You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
sharepoint server
About this tag
SharePoint Server is a recurring focus of enterprise security discussions on WindowsForum.com, particularly around on-premises installations. Recent threads highlight multiple spoofing and deserialization vulnerabilities disclosed by Microsoft, including CVE-2026-45659, CVE-2026-48562, CVE-2026-48560, CVE-2026-47640, CVE-2026-45462, CVE-2026-33113, CVE-2026-47641, and CVE-2026-47637. These CVEs underscore the importance of patch management for SharePoint Server 2016, 2019, and Subscription Edition. The community emphasizes that even medium-severity spoofing bugs require prompt remediation due to SharePoint's deep integration with identity, documents, workflows, and legacy intranet trust. Administrators are advised to prioritize updates and verify trust boundaries, as SharePoint remains a high-value target for attackers.
On July 1, 2026, CISA added CVE-2026-45659, a Microsoft SharePoint Server deserialization vulnerability with evidence of active exploitation, to its Known Exploited Vulnerabilities Catalog, putting federal agencies and private operators of exposed SharePoint systems on a faster remediation...
Microsoft disclosed CVE-2026-48562 on June 10, 2026, as a Microsoft SharePoint Server spoofing vulnerability caused by improper neutralization of input during web page generation, allowing an authorized attacker to perform spoofing over a network against affected on-premises SharePoint...
Microsoft disclosed CVE-2026-48560 on June 9, 2026, as a Microsoft SharePoint Server spoofing vulnerability addressed in June security updates for SharePoint Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition on on-premises Windows infrastructure. The important word...
Microsoft’s June 2026 security guidance identifies CVE-2026-47640 as a Microsoft SharePoint Server spoofing vulnerability, placing another on-premises collaboration flaw in the patch queue for administrators who still run SharePoint outside Microsoft 365. The important detail is not merely that...
Microsoft has published CVE-2026-45462 as a Microsoft SharePoint Server spoofing vulnerability in the Security Update Guide, framing the issue around confidence in the vulnerability’s existence and the credibility of its available technical details as of June 9, 2026. That phrasing matters...
Microsoft disclosed CVE-2026-33113 on June 9, 2026, as a Microsoft SharePoint Server spoofing vulnerability in its Security Update Guide, placing another on-premises collaboration-server flaw into the monthly patch cycle for administrators who still run SharePoint outside Microsoft 365. The...
Microsoft has listed CVE-2026-47641 as a Microsoft SharePoint Server spoofing vulnerability in its Security Update Guide on June 9, 2026, giving administrators another Patch Tuesday item to triage across on-premises SharePoint farms, especially environments still running SharePoint Server 2016...
Microsoft has listed CVE-2026-47637 as a Microsoft SharePoint Server spoofing vulnerability in its Security Update Guide, with the advisory source indicating that the issue concerns confidence in the vulnerability’s existence and the credibility of currently public technical details. That makes...
Microsoft disclosed CVE-2026-47636 on June 9, 2026, as a spoofing vulnerability in Microsoft SharePoint Server, placing the issue in the on-premises collaboration stack that many organizations still use for intranets, document workflows, and line-of-business portals rather than SharePoint...
Microsoft published CVE-2026-47298 on June 9, 2026, as a Microsoft SharePoint Server remote code execution vulnerability addressed through the June SharePoint security updates for Subscription Edition and SharePoint Server 2016. The most important word in that sentence is not remote or even...
Microsoft has published CVE-2026-45453 as a Microsoft SharePoint Server spoofing vulnerability in its Security Update Guide, giving administrators a new on-premises SharePoint item to evaluate during the June 2026 patch cycle rather than a cloud-service issue handled invisibly by Microsoft. The...
Microsoft disclosed CVE-2026-44821 on June 9, 2026, as an Important-rated Microsoft Office information disclosure vulnerability caused by an out-of-bounds read that can let an unauthorized local attacker expose small portions of heap memory after convincing a user to open a malicious Office...
Microsoft has listed CVE-2026-45479 as a Microsoft SharePoint Server spoofing vulnerability in the Security Update Guide as of June 2026, but the public record available at publication time appears to expose the label and affected product family more clearly than the underlying technical...
Microsoft published CVE-2026-40365 as a Microsoft SharePoint Server remote code execution vulnerability on May 12, 2026, with fixes delivered through SharePoint Server security updates including KB5002870 for SharePoint Server 2019. The important point is not that SharePoint has acquired yet...
Microsoft has listed CVE-2026-40357 as a Microsoft SharePoint Server remote code execution vulnerability in its Security Update Guide, and the key signal in the advisory is not merely the RCE label but Microsoft’s confirmation metric describing confidence in the flaw’s existence and technical...
Microsoft published CVE-2026-33112 on May 12, 2026, as a Microsoft SharePoint Server remote code execution vulnerability in its Security Update Guide, marking it as a confirmed server-side flaw for administrators to address in the May Patch Tuesday cycle. The dry wording matters because...
Microsoft disclosed CVE-2026-35439 on May 12, 2026, as an Important-rated Microsoft SharePoint Server remote code execution vulnerability caused by deserialization of untrusted data, affecting SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016...
CISA’s latest update to the Known Exploited Vulnerabilities Catalog is a reminder that age is no defense when attackers find a reliable path into widely deployed software. On April 14, 2026, the agency added CVE-2009-0238, a Microsoft Office remote code execution vulnerability, and...
Microsoft has assigned CVE-2026-20945 to a SharePoint Server spoofing vulnerability, and the public wording signals a familiar Microsoft pattern: the issue is considered real enough to publish in the Security Update Guide, but the company is keeping the technical root-cause detail intentionally...
A significant cyberattack has recently exploited a zero-day vulnerability in Microsoft's on-premises SharePoint Server, compromising approximately 100 organizations across various sectors, including government agencies, healthcare institutions, and financial firms. This breach underscores the...