Admins who run Microsoft SharePoint servers in their infrastructure should check whether they have installed the May updates. Microsoft is thus closing a security gap that is classified as high risk and allows attackers to inject and execute malicious code.
Read more after the ad
Microsoft warns of the security hole in a CVE vulnerability entry. The problem arises due to the deserialization of untrustworthy data, i.e. unpacking and processing or even executing it. This allows attackers who are logged in to SharePoint to smuggle in code via the network (CVE-2026-45659, CVSS 8.8Risk „hoch“). No elevated rights are necessary. The update is available for SharePoint Server 2016, SharePoint Enterprise Server 2016, SharePoint Server 2019 and the Subscription Edition.
Microsoft further states that the vulnerability can be attacked from the Internet. Since attackers do not need detailed knowledge of vulnerable systems in advance in order to successfully attack them, the developers consider an attack to be less complex. Nevertheless, they estimate that abuse of this vulnerability is less likely. Microsoft also states that the security vulnerability has not yet been attacked.
Confusion about security vulnerability
Microsoft only published the information about the vulnerability on Wednesday night. However, this is not an emergency update, but rather a “forgotten” vulnerability entry. The update from the May patch day already addresses the vulnerability.
Since SharePoint vulnerabilities are of great interest to cybercriminals and are more commonly exploited in the wild, IT managers should ensure that they have applied the update. In mid-April, Microsoft released updates for SharePoint on Patch Tuesday after a security hole in it had already been attacked.
(dmk)
