MICROSOFT has released an out-of-band patch to address a critical remote code execution vulnerability in SharePoint Server (CVE-2026-45659). This flaw allows authenticated attackers to remotely execute code without elevated privileges, assigning it a high severity rating of 8.8 on the CVSS scale. Although no public exploit code is currently reported and there are no indications of active exploitation, the patch is recommended for immediate deployment due to SharePoint's status as a frequent target for cyberattacks.
The vulnerability arises from deserialization of untrusted data, potentially leading to significant impacts on system confidentiality, integrity, and availability. Organizations using SharePoint are advised to quickly apply the patch to safeguard their environments.