Microsoft has disclosed a critical vulnerability affecting on-premises SharePoint Server 2016, 2019, and Subscription Edition. The flaw allows attackers to execute code remotely without authentication — potentially giving them access to sensitive documents, credentials, and connected systems. SharePoint Online is not affected.
Exploitation is already underway, with attacks reported against businesses, government agencies, and local municipalities. Organizations using on-premises SharePoint should prioritize reviewing patch status, especially for any internet-facing servers. In some cases, taking those systems temporarily offline may be appropriate while updates are applied.
Beyond updates via patching, there are broader risks to consider. SharePoint often integrates with Teams, Outlook, and OneDrive — meaning a successful breach can enable attackers to move laterally across your environment and maintain long-term, undetected access. Even after remediation, stolen machine keys could allow forged access attempts if not addressed.
Staying ahead of these threats requires more than immediate technical fixes. Organizations should evaluate endpoint protection, improve logging and visibility, and consider a post-incident review to understand potential exposure.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.