TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources Heard It From a CISO VULNERABILITIES & THREATS APPLICATION SECURITY THREAT INTELLIGENCE NEWS Microsoft Issues Out-of-Band SharePoint Patch SharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too well. Jai Vijayan,Contributing Writer May 26, 2026 3 Min Read SOURCE: TADA IMAGES VIA SHUTTERSTOCK Microsoft rolled out an out-of-band patch for a remote code execution vulnerability in SharePoint Server that any authenticated attacker can potentially exploit without requiring administrator or other elevated privileges. Microsoft assigned the bug, tracked as CVE-2026-45659, a severity rating of 8.8 on the 10-point CVSS scale. The company described the vulnerability as one that attackers are less likely to exploit even though it involves low attack complexity, no user interaction, and minimal privileges. A Potentially Significant Attack Risk No public exploit code appears to have surfaced yet and there is no indication of any exploit activity in the wild. However, security teams might want to quickly deploy Microsoft's patch for the vulnerability, given SharePoint's history as a high-value target and how quickly proof-of-concept code has surfaced with previous similar disclosures. Microsoft's own decision to make the patch available immediately instead of waiting for its regular monthly Patch Tuesday updates also suggest the company perceives the vulnerability as a significant risk. Related:Microsoft Exchange Zero-Day Under Attack, No Patch Available CVE-2026-45659 involves the deserialization of untrusted data in Microsoft Office SharePoint. It essentially allows an authenticated attacker to trick Microsoft SharePoint into processing malicious data in a way that could let them remotely run code on the server and potentially take control of it. "In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions [Privileges Required: Low], could execute code remotely on the SharePoint Server," Microsoft said. "The attack complexity is low because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component." A successful exploit could have a high impact on system confidentiality, integrity, and availability, Microsoft added. The company attributed bug discovery to a security researcher called MEOW. LOADING... SharePoint Remains a Major Attacker Target The new vulnerability arrives amid ongoing concerns about SharePoint's security posture especially in on-premises deployments. Microsoft SharePoint servers remain a highly attractive target for cybercriminals and nation-state actors because of their role as a core platform for enterprise collaboration, document management and workflows. SharePoint environments often have large amounts of sensitive internal documents, project data, employee records, intellectual property, and other data, making a successful breach immediately valuable from an IP theft standpoint and for financial extortion. Because many organizations integrate SharePoint with other Microsoft services such as Active Directory, Teams, and Outlook, a successful SharePoint breach often can serve as a launchpad for lateral movement across an enterprise environment. Related:Can Laws Stop Deepfakes? South Korea Aims to Find Out China-linked groups like Linen Typhoon and Violet Typhoon exploited SharePoint vulnerabilities to steal intellectual property, while ransomware operators such as Storm-2603 used the same flaws to deploy extortion campaigns. In July 2025 Microsoft disclosed a zero-day vulnerability chain dubbed ToolShell that multiple threat groups used in attacks against on-premises SharePoint deployments in government agencies, universities, corporations, and the US Nuclear Weapons Agency. Security analysts consider on-premises Microsoft SharePoint environments a particularly attractive target for attackers because of how many organizations struggle to keep these systems fully patched, properly configured, and consistently monitored. Often, Internet-facing servers have outdated software, legacy integrations, excessive privileges, and other security gaps attackers can easily exploit. About the Author Jai Vijayan Contributing Writer Illinois-based Jai Vijayan is a veteran, award-winning technology journalist with more than 25 years of experience covering cybersecurity. His information security reporting has explored everything from ransomware, nation-state threats, and identity security to AI risk, critical infrastructure protection, software supply chain security, cloud security and emerging enterprise technologies. Over the course of his career, Jai has written news stories, feature articles, survey reports, white papers, and e-books for enterprise and technology audiences. He has also moderated panel discussions and executive roundtables featuring CISOs, security researchers, and industry leaders. Jai previously served as senior editor at Computerworld, where he covered information security and data-privacy issues. His work has also appeared in CSO Online, InformationWeek, The Christian Science Monitor Passcode, The Economic Times, and other publications. His work has earned multiple industry honors, including a Joint ASBPE Excellence Award for Best Coverage of Government IT, and a Joint Jesse H. Neal Award for wireless LAN security coverage. Jai holds a Master’s degree in statistics from Bangalore University, and studied broadcasting and electronic communication at Marquette University in Milwaukee. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar AI-Powered Cybersecurity for Resource-Constrained Organizations AI-Powered Credential Security: Intelligence Without Exposure More Webinars You May Also Like VULNERABILITIES & THREATS Cheap Hardware Module Bypasses AMD, Intel Memory Encryption by Rob Wright NOV 25, 2025 VULNERABILITIES & THREATS Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs by Jai Vijayan, Contributing Writer NOV 11, 2025 VULNERABILITIES & THREATS Microsoft Issues Emergency Patch for Critical Windows Server Bug by Rob Wright OCT 24, 2025 VULNERABILITIES & THREATS 350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE by Nate Nelson, Contributing Writer JUL 11, 2025 Editor's Choice THREAT INTELLIGENCE From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber byDark Reading Editorial Team MAY 6, 2026 31 MIN READ CYBER RISK Physical Cargo Theft Gets a Boost From Cybercriminals byRobert Lemos MAY 4, 2026 5 MIN READ CYBER RISK NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later byDark Reading Editorial Team APR 28, 2026 Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE LOADING... RSAC 2026: key news & insights At RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much more Get Your Recap Webinars Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack THURS, JUNE 25, 2026, AT 1PM EST Defending in the Shadow Era: When the CVE Feed Goes Dark TUES, JUNE 16, 2026 AT 1PM EST Building SecOps That Make the Most of Every Dollar THURS, JULY 9, 2026 AT 1PM EST AI-Powered Cybersecurity for Resource-Constrained Organizations THURS, JUNE 18, 2026, AT 1PM EST AI-Powered Credential Security: Intelligence Without Exposure WED, JUNE 17, 2026, AT 1PM EST More Webinars BLACK HAT USA | MANDALAY BAY, LAS VEGAS The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass. GET YOUR PASS Discover More Black Hat Omdia Working With Us About Us Advertise Reprints Join Us NEWSLETTER SIGN-UP Follow Us Copyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466. Home| Cookie Policy| Privacy| Terms of Use Your Privacy Choices