U.S. CISA Adds Microsoft SharePoint Server, and Microsoft Office Excel Flaws to Its Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency’s KEV catalog serves as a real‑time watchlist of vulnerabilities that have been observed in active attacks. By publishing new entries, CISA provides a clear signal to defenders about which flaws demand immediate attention, helping organizations prioritize remediation resources amid a crowded threat landscape. The recent inclusion of two Microsoft weaknesses underscores the agency’s focus on software that underpins daily business operations, from spreadsheet analysis to collaborative portals.

CVE‑2009‑0238 targets Microsoft Excel and related viewers, exploiting a memory‑corruption bug that enables remote code execution with a CVSS rating of 9.3. Although the vulnerability surfaced over a decade ago, its exploitation by the Trojan.Mdropper.AC malware demonstrated that legacy flaws can resurface in sophisticated campaigns. Enterprises that still run older Office versions or rely on legacy file parsers remain exposed, making the KEV listing a reminder to retire outdated components or apply Microsoft’s long‑standing patches.

The SharePoint Server issue, CVE‑2026‑32201, is a newer XSS‑type vulnerability with a CVSS score of 6.5. Its classification as a zero‑day indicates that attackers are already leveraging it to spoof content and potentially exfiltrate or alter data on internet‑facing SharePoint sites. With the federal deadline of April 28 2026, organizations must fast‑track testing and deployment of Microsoft’s corrective update. The broader lesson is clear: continuous vulnerability scanning, rapid patch adoption, and alignment with CISA’s directives are essential to mitigate the escalating risk of known‑exploited flaws.