SharePoint often works quietly behind the scenes as a critical collaboration and file management tool within Microsoft Office ecosystems. For many organizations, it’s an essential backbone for sharing documents, managing workflows, and facilitating team collaboration. However, recent developments have put SharePoint users on alert: two significant zero-day vulnerabilities have been discovered and are actively being exploited in the wild.
Microsoft has responded swiftly by releasing emergency, out-of-band patches addressing these two critical Remote Code Execution (RCE) vulnerabilities. These patches apply both to the current Microsoft 365 version of SharePoint and the older, standalone SharePoint 2019 release. The urgency to update is high, as successful exploitation of these vulnerabilities could allow attackers to run arbitrary code on affected servers, potentially leading to full system compromise, installation of malware, or further lateral movement within enterprise networks.
Unfortunately, the non-subscription SharePoint 2016 version has not yet received a patch, although Microsoft has indicated that a fix is forthcoming. Organizations still running this legacy software should take additional precautionary steps and stay vigilant for updates.
These vulnerabilities came to light following the Pwn2Own security conference, where earlier flaws were patched but, as is often the case, new weaknesses emerged during subsequent analysis. This cycle highlights the ongoing cat-and-mouse game between software defenders and attackers targeting widely used platforms like SharePoint.
Administrators and SharePoint users should prioritize deploying the updates as soon as possible. Microsoft provides detailed instructions for patching via the Central Administration console or through PowerShell commands, ensuring both GUI and command-line approaches are available to fit various IT environments.
