Security · 2h ago
CISA Adds Microsoft SharePoint RCE Bug to Known Exploited Vulnerabilities List
CISA has added a Microsoft SharePoint remote code execution vulnerability to its Known Exploited Vulnerabilities catalog. The flaw, which Microsoft previously downplayed as 'less likely' to be exploited, allows attackers with a valid SharePoint account to execute code on vulnerable on-premises servers. Organizations are urged to patch immediately.
Meridian48 take
Microsoft's downplaying of the risk underscores a recurring pattern where vendors minimize threats until government action forces their hand.
Read the full reporting
Microsoft said exploitation was 'less likely' ... but CISA just added SharePoint RCE to KEV list →
The Register
microsoft-sharepointcisa-kev