Educatifu

Security Roundup: SharePoint RCE Under Active Attack, Azure CLI Password Spray

Cybersecurity1 min readBy Michael Carter, Senior Software Engineercybersecurityvulnerabilitiesmicrosoftcloudnews

Three items that deserve a place on this week's patch and review list.

Patch on-prem SharePoint now. CISA added CVE-2026-45659 (CVSS 8.8), a deserialisation flaw enabling remote code execution on SharePoint Server, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. Microsoft patched it in May 2026 โ€” and since any authenticated user with basic site permissions can trigger it, both patching and access review are urgent.

Azure CLI under password spray. Researchers warned of a massive automated password-spray campaign against Microsoft's Azure command-line interface, with at least 78 accounts compromised across more than 81 million attempts. MFA and conditional access on developer identities matter just as much as on end-user accounts.

AI dev tools as attack surface. The "DuneSlide" vulnerabilities enable zero-click prompt-injection attacks that escape the Cursor editor's sandbox and execute arbitrary code on the host โ€” while attackers are separately exploiting Citrix NetScaler appliances using public proof-of-concept code.

If your team runs on-prem SharePoint, NetScaler, or AI coding assistants, this is a good week for an emergency patch cycle and an access-policy review.

References

โ† Back to blog

Related articles