Close Menu

    Subscribe to Updates

    Get the latest Tech news from SynapseFlow

    What's Hot

    Unpatched Cursor Vulnerability Exposes Users to Code Execution

    July 15, 2026

    How NASA’s Artemis III Lander Test Will Pave Way for Moon Landings

    July 15, 2026

    Gigabyte Aorus Master 16 Gen 2 review: full-power RTX 5090 performance in a slim 16-inch chassis

    July 15, 2026
    Facebook X (Twitter) Instagram
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    Facebook X (Twitter) Instagram YouTube
    synapseflow.co.uksynapseflow.co.uk
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    synapseflow.co.uksynapseflow.co.uk
    Home»Cybersecurity»CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilities
    CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilities
    Cybersecurity

    CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilities

    The Tech GuyBy The Tech GuyJuly 15, 2026No Comments2 Mins Read0 Views
    Share
    Facebook Twitter LinkedIn Pinterest Email
    Advertisement


    The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday urged immediate hardening of Microsoft SharePoint servers in light of recently disclosed zero-day vulnerabilities.

    Advertisement

    The freshest of the exploited flaws is CVE-2026-56164, a privilege escalation issue that can be exploited remotely without authentication, and which was resolved with Microsoft’s July 2026 Patch Tuesday updates.

    On Tuesday, CISA added the CVE to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch it within three days, in line with BOD 26-04 recommendations.

    Microsoft’s latest round of security updates also resolved CVE-2026-55040 and CVE-2026-58644, critical-severity SharePoint bugs that could be exploited remotely to bypass a security feature and to execute arbitrary code.

    Although not flagged as exploited, these vulnerabilities pose a risk to organizations if they are not patched in due time, CISA warns.

    The cybersecurity agency also draws attention to CVE-2026-32201, a spoofing issue in SharePoint patched in April after being exploited in attacks as a zero-day.

    Advertisement. Scroll to continue reading.

    Another exploited SharePoint flaw is CVE-2026-45659, a code execution issue patched in May via an out-of-band security update, which was added to CISA’s KEV list in early July.

    “These vulnerabilities affect all supported on-premises SharePoint Server versions (Subscription Edition, 2019, and 2016) and involve establishing remote code execution (RCE) and post-exploitation activities, such as stealing Internet Information Services (IIS) machine keys and performing deserialization techniques, to gain persistence and deploy malware,” CISA warns.

    The agency recommends that organizations monitor their SharePoint servers to identify any signs of unusual activity, which could point to active exploitation.

    In addition to applying Microsoft’s patches, organizations are advised to ensure that their security products cover all SharePoint web applications, hunt for intrusions, rotate IIS machine keys, enable tailored logging, ensure that SharePoint servers are not directly exposed to the internet, and restrict access to the administration interfaces.

    Related: White House Launches AI-Driven ‘Gold Eagle’ Vulnerability Coordination Initiative

    Related: CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws

    Related: SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits

    Related: US, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure Routers

    Advertisement
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    The Tech Guy
    • Website

    Related Posts

    Unpatched Cursor Vulnerability Exposes Users to Code Execution

    July 15, 2026

    Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates

    July 15, 2026

    Synopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims

    July 15, 2026

    Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days

    July 14, 2026

    7 Severe Vulnerabilities Patched in VMware Avi Load Balancer

    July 14, 2026

    Pentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity Rules

    July 14, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    You don’t need a NAS to self-host — I proved it with hardware from my closet

    June 7, 2026282 Views

    Spotify is giving one of its best playlists a big visual upgrade to give subscribers ‘a closer connection’ to its New Music Friday curators — and I think it could be the update it’s always needed

    June 12, 2026171 Views

    The iPad Air brand makes no sense – it needs a rethink

    October 12, 202516 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Advertisement
    About Us
    About Us

    SynapseFlow brings you the latest updates in Technology, AI, and Gadgets from innovations and reviews to future trends. Stay smart, stay updated with the tech world every day!

    Our Picks

    Unpatched Cursor Vulnerability Exposes Users to Code Execution

    July 15, 2026

    How NASA’s Artemis III Lander Test Will Pave Way for Moon Landings

    July 15, 2026

    Gigabyte Aorus Master 16 Gen 2 review: full-power RTX 5090 performance in a slim 16-inch chassis

    July 15, 2026
    categories
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    Facebook X (Twitter) Instagram Pinterest YouTube Dribbble
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    © 2026 SynapseFlow All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.