Microsoft has disclosed a critical vulnerability affecting on-premises SharePoint Server 2016, 2019, and Subscription Edition. The flaw allows attackers to execute code remotely without authentication — potentially giving them access to sensitive documents, credentials, and connected systems. SharePoint Online is not affected.
Exploitation is already underway, with attacks reported against businesses, government agencies, and local municipalities. Organizations using on-premises SharePoint should prioritize reviewing patch status, especially for any internet-facing servers. In some cases, taking those systems temporarily offline may be appropriate while updates are applied.
Beyond updates via patching, there are broader risks to consider. SharePoint often integrates with Teams, Outlook, and OneDrive — meaning a successful breach can enable attackers to move laterally across your environment and maintain long-term, undetected access. Even after remediation, stolen machine keys could allow forged access attempts if not addressed.
Staying ahead of these threats requires more than immediate technical fixes. Organizations should evaluate endpoint protection, improve logging and visibility, and consider a post-incident review to understand potential exposure.
How MGO Can Help
If your organization uses on-premises SharePoint, now is the time to act. The threat is active, and the window to reduce risk is narrowing.
MGO’s Cybersecurity and IT Risk Advisory team , is closely tracking this development and is available to help you respond. Whether you need support validating critical system updates via patches, reviewing monitoring capabilities, or planning next steps through post-incident review, we’re here to help.
Reach out to our team today and take proactive steps to safeguard your systems and data.
