Updated
Updated · Computerworld · Jul 16
CISA Orders SharePoint Hardening for 3 Exploited Flaws, Giving Agencies 3 Days on New CVE
Updated
Updated · Computerworld · Jul 16

CISA Orders SharePoint Hardening for 3 Exploited Flaws, Giving Agencies 3 Days on New CVE

3 articles · Updated · Computerworld · Jul 16

Summary

  • Three SharePoint vulnerabilities now in CISA’s KEV catalog are being actively exploited, prompting the agency to tell organizations to patch immediately, hunt for compromise, and secure internet-facing servers.
  • CVE-2026-56164 — newly added and scored just 5.3 CVSS — can still be exploited remotely without authentication, underscoring CISA’s warning that severity ratings may understate real-world risk.
  • Microsoft has issued updates for supported SharePoint versions and urged admins to enable AMSI, while CISA said responders should review incident guidance and rotate SharePoint machine keys because patching may not remove persistence.
  • CVE-2026-45659 and CVE-2026-32201 remain active entry points, reinforcing CISA’s view that attackers are increasingly exploiting older N-day flaws, not just zero-days.
  • Three days is the remediation deadline CISA set for federal civilian agencies on CVE-2026-56164, as security experts argue segmentation and limited network reachability must complement patch speed.

Insights

Your SharePoint server is now unsupported. Are hackers exploiting a permanent, unpatchable backdoor into your network?
Hackers are stealing server keys. Why is patching your system not enough to truly lock them out?
With AI discovering more flaws, is the era of secure on-premise software finally coming to an end?