CISA Orders SharePoint Hardening for 3 Exploited Flaws, Giving Agencies 3 Days on New CVE
Updated
Updated · Computerworld · Jul 16
CISA Orders SharePoint Hardening for 3 Exploited Flaws, Giving Agencies 3 Days on New CVE
3 articles · Updated · Computerworld · Jul 16
Summary
Three SharePoint vulnerabilities now in CISA’s KEV catalog are being actively exploited, prompting the agency to tell organizations to patch immediately, hunt for compromise, and secure internet-facing servers.
CVE-2026-56164 — newly added and scored just 5.3 CVSS — can still be exploited remotely without authentication, underscoring CISA’s warning that severity ratings may understate real-world risk.
Microsoft has issued updates for supported SharePoint versions and urged admins to enable AMSI, while CISA said responders should review incident guidance and rotate SharePoint machine keys because patching may not remove persistence.
CVE-2026-45659 and CVE-2026-32201 remain active entry points, reinforcing CISA’s view that attackers are increasingly exploiting older N-day flaws, not just zero-days.
Three days is the remediation deadline CISA set for federal civilian agencies on CVE-2026-56164, as security experts argue segmentation and limited network reachability must complement patch speed.