SharePoint RCE Patched (CVE-2026-45659) — Update Your On-Prem Servers This Week

Microsoft has shipped patches for a high-severity remote code execution flaw in on-premises SharePoint — CVE-2026-45659, CVSS 8.8 — and any Australian business still running SharePoint Server on its own infrastructure should plan the update this week, as reported by Help Net Security. The bug sits in SharePoint’s deserialisation code: an authenticated attacker, with as little as Site Member permissions, can trigger remote code execution with no user interaction and low attack complexity.

SharePoint on-prem environments typically hold the documents most worth stealing — contracts, HR files, financials, client records — and they are frequently reachable from the internet. That is exactly why SharePoint has been a favoured target for nation-state and ransomware crews over the past two years. The fix lands in three builds: SharePoint Server Subscription Edition (16.0.19725.20280), Server 2019 (16.0.10417.20128) and Enterprise Server 2016 (16.0.5552.1002).

Microsoft currently rates exploitation as “less likely” and there is no public proof-of-concept yet, but every serious SharePoint bug eventually attracts one — and the fact that ordinary Site Member access is enough to weaponise it lowers the bar considerably. If your business is on SharePoint Online, this does not apply — Microsoft handles patching for you. If you are running SharePoint on a server in your office or a hosted environment, schedule the update now, then review who still has authenticated access. Any dormant account is a foothold waiting to be reused.

If you would like a hand mapping your SharePoint exposure or tightening your patching cadence, the All IT Services Microsoft 365 team can help.