Microsoft SharePoint Server ↗

Microsoft

Track your version:Monitors Microsoft SharePoint Server and tailors your dashboard to that exact version.

16.0.19725.20384 · latest cycle5/100 Critical · exploited

On-premises SharePoint Server only. SharePoint Online (Microsoft 365) is a cloud service patched by Microsoft and is not covered here.

Summary iPlain-English security verdict for Microsoft SharePoint Server, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Microsoft SharePoint Server currently scores 5/100 — critical, with active exploitation. 15 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2025-53770. The latest supported release is 16.0.19725.20384. Upgrade immediately and review your exposure to the actively-exploited CVEs below. Note: this product is assessed at the product level on recent (365-day) activity rather than an exact per-version match, so it is never marked a confident "healthy".

Disclosure trend iNew CVEs published for Microsoft SharePoint Server each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19

'20

'21

'22

'23

'24

'25

'26

7 of its known vulnerabilities are linked to ransomware campaigns (CISA KEV).

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2025-53770 CRITICAL exploited ransomware Insecure deserialization EPSS 100% → fixed in 16.0.18526.20508 CVE-2019-0604 CRITICAL exploited ransomware Improper input validation EPSS 100% → see advisory CVE-2025-49704 HIGH exploited ransomware Code injection EPSS 100% → see advisory CVE-2025-49706 MEDIUM exploited ransomware Improper authentication EPSS 100% → fixed in 16.0.18526.20424 CVE-2023-29357 CRITICAL exploited ransomware CWE-303 EPSS 100% → see advisory CVE-2015-1641 HIGH exploited Out-of-bounds write EPSS 97% → see advisory CVE-2020-1147 HIGH exploited EPSS 96% → see advisory CVE-2023-24955 HIGH exploited ransomware Code injection EPSS 85% → see advisory CVE-2012-1889 HIGH exploited Out-of-bounds write EPSS 84% → see advisory CVE-2017-11826 HIGH exploited Memory corruption EPSS 82% → see advisory CVE-2014-1761 HIGH exploited Out-of-bounds write EPSS 78% → see advisory CVE-2024-38094 HIGH exploited ransomware Insecure deserialization EPSS 55% → see advisory

See all 519 known Microsoft SharePoint Server CVEs & security history →

How to patch Microsoft SharePoint Server — step-by-step to the latest secure version →

Get alerted about Microsoft SharePoint Server

Be emailed the moment Microsoft SharePoint Server gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.

We email only on real events for Microsoft SharePoint Server — no marketing, no sharing, and we never know what you run. Track your whole stack →

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each Microsoft SharePoint Server release line is supported — and when it sunsets.

Jul14'26 Microsoft SharePoint Server 2019EOL 2026-07-14

Jul14'26 Microsoft SharePoint Server 2016EOL 2026-07-14

Apr11'23 Microsoft SharePoint Server 2013ended 2023-04-11

Apr13'21 Microsoft SharePoint Server 2010ended 2021-04-13

Oct10'17 Microsoft SharePoint Server 2007ended 2017-10-10

Full Microsoft SharePoint Server end-of-life dates & support timeline →

subscription latest 16.0.19725.20384 Supported

2019 latest 16.0.10417.20153 Supported until 2026-07-14

2016 latest 16.0.5556.1005 Supported until 2026-07-14

2013 latest 15.0.5545.1000 End of life ended 2023-04-11

2010 latest 14.0.7268.5000 End of life ended 2021-04-13

2007 latest 12.0.6690.5000 End of life ended 2017-10-10

See all upcoming end-of-life dates →

Frequently asked

Is Microsoft SharePoint Server safe and patched?

What should I do about Microsoft SharePoint Server now?

Upgrade Microsoft SharePoint Server to the latest supported release (16.0.19725.20384) or later, which clears the actively-exploited issues affecting older versions, then confirm against Microsoft's official advisory.

When does Microsoft SharePoint Server reach end-of-life?

The latest supported Microsoft SharePoint Server release is 16.0.19725.20384. After end-of-life a release no longer receives security patches.

Which versions of Microsoft SharePoint Server are still receiving security updates?

Supported Microsoft SharePoint Server release lines (latest 16.0.19725.20384): subscription, 2019, 2016. End-of-life releases no longer receive security patches.

product-level posture (last 365d); exact per-version verdict pending precise version mapping

Latest security news for Microsoft SharePoint Server BETA

Attributed third-party reporting linked to Microsoft SharePoint Server — newest first. We surface and link the source; we don’t assert our own findings. About Emerging →

Reported CVE-2026-47636 Microsoft SharePoint Server Spoofing VulnerabilityMSRC · 17 Jun 2026 · CVE-2026-47636 · high confidence

More across all tracked software on the Emerging feed →

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Microsoft's official advisory before you patch or upgrade — Microsoft SharePoint Server official site ↗