Microsoft said exploitation was 'less likely' ... but CISA just added SharePoint RCE to KEV list

https://image.theregister.com/248405.jpg?imageId=248405&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

Attackers need little more than a valid SharePoint account to execute code on vulnerable on-prem servers

Microsoft's prediction that attackers probably wouldn't rush to exploit a newly-patched SharePoint bug hasn't aged especially well.

CISA has added CVE-2026-45659, a remote code execution flaw in on-premises Microsoft SharePoint Server, to its Known Exploited Vulnerabilities (KEV) catalog after confirming that crimes are now actively exploiting it in the wild.

The bug stems from an insecure deserialization issue and affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016, all of which received patches from Microsoft in May.

Unlike some of SharePoint's more infamous bugs, this one isn't pre-authentication, though attackers need surprisingly little to pull it off. According to Microsoft, anyone with valid credentials and nothing more than Site Member permissions can execute arbitrary code remotely on a vulnerable server.

"Any authenticated attacker could trigger this vulnerability. It does...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more

https://assets.bwbx.io/images/users/iqjWHBFdfxIU/i1vO02o3oZNY/v1/1200x791.jpg

Kling AI, the Kuaishou AI video generator spin-off, raised $2B at a $15B pre-money valuation and says the round could extend to as much as $3B

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.