IMPORTANT: This notice is only relevant for environments where:
- Microsoft SharePoint Server is installed on the computer.
- Scan Cab is used to check for update compliance.
- The July 2025 Scan Cab was deployed before 8:00 am PT on July 26, 2025.
An updated version of the July 2025 Scan Cab was made available at 8:00 am PT on July 26, 2025. This Scan Cab includes new metadata corresponding to new updates for the following versions of SharePoint Server:
- SharePoint Enterprise Server 2016 (KB5002760)
- SharePoint Enterprise Server 2016 Language Pack (KB5002759)
- SharePoint Server 2019 (KB5002754)
- SharePoint Server 2019 Language Pack (KB5002753)
- SharePoint Server Subscription Edition (KB5002768)
The new Microsoft updates for these SharePoint Server versions, released July 21, 2025, included additional protections to address CVE-2025-53770 and CVE-2025-53771. See the additional information section of this message for details.
How this affects your organization:
IT administrators who downloaded the Scan Cab before 8:00 am PT on July 26, 2025, should re-acquire and re-deploy their Scan Cab if it is used to assess updates for environments where SharePoint Server is installed on the computer.
No action is required on environments where Scan Cab is not employed or SharePoint Server is not installed. However, please note that there might be non-Microsoft applications which utilize Scan Cab. Review the documentation for any software and update deployment tools which might be in use for your organization, to understand if this is applicable in your environment.
What you need to do to prepare:
Administrators can re-deploy the updated Scan Cab via their usual processes. For detailed guidance, see the Additional information section below.
Additional information:
- Updated Scan Cab: Download the new Scan Cab here
- CVE-2025-53770: Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2025-53771: Microsoft SharePoint Server Spoofing Vulnerability
- KB5002760: Description of the security update for SharePoint Enterprise Server 2016: July 21, 2025
- KB5002759: Description of the security update for SharePoint Enterprise Server 2016 Language Pack: July 21, 2025
- KB5002754: Description of the security update for SharePoint Server 2019: July 21, 2025
- KB5002753: Description of the security update for SharePoint Server 2019 Language Pack: July 21, 2025
- KB5002768: Description of the security update for SharePoint Server Subscription Edition: July 21, 2025
- Announcing a smaller WSUS Scan Cab - Microsoft Tech Community: Learn more about WSUS and the Scan Cab process
- Using WUA to Scan for Updates Offline - Win32 apps | Microsoft Docs: Windows Update Agent (WUA) can be used to scan computers for security updates without connecting to Windows Update
- WSUS and the Catalog Site | Microsoft Docs: The Catalog Site used by WSUS to import updates and drivers