Updated
Updated · scworld.com · Jul 15
CISA Flags 3 SharePoint Bugs Under Active Exploitation, Including a 9.8-Severity Flaw
Updated
Updated · scworld.com · Jul 15

CISA Flags 3 SharePoint Bugs Under Active Exploitation, Including a 9.8-Severity Flaw

3 articles · Updated · scworld.com · Jul 15

Summary

  • Three Microsoft SharePoint Server vulnerabilities are now on CISA’s known exploited vulnerabilities list, with one flaw exploited since April and the newest added on July 14.
  • Attackers are targeting IIS machine keys and using deserialization to keep access, deploy malware and potentially forge authentication even after a patch is applied.
  • CISA gave federal agencies until July 17 to fix the latest bug—CVE-2026-56164, rated 9.8 by NIST—prompting security experts to call the issue an incident-response priority rather than routine patching.
  • Security researchers said patching alone may not be enough because stolen machine keys can preserve attacker access; they urged key rotation, credential reviews, least-privilege controls and network segmentation.
  • Because SharePoint often holds HR, financial, legal and engineering records and connects closely to Active Directory, a breach can speed reconnaissance and lateral movement across an organization.

Insights

Your SharePoint server is now unsupported. Are hackers exploiting a permanent, unpatchable backdoor into your network?
Hackers are stealing server keys. Why is patching your system not enough to truly lock them out?
With AI discovering more flaws, is the era of secure on-premise software finally coming to an end?