ARTICLE
31 July 2025

Critical SharePoint Vulnerability: What To Know

MG
MGO CPA LLP

Contributor

As a global team of more than 500 financial service professionals, we stand ready to serve you through assurance, tax, consulting, outsourcing, and private client services where and when you need us.
Microsoft has disclosed a critical vulnerability affecting on-premises SharePoint Server 2016, 2019, and Subscription Edition.
United States Media, Telecoms, IT, Entertainment

Microsoft has disclosed a critical vulnerability affecting on-premises SharePoint Server 2016, 2019, and Subscription Edition. The flaw allows attackers to execute code remotely without authentication — potentially giving them access to sensitive documents, credentials, and connected systems. SharePoint Online is not affected.

Exploitation is already underway, with attacks reported against businesses, government agencies, and local municipalities. Organizations using on-premises SharePoint should prioritize reviewing patch status, especially for any internet-facing servers. In some cases, taking those systems temporarily offline may be appropriate while updates are applied.

Beyond updates via patching, there are broader risks to consider. SharePoint often integrates with Teams, Outlook, and OneDrive — meaning a successful breach can enable attackers to move laterally across your environment and maintain long-term, undetected access. Even after remediation, stolen machine keys could allow forged access attempts if not addressed.

Staying ahead of these threats requires more than immediate technical fixes. Organizations should evaluate endpoint protection, improve logging and visibility, and consider a post-incident review to understand potential exposure.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More