Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

Cybersecurity advisory graphic with shield and warning triangle reading PATCH NOW

CISA has confirmed attackers are actively exploiting a high-severity remote code execution flaw in on-premises Microsoft SharePoint, tracked as CVE-2026-45659, as reported by BleepingComputer. Microsoft patched it back on 21 May — the fix was accidentally left out of the May security update notes, so plenty of servers never got it. On 1 July, CISA added the flaw to its Known Exploited Vulnerabilities catalogue and gave US federal agencies until the weekend to fix it. That deadline doesn’t apply here, but the signal does.

Who’s affected: SharePoint Server 2016, 2019 and Subscription Edition. SharePoint Online — the Microsoft 365 version — is not affected. The nasty part is how little access an attacker needs. Any logged-in user with basic Site Member permissions can run code on the server, so one phished staff password hands over the whole box. Shadowserver counts more than 10,000 SharePoint servers still exposed to the internet. And here’s the pattern we keep seeing in Australian environments: the business moved email and files to Microsoft 365 years ago, but an old SharePoint server is still humming away in the corner “for the archive” — domain-joined, forgotten and unpatched. That is exactly the machine this flaw was made for.

What to do: apply the May 2026 SharePoint security updates today. If you can’t patch immediately, take the server off the internet. And if nobody has touched it in a year, ask the better question — do you still need it at all?

Not sure whether you’re running one? Our cybersecurity team can check in minutes.

Related Guide

Cybersecurity for Sydney SMBs

Explore our complete guide to protecting your business from cyber threats.

Read the Full Guide →