Detection Logic Enhancement for SharePoint Server

[Updated Jan 14, 2026] Release complete: VULNSIGS-2.6.512-6.

We have updated the detection logic for 30 SharePoint QIDs to enforce stricter adherence to Microsoft’s deployment guidelines.

Microsoft’s remediation for these vulnerabilities explicitly requires the installation of multiple distinct components (typically a Core Security Update and a Language Pack Update) to be fully effective. 

Following a review of Microsoft SharePoint component structures, we identified that standard detection methods may not fully validate the installation of required Language Pack updates. Our updated QIDs now independently verify these specific components to ensure complete remediation.

What to Expect:

• You may observe previously “Closed” findings reopening on assets where the Core patch is present, but the Language Pack component is missing.
• This is a high-fidelity detection. If a finding reopens, it indicates that the asset is not fully remediated according to the vendor’s strict definition.

Action Required: Review any reopened findings and ensure the secondary components (Language Packs) are installed.

You can see all your impacted hosts by these vulnerabilities using the following QQL query:

vulnerabilities.vulnerability: ( qid: 110513 or qid: 110509 or qid: 110506 or qid: 110504 or qid: 110501 or qid: 110498 or qid: 110496 or qid: 110493 or qid: 110491 or qid: 110485 or qid: 110482 or qid: 110448 or qid: 110444 or qid: 110439 or qid: 110427 or qid: 110415 or qid: 110399 or qid: 110397 or qid: 110392 or qid: 110386 or qid: 110383 or qid: 110377 or qid: 110375 or qid: 110371 or qid: 110367 or qid: 110360 or qid: 110358 or qid: 110354 or qid: 110347 or qid: 110346 )

The release is now complete. We have updated QIDs with the specific VulnSigs release version: VULNSIGS-2.6.512-6.