Vulnerabilities - ScreenConnect Servers and SharePoint Flaw Exploited
Basically, hackers are using weaknesses in software to break into systems and steal information.
Recent vulnerabilities in ScreenConnect and Microsoft SharePoint are under active exploitation. Organizations using these platforms must patch them immediately to avoid serious breaches. Stay informed and secure your systems now!
The Flaw
Last week, cybersecurity experts reported two significant vulnerabilities that are currently being exploited by attackers. The first is a remote code execution (RCE) flaw in Microsoft SharePoint, identified as CVE-2026-20963. This vulnerability allows attackers to execute arbitrary code on affected systems, posing a severe risk to organizations using SharePoint. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, highlighting its active exploitation in the wild.
The second vulnerability, CVE-2026-3564, affects the ScreenConnect remote access platform. This flaw allows attackers to hijack sessions by abusing ASP.NET machine keys to forge trusted authentication. ScreenConnect is widely used by managed service providers and IT departments, making this vulnerability particularly concerning as it could lead to unauthorized access to sensitive systems.
What's at Risk
Organizations using Microsoft SharePoint are at high risk due to the RCE vulnerability. If exploited, attackers can gain control over the SharePoint server, potentially leading to data breaches or further infiltration into the organization’s network. The implications of such access can be devastating, including loss of sensitive data, disruption of services, and significant financial repercussions.
Similarly, the ScreenConnect vulnerability exposes users to session hijacking, which can compromise remote support operations. This could allow attackers to manipulate systems, access confidential information, or deploy malware, making it crucial for organizations to address this vulnerability promptly.
Patch Status
Microsoft has already released a patch for the SharePoint vulnerability in January 2026, but many organizations may not have applied it yet. CISA's warning serves as a critical reminder for users to ensure that their systems are updated to protect against this active exploitation. On the other hand, ConnectWise has issued a patch for the ScreenConnect vulnerability, and users must implement this fix immediately to safeguard their remote access sessions.
Immediate Actions
Organizations should take the following steps to mitigate the risks associated with these vulnerabilities:
- Update Software: Ensure that all systems running Microsoft SharePoint and ScreenConnect are updated with the latest patches.
- Monitor for Exploitation: Keep an eye on network traffic and logs for any signs of exploitation or unauthorized access attempts.
- Educate Staff: Train employees about the risks associated with these vulnerabilities and the importance of reporting suspicious activities.
- Implement Security Best Practices: Adopt security measures such as multi-factor authentication and least privilege access to minimize potential impacts.
By taking these actions, organizations can significantly reduce their risk exposure and better protect their systems from malicious actors.
Help Net Security