AI Security AI安全 8d ago Updated 8d ago 更新于 8天前 49

CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability CISA警告微软SharePoint漏洞正被主动利用

CISA has added CVE-2026-45659, a high-severity deserialization vulnerability in Microsoft SharePoint Server, to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. The flaw allows authenticated attackers with minimal "Site Member" permissions to execute arbitrary code, carrying a CVSS score of 8.8 and requiring immediate patching. Affected versions include SharePoint Server Subscription Edition, 2019, 2016, and Enterprise Server 2016, with Microsoft releasing an out-of- CISA将微软SharePoint Server中的CVE-2026-45659漏洞列入已知被利用漏洞目录,要求联邦机构在三天内修补。 该漏洞为反序列化不受信任数据错误,CVSS评分8.8,允许具备最低“站点成员”权限的认证攻击者执行任意代码。 受影响版本包括SharePoint Server订阅版、2019、2016及企业版2016,微软已于5月下旬通过带外更新发布补丁。 微软警告该漏洞易于利用,攻击者无需深入系统知识即可实现可重复的成功载荷注入。

75
Hot 热度
65
Quality 质量
70
Impact 影响力

Analysis 深度分析

TL;DR

  • CISA has added CVE-2026-45659, a high-severity deserialization vulnerability in Microsoft SharePoint Server, to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation.
  • The flaw allows authenticated attackers with minimal "Site Member" permissions to execute arbitrary code, carrying a CVSS score of 8.8 and requiring immediate patching.
  • Affected versions include SharePoint Server Subscription Edition, 2019, 2016, and Enterprise Server 2016, with Microsoft releasing an out-of-band patch in late May.
  • Federal agencies are mandated to patch within three days under BOD 26-04, while all organizations are urged to apply updates immediately given SharePoint's critical role in enterprise infrastructure.

Why It Matters

This incident highlights the persistent risk of deserialization flaws in widely used enterprise collaboration platforms, emphasizing that even low-privilege authenticated users can trigger severe remote code execution. For AI and IT practitioners, it underscores the necessity of rigorous access control reviews and rapid patch management cycles, especially when vulnerabilities are actively exploited in the wild before widespread awareness.

Technical Details

  • Vulnerability Type: Deserialization of untrusted data, allowing authenticated attackers to execute arbitrary code on vulnerable SharePoint servers.
  • CVSS Score: 8.8 (High Severity).
  • Affected Systems: SharePoint Server Subscription Edition, SharePoint Server 2019, SharePoint Server 2016, and SharePoint Enterprise Server 2016.
  • Exploit Conditions: Requires authentication with a minimum of "Site Member" permissions; no elevated privileges needed. Microsoft notes the exploit is repeatable and does not require significant prior knowledge of the system.
  • Mitigation: Microsoft released an out-of-band security update in late May; CISA mandates patching within three days for federal agencies.

Industry Insight

  • Prioritize Low-Privilege Vectors: Attackers are increasingly targeting vulnerabilities that require only basic permissions, forcing organizations to audit and restrict "Site Member" level access more strictly.
  • Accelerate Patch Cadence: The rapid addition to the KEV catalog and the short three-day mandate for federal agencies signal that reactive patching is insufficient; automated deployment pipelines for critical security updates are essential.
  • Monitor Collaboration Platforms: As SharePoint serves as a backbone for document sharing and intranets, it remains a high-value target; continuous monitoring for anomalous activity in these environments is crucial for early detection of exploitation attempts.

TL;DR

  • CISA将微软SharePoint Server中的CVE-2026-45659漏洞列入已知被利用漏洞目录,要求联邦机构在三天内修补。
  • 该漏洞为反序列化不受信任数据错误,CVSS评分8.8,允许具备最低“站点成员”权限的认证攻击者执行任意代码。
  • 受影响版本包括SharePoint Server订阅版、2019、2016及企业版2016,微软已于5月下旬通过带外更新发布补丁。
  • 微软警告该漏洞易于利用,攻击者无需深入系统知识即可实现可重复的成功载荷注入。

为什么值得看

对于依赖SharePoint进行文档协作和企业内网运营的组织而言,此事件强调了即使低权限账户也可能成为高危攻击入口,需立即审查访问控制策略。同时,CISA的紧急修补指令反映了当前针对企业基础设施关键组件的零日或近零日漏洞利用趋势,提醒安全团队必须建立快速响应机制。

技术解析

  • 漏洞类型与原理:CVE-2026-45659属于反序列化不受信任数据缺陷,导致认证用户可在服务器上执行任意代码。
  • 权限门槛极低:攻击者仅需拥有“Site Member”(站点成员)权限即可触发,无需管理员或其他提升的特权,显著扩大了潜在攻击面。
  • 易利用性:微软指出该漏洞具有高度可重复性,攻击者无需复杂的系统内部知识即可构造有效载荷,降低了攻击技术门槛。
  • 影响范围:涵盖SharePoint Server Subscription Edition、2019、2016以及Enterprise Server 2016等多个主流及遗留版本。

行业启示

  • 最小权限原则的重要性:企业应重新评估SharePoint等协作平台的权限分配,确保“站点成员”等基础角色不具备可能触发后端逻辑漏洞的能力。
  • 应急响应速度是关键:鉴于CISA仅给予三天修补窗口,组织需优化补丁管理流程,确保在漏洞公开且被标记为“已知被利用”后能迅速完成部署。
  • 持续监控未授权访问:由于漏洞利用门槛低,安全团队应加强对SharePoint服务器异常登录和低权限账户可疑行为的实时监控与审计。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Security 安全