The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Microsoft SharePoint Server and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog, highlighting the growing threat landscape in cybersecurity. Organizations are urged to prioritize testing and applying patches quickly to minimize risk of exploitation.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added Microsoft SharePoint Server and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the ever-evolving threat landscape in the world of cybersecurity.
According to the latest update from CISA, the addition of these two new vulnerabilities underscores the importance of maintaining a proactive approach towards identifying and addressing potential security risks. The inclusion of Microsoft SharePoint Server and Office Excel flaws in the KEV catalog serves as a reminder that no organization is immune to the threat of exploitation by cyber attackers.
The first vulnerability added, tracked as CVE-2009-0238, affects multiple versions of Microsoft Excel and related viewers. This vulnerability is triggered when a user opens a specially crafted Excel file that causes the application to access an invalid object in memory. As a result, memory corruption occurs, allowing a remote attacker to execute arbitrary code on the affected system with the privileges of the user.
Furthermore, the second flaw added to the catalog, tracked as CVE-2026-32201, is a critical SharePoint zero-day actively exploited in attacks in the wild. This vulnerability, which has a CVSS score of 6.5, is likely related to cross-site scripting (XSS) and could allow attackers to view or modify exposed information.
The impact of these vulnerabilities cannot be overstated, particularly for organizations with internet-facing SharePoint servers. As such, it is essential that they prioritize testing and applying the patch quickly to minimize the risk of exploitation.
Experts also recommend that private organizations review the CISA catalog and address the vulnerabilities in their infrastructure. By taking proactive measures to identify and remediate these threats, organizations can significantly reduce their exposure to cyber attacks.
CISA has ordered federal agencies to fix the vulnerabilities by April 28, 2026, emphasizing the need for swift action to protect against potential exploitation. This move underscores the importance of staying vigilant and proactive in addressing emerging cybersecurity concerns.
In light of these developments, it is essential for organizations to remain informed about the latest security threats and vulnerabilities. By doing so, they can take necessary steps to protect their networks and systems from potential attacks.
As the threat landscape continues to evolve, it is crucial that organizations prioritize cybersecurity awareness and invest in robust security measures to mitigate the impact of emerging threats like those highlighted in the CISA catalog.
The addition of Microsoft SharePoint Server and Office Excel flaws to the KEV catalog serves as a timely reminder of the ever-present risk of cyber attacks. As such, it is essential that organizations remain vigilant and proactive in addressing these emerging threats to ensure the security and integrity of their networks and systems.