CISA KEV: Microsoft SharePoint Server CVE-2026-56164 Update Checklist

CISA added Microsoft SharePoint Server CVE-2026-56164 to KEV. Identify affected servers, follow Microsoft update guidance, and verify recovery and normal service health.
Microsoft June 2026 Patch Tuesday checklist for Windows Update, WSUS, Intune, server reboots, and post-patch verification

Update priority: CISA added CVE-2026-56164, a Microsoft SharePoint Server issue, to its Known Exploited Vulnerabilities Catalog on July 14, 2026. Treat this as an urgent defensive maintenance item: identify the SharePoint Server owner, follow Microsoft’s current update guidance, and document the completed change.

What changed

CISA lists CVE-2026-56164 as affecting Microsoft SharePoint Server and directs agencies to the Microsoft Security Update Guide. The CISA due date is July 17, 2026 for federal civilian executive branch agencies. That deadline does not create a private-sector legal requirement, but it is a strong signal for every organization that operates SharePoint Server to prioritize an approved update window.

Who should act

Assign this to the team that owns each SharePoint Server workload, its Windows maintenance process, its identity dependencies, and its recovery plan. If your organization uses an outside administrator or managed service, ask for a written status: affected or not affected, update plan, validation owner, and completion time.

Use a protected change process

  1. Confirm the asset owner and compare the installed SharePoint Server release with the current Microsoft advisory.
  2. Record the approved maintenance window, business owner, recovery owner, and communication contact before changing production services.
  3. Verify that a current backup is restorable and that the team can reach the normal recovery documentation if the change needs to be rolled back.
  4. Apply the Microsoft-provided remediation through the organization’s approved Windows and SharePoint maintenance process.
  5. After the maintenance window, confirm normal authenticated use, scheduled work, integrations, and service health with the people who own those workflows.
  6. Review the organization’s normal SharePoint, Windows, and identity monitoring for unexpected access or service errors, then record the update result in the change ticket.

Keep the response defensive

Do not postpone a supported update just to search for public technical details. Do not weaken authentication, network protections, monitoring, or backup safeguards while maintenance is underway. If the vendor’s current guidance cannot be applied on a required server, escalate the business risk and choose a documented compensating-control plan with the system owner.

What to tell users and customers

Use a short, accurate notice: SharePoint maintenance is being prioritized because of a publicly reported security issue; the team has an approved change and verification plan; and affected users will receive a maintenance-window notice if their work could be interrupted. Do not state that an incident occurred unless the organization has confirmed one.

Keep the next review easy

Retain the final update status, the recovery confirmation, the validation notes, and the owner for any remaining exception. For broader security maintenance guidance, visit the FixItPhill Security hub.

Official sources

Picture of admin

admin

Leave a Reply

Sign up for our Newsletter

Get the latest information on what is going on in the I.T. World.