Ethical Hacking News
A critical Microsoft SharePoint flaw has been discovered and is currently being exploited by threat actors worldwide. This latest security breach highlights the importance of keeping enterprise software up-to-date and patched, as well as prioritizing continuous monitoring and vigilance in maintaining the security posture of enterprise networks.
A critical vulnerability in Microsoft's SharePoint platform has been discovered and is currently being exploited by threat actors worldwide. The vulnerability affects multiple versions of SharePoint, including those that are no longer receiving security updates. An unauthenticated attacker could write arbitrary code to inject and execute remote code on the SharePoint server, allowing for remote code execution in low-complexity attacks. Microsoft patched this vulnerability as part of its January 2026 Patch Tuesday, but it has not yet been officially marked as exploited in the wild. CISA has added this security flaw to its catalog of actively exploited vulnerabilities and ordered affected agencies to secure their servers by Saturday, March 21. Organizations must prioritize their SharePoint platform's patching and update process, implement additional security measures, and maintain continuous monitoring to prevent unauthorized access and minimize the risk of data breaches.
Critical Microsoft SharePoint flaw now exploited in attacks
By Sergiu Gatlan
March 19, 2026 06:06 AM
A critical vulnerability in Microsoft's popular SharePoint platform has been discovered and is currently being exploited by threat actors worldwide. This latest security breach is a stark reminder of the importance of keeping enterprise software up-to-date and patched, as the consequences of failure can be severe.
The vulnerability, tracked as CVE-2026-20963, affects multiple versions of SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. Moreover, SharePoint Server 2007, SharePoint Server 2010, and SharePoint Server 2013 are also vulnerable to attacks, but due to being end-of-support, they no longer receive security updates.
In a network-based attack, an unauthenticated attacker could write arbitrary code to inject and execute remote code on the SharePoint server. This vulnerability allows threat actors without privileges to achieve remote code execution on unpatched servers in low-complexity attacks that exploit a deserialization of untrusted data weakness.
Microsoft patched this vulnerability as part of its January 2026 Patch Tuesday, but it has yet to be officially marked as exploited in the wild. However, the Cybersecurity and Infrastructure Security Agency (CISA) has added this security flaw to its catalog of actively exploited vulnerabilities and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their servers by Saturday, March 21.
These FCEB agencies include non-military U.S. executive branch organizations such as the Department of Homeland Security, the Department of Energy, the Department of Justice, and the Department of State. CISA did not provide further information on these ongoing CVE-2026-20963 attacks and has yet to find any evidence that it's being exploited in ransomware attacks.
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. As such, CISA strongly urged all network defenders to patch their devices against exploitation of CVE-2025-40551 as soon as possible.
"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," CISA warned. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."
In light of this latest security breach, it is essential for organizations to prioritize their SharePoint platform's patching and update process, ensuring that all necessary updates are applied promptly. Additionally, organizations should consider implementing additional security measures such as network segmentation, intrusion detection systems, and regular vulnerability scans to prevent unauthorized access and minimize the risk of data breaches.
Furthermore, this incident highlights the importance of continuous monitoring and vigilance in maintaining the security posture of enterprise networks. Organizations must stay informed about emerging vulnerabilities and update their threat intelligence regularly to ensure that they can respond quickly and effectively to any potential threats.
As cybersecurity concerns continue to evolve, it is crucial for organizations to prioritize their security posture and invest in robust security measures to protect themselves against such attacks. By doing so, they can minimize the risk of data breaches, reputational damage, and financial losses associated with falling victim to cyberattacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Critical-Microsoft-SharePoint-Flaw-A-Global-Threat-to-Enterprise-Security-ehn.shtml
https://www.bleepingcomputer.com/news/microsoft/critical-microsoft-sharepoint-flaw-now-exploited-in-attacks/
https://cybersecuritynews.com/microsoft-sharepoint-vulnerability-exploited/
https://nvd.nist.gov/vuln/detail/CVE-2025-40551
https://www.cvedetails.com/cve/CVE-2025-40551/
Published: Thu Mar 19 07:50:36 2026 by llama3.2 3B Q4_K_M
