Summary
CISA warns of active exploitation of three SharePoint Server vulnerabilities (CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164) used by threat actors to deploy malware and steal IIS machine keys. The agency also reports two additional critical flaws (CVE-2026-55040 and CVE-2026-58644) that pose a high risk for remote code execution and authentication bypass.
Take Action:
If you run on-premise SharePoint Server (2016, 2019, or Subscription Edition), apply the latest Microsoft security updates immediately. Three of these flaws are being actively exploited to deploy ransomware. Then check your servers for signs of breach before rotating your IIS machine keys, and block direct internet access to SharePoint (especially the Central Administration interface) by placing it behind a reverse proxy.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)