and CVE-2026-58644), which Microsoft patched on Tuesday and tagged as attractive targets for attackers, although they are not yet known to have been exploited in the wild.

    Internet security watchdog group Shadowserver currently tracks nearly 10,000 Internet-exposed Microsoft SharePoint servers, with over 800 of them unpatched against the CVE-2026-32201 and CVE-2026-45659 vulnerabilities.

    However, there are no details on how many of them are vulnerable to CVE-2026-56164 attacks or are honeypots.

    SharePoint Server instances exposed online
    SharePoint Server instances exposed online (Shadowserver)

    CISA urged security teams to closely monitor affected servers for signs of exploitation and recommended applying Microsoft’s latest patches, verifying successful installation, shortening patching cycles, as well as enabling Windows Antimalware Scan Interface (AMSI integration for SharePoint web applications and using Microsoft Defender Antivirus (MDAV) detections to detect and remediate compromise.

    Additional hardening measures include hunting for and remediating intrusion artifacts before rotating IIS machine keys, establishing tailored logging to monitor for anomalous activity, avoiding direct internet exposure of SharePoint servers unless necessary, and reviewing Microsoft’s official SharePoint Server security-hardening guidance.

    It is also advisable to block external access to SharePoint Central Administration and restrict farm and database communication to the required systems. Where exposure is required, CISA also recommends placing servers behind a Layer 7 reverse proxy or similar application-layer security control.

    ​CISA added the three actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog on April 14 (CVE-2026-32201), July 1 (CVE-2026-45659), and July 14 (CVE-2026-56164).

    Federal agencies have until July 17 to secure SharePoint servers affected by CVE-2026-56164 under Binding Operational Directive (BOD) 26-04 or discontinue them if mitigations cannot be applied.

    In total, since November 2021, CISA has flagged 11 Microsoft SharePoint vulnerabilities that have been exploited in attacks, with 7 also exploited in ransomware attacks.


    article image

    Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

    The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

    Get the whitepaper



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous Article​ ​AsyncAPI npm packages infected with credential-stealing malware
    admin
    • Website

    Related Posts

    News

    ​ ​AsyncAPI npm packages infected with credential-stealing malware

    July 15, 2026
    News

    We built a vulnerability vending machine: AI tokens in, zero-days out

    July 15, 2026
    News

    Infosec News Nuggets — July 15, 2026 – AboutDFIR

    July 15, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Our Picks

    CISA warns admins to patch actively exploited SharePoint flaws

    July 15, 2026

    ​ ​AsyncAPI npm packages infected with credential-stealing malware

    July 15, 2026

    We built a vulnerability vending machine: AI tokens in, zero-days out

    July 15, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.