Microsoft Issues Out-of-Band SharePoint Patch TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposbyRob WrightMay 26, 20264 Min ReadApplication SecurityThe Hackers Behind Shai-Hulud: Lucky or Skilled?The Hackers Behind Shai-Hulud: Lucky or Skilled?byAlexander CulafiMay 26, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite PapersAdvertise With Us About UsMeet the EditorsPartner PerspectivesDark Reading Resource LibraryHeard It From a CISOVulnerabilities & ThreatsApplication SecurityThreat IntelligenceNewsMicrosoft Issues Out-of-Band SharePoint PatchSharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too well.Jai Vijayan,Contributing WriterMay 26, 20263 Min ReadSource: Tada Images via ShutterstockMicrosoft rolled out an out-of-band patch for a remote code execution vulnerability in SharePoint Server that any authenticated attacker can potentially exploit without requiring administrator or other elevated privileges.Microsoft assigned the bug, tracked as CVE-2026-45659, a severity rating of 8.8 on the 10-point CVSS scale. The company described the vulnerability as one that attackers are less likely to exploit even though it involves low attack complexity, no user interaction, and minimal privileges.A Potentially Significant Attack RiskNo public exploit code appears to have surfaced yet and there is no indication of any exploit activity in the wild. However, security teams might want to quickly deploy Microsoft's patch for the vulnerability, given SharePoint's history as a high-value target and how quickly proof-of-concept code has surfaced with previous similar disclosures. Microsoft's own decision to make the patch available immediately instead of waiting for its regular monthly Patch Tuesday updates also suggest the company perceives the vulnerability as a significant risk.Related:Microsoft Exchange Zero-Day Under Attack, No Patch AvailableCVE-2026-45659 involves the deserialization of untrusted data in Microsoft Office SharePoint. It essentially allows an authenticated attacker to trick Microsoft SharePoint into processing malicious data in a way that could let them remotely run code on the server and potentially take control of it. "In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions [Privileges Required: Low], could execute code remotely on the SharePoint Server," Microsoft said. "The attack complexity is low because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component."  A successful exploit could have a high impact on system confidentiality, integrity, and availability, Microsoft added. The company attributed bug discovery to a security researcher called MEOW.SharePoint Remains a Major Attacker TargetThe new vulnerability arrives amid ongoing concerns about SharePoint's security posture especially in on-premises deployments. Microsoft SharePoint servers remain a highly attractive target for cybercriminals and nation-state actors because of their role as a core platform for enterprise collaboration, document management and workflows. SharePoint environments often have large amounts of sensitive internal documents, project data, employee records, intellectual property, and other data, making a successful breach immediately valuable from an IP theft standpoint and for financial extortion. Because many organizations integrate SharePoint with other Microsoft services such as Active Directory, Teams, and Outlook, a successful SharePoint breach often can serve as a launchpad for lateral movement across an enterprise environment.Related:Can Laws Stop Deepfakes? South Korea Aims to Find OutChina-linked groups like Linen Typhoon and Violet Typhoon exploited SharePoint vulnerabilities to steal intellectual property, while ransomware operators such as Storm-2603 used the same flaws to deploy extortion campaigns. In July 2025 Microsoft disclosed a zero-day vulnerability chain dubbed ToolShell that multiple threat groups used in attacks against on-premises SharePoint deployments in government agencies, universities, corporations, and the US Nuclear Weapons Agency. Security analysts consider on-premises Microsoft SharePoint environments a particularly attractive target for attackers because of how many organizations struggle to keep these systems fully patched, properly configured, and consistently monitored. Often, Internet-facing servers have outdated software, legacy integrations, excessive privileges, and other security gaps attackers can easily exploit.About the AuthorJai VijayanContributing WriterIllinois-based Jai Vijayan is a veteran, award-winning technology journalist with more than 25 years of experience covering cybersecurity. His information security reporting has explored everything from ransomware, nation-state threats, and identity security to AI risk, critical infrastructure protection, software supply chain security, cloud security and emerging enterprise technologies. Over the course of his career, Jai has written news stories, feature articles, survey reports, white papers, and e-books for enterprise and technology audiences. He has also moderated panel discussions and executive roundtables featuring CISOs, security researchers, and industry leaders. Jai previously served as senior editor at Computerworld, where he covered information security and data-privacy issues. His work has also appeared in CSO Online, InformationWeek, The Christian Science Monitor Passcode, The Economic Times, and other publications.His work has earned multiple industry honors, including a Joint ASBPE Excellence Award for Best Coverage of Government IT, and a Joint Jesse H. Neal Award for wireless LAN security coverage. Jai holds a Master’s degree in statistics from Bangalore University, and studied broadcasting and electronic communication at Marquette University in Milwaukee. See more from Jai VijayanWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyEssential News & Insights from Black Hat USA 2025How Enterprises Are Harnessing Emerging Technologies in CybersecurityAccess More ResearchWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackDefending in the Shadow Era: When the CVE Feed Goes DarkBuilding SecOps That Make the Most of Every DollarAI-Powered Credential Security: Intelligence Without ExposureAI-Powered Cybersecurity for Resource-Constrained OrganizationsMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackThurs, June 25, 2026, at 1pm ESTDefending in the Shadow Era: When the CVE Feed Goes DarkTues, June 16, 2026 at 1pm ESTBuilding SecOps That Make the Most of Every DollarThurs, July 9, 2026 at 1pm ESTAI-Powered Credential Security: Intelligence Without ExposureWed, June 17, 2026, at 1pm ESTAI-Powered Cybersecurity for Resource-Constrained OrganizationsThurs, June 18, 2026, at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

Microsoft released an out-of-band patch to address a remote code execution vulnerability identified in SharePoint Server environments, which is tracked as CVE-2026-45659 and carries a substantial severity rating of 8.8 on the 10-point CVSS scale. This vulnerability stems from the deserialization of untrusted data within the Microsoft Office SharePoint system, which allows an authenticated attacker with minimal privileges, such as Site Member permissions, to execute arbitrary code remotely on the SharePoint Server. The exploit’s low attack complexity is noteworthy because it does not require significant prior system knowledge or user interaction to achieve repeatable success with the malicious payload against the vulnerable component.

Although there is currently no public exploit code or indication of active exploitation in the wild, the release of the patch suggests Microsoft perceives this vulnerability as a significant risk, especially given SharePoint’s history as a high-value target. Security teams are strongly advised to deploy this patch promptly, particularly because proof-of-concept code has surfaced rapidly following similar disclosures. The successful exploitation of this flaw could result in severe consequences for the system’s confidentiality, integrity, and availability.

The context surrounding this vulnerability underscores the continued attractiveness of on-premises Microsoft SharePoint deployments for cybercriminals and nation-state actors. SharePoint serves as a central platform for enterprise collaboration, document management, and workflow operations, meaning a successful breach grants immediate access to highly valuable intellectual property, sensitive internal documents, and employee records. Furthermore, because organizations frequently integrate SharePoint with other Microsoft services like Active Directory, Teams, and Outlook, a compromise of SharePoint often provides a crucial launchpad for lateral movement across the entire enterprise network. Historically, threat groups, including those associated with ransomware operations and state-linked groups, have leveraged SharePoint vulnerabilities to facilitate data exfiltration and deploy extortion campaigns. This risk is compounded by the fact that many organizations struggle to maintain consistent patching, configuration, and monitoring across their on-premises SharePoint systems, leaving exploitable gaps. The discovery of this chain of vulnerabilities, like ToolShell, further confirms the critical need for robust security measures in these environments.