CISA has issued a warning that flaws in Microsoft SharePoint are being actively exploited in the wild, urging administrators to patch immediately. The advisory, reported by BleepingComputer, doesn't leave room for a wait-and-see posture -- "actively exploited" is CISA's language for confirmed real-world attacks, not theoretical risk.
SharePoint sits at the center of how mid-size and large organizations store and move internal documents, which is exactly why it keeps showing up on the Known Exploited Vulnerabilities catalog. On-prem SharePoint servers are often internet-facing, rarely patched on a fast cadence because taking them down disrupts document workflows, and loaded with exactly the kind of sensitive files -- contracts, HR records, financial data -- that make them worth an attacker's time. This is the same pattern that played out with Exchange and other collaboration platforms: a widely deployed, business-critical server that's hard to patch quickly becomes a durable target long after the initial disclosure, because plenty of instances simply never get updated.
The SAL read: if you're running on-prem SharePoint, patching this is not IT's backlog item -- it's this week's task, because "actively exploited" means someone is already scanning for exactly your version.