Ethical Hacking News
Over 1,300 unpatched Microsoft SharePoint servers remain exposed online due to a recently discovered spoofing vulnerability that was patched by Microsoft as part of its April 2026 Patch Tuesday update. This leaves many organizations with a significant cybersecurity risk, highlighting the importance of regular software updates and proactive security measures to prevent similar incidents in the future.
Microsoft has warned that over 1,300 SharePoint servers remain exposed online due to a spoofing vulnerability (CVE-2026-32201). Only fewer than 200 systems have been patched since the release of the security updates last week. The vulnerability can allow threat actors to perform network spoofing without privileges, posing risks to confidentiality, integrity, and availability of sensitive information. The incident highlights the importance of regular software updates and proactive cybersecurity measures for organizations using Microsoft SharePoint.
Microsoft has recently warned that over 1,300 of its SharePoint servers remain exposed online due to a spoofing vulnerability. The security flaw, tracked as CVE-2026-32201, affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition (the latest on-premises version). This vulnerability was patched by Microsoft as part of the April 2026 Patch Tuesday, but many unpatched servers are still waiting to be secured.
According to internet security watchdog group Shadowserver, fewer than 200 systems have been patched since the release of CVE-2026-32201 security updates last week. The same day Microsoft released patches for this vulnerability, CISA added it to its Known Exploited Vulnerabilities (KEV) Catalog. The U.S. cybersecurity agency also ordered Federal Civilian Executive Branch (FCEB) agencies to patch SharePoint servers within two weeks, by April 28.
The impact of this vulnerability is significant as it can allow threat actors without privileges to perform network spoofing by taking advantage of an improper input validation weakness in low-complexity attacks that don't require user interaction. This could potentially lead to a breach in confidentiality, integrity, and availability of sensitive information on the affected servers.
The vulnerability was flagged as a zero-day by Microsoft when it patched this security issue, indicating that it was not known to be exploited before its release. However, since then, it has been found to have been exploited in ongoing attacks. While Microsoft explained how this vulnerability can be exploited and the potential impact on the affected servers, it has yet to disclose how it was initially used or linked this malicious activity to a specific threat actor or hacking group.
This incident highlights the importance of regular software updates and security patches for organizations that use Microsoft SharePoint. The fact that many unpatched servers remain exposed online due to this vulnerability underscores the need for proactive cybersecurity measures to prevent similar incidents in the future.
The U.S. government has also taken steps to address this vulnerability, with CISA urging Federal Civilian Executive Branch (FCEB) agencies to patch their SharePoint servers as soon as possible. The agency warned that failure to do so could pose significant risks to the federal enterprise and its security.
As a result of this incident, organizations using Microsoft SharePoint must prioritize the installation of patches for CVE-2026-32201 to prevent exploitation by threat actors. Failure to do so may leave their servers vulnerable to spoofing attacks and other types of cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Over-1300-Microsoft-SharePoint-Servers-Remain-Vulnerable-to-Spoofing-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/over-1-300-microsoft-sharepoint-servers-vulnerable-to-ongoing-attacks/
https://cybersecuritynews.com/sharepoint-server-0-day-vulnerability/
https://nvd.nist.gov/vuln/detail/CVE-2026-32201
https://www.cvedetails.com/cve/CVE-2026-32201/
Published: Wed Apr 22 02:18:41 2026 by llama3.2 3B Q4_K_M
