Code Defence Cyber security

CISA includes actively exploited Microsoft SharePoint Server deserialization bug CVE-2026-45659 in KEV catalog

A critical data parsing and validation flaw inside an enterprise document aggregation and collaboration platform has been formally indexed into the federal directory of active threats. The vulnerability allows network reachable threat actors with low privilege parameters to transmit specialized request packages to trigger untrusted deserialization blocks, running arbitrary background commands on the host system.

The security vulnerability, tracked as CVE-2026-45659, carries an initial high severity rating and impacts multiple core branches of Microsoft SharePoint Server, including Enterprise Server 2016, Server 2019, and Subscription Edition. The defect involves a structural processing omission within internal data handling components. Because the platform fails to securely vet incoming serialized streams, an authenticated user containing baseline Site Member rights can submit malformed parameters over network links to trigger code execution loops without requiring administrative authorization tokens. Real world telemetry links the active compromise campaigns to the Storm-2603 ransomware group, who are utilizing the access line to distribute encryption malware.

Subverting an internal document processing core creates severe hazards across corporate directory structures. Because collaboration nodes maintain permanent integration channels into centralized directory configurations and internal asset maps, an unauthorized takeover lets threat clusters bypass logical boundaries, capture metadata collections, and locate high value assets while hiding actions behind regular employee sessions.

– Force immediate platform updates to deploy cumulative security patches provided by Microsoft across all SharePoint environments.

– Enforce rigid risk-based remediation schedules under Binding Operational Directive 26-04 to secure internet exposed processing nodes.

– Scan application logs for unverified file modifications or unexpected process terminations matching the deserialization footprint.

– Audit user profile histories to ensure no unauthorized local account additions or administrative role updates occurred during exposure.

Data framework protection relies on prompt patch application combined with continuous access monitoring to guarantee that internal collaboration platforms are completely protected from unauthenticated script manipulation. #CodeDefence #Microsoft #SharePoint #Deserialization #RCE #CISA #KEV
/

Scroll to Top