Microsoft patches highly critical SharePoint vulnerability

Admins running Microsoft SharePoint servers in their infrastructure should check if they have installed the May updates. Microsoft is thus closing a security vulnerability classified as highly critical, which allows attackers to inject and execute malicious code.

In a CVE vulnerability entry, Microsoft warns about the security vulnerability. The problem exists due to the deserialization of untrusted data, i.e., its unpacking and processing or even execution. Attackers logged into SharePoint can thus smuggle code over the network (CVE-2026-45659, CVSS 8.8, Risk “high”). No elevated privileges are required for this. The update is available for SharePoint Server 2016, SharePoint Enterprise Server 2016, SharePoint Server 2019, and the Subscription Edition.

Microsoft further explains that the vulnerability is exploitable from the internet. Since attackers do not need detailed knowledge of vulnerable systems beforehand to attack them successfully, the developers consider an attack to be not very complex. Nevertheless, they estimate that the abuse of this vulnerability is less likely. Furthermore, Microsoft states that the security vulnerability has not yet been attacked.

Confusion about security vulnerability

Microsoft only published the information about the vulnerability on Wednesday night. However, it is not an emergency update but a “forgotten” vulnerability entry. The update from the May Patchday therefore already addresses the vulnerability.

Since SharePoint vulnerabilities are very interesting for cybercriminals and are often exploited in the wild, IT managers should ensure that they have applied the update. In mid-April, Microsoft released updates for SharePoint on Patchday after a vulnerability in it had already been attacked.

(dmk)