UK businesses using Microsoft SharePoint face an urgent security threat this week.
The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that threat actors are actively exploiting a recently patched SharePoint remote code execution vulnerability tracked as CVE-2026-45659
. If your organisation runs SharePoint—whether on-premises or as part of Microsoft 365—you need to act now.
For SMEs across Kent and the South East, this isn’t just another security bulletin to file away. Active exploitation means attackers are scanning for vulnerable systems right now, and unpatched SharePoint installations represent a genuine, immediate risk to your business data and operations.
What Is the SharePoint CVE-2026-45659 Vulnerability?
CVE-2026-45659 is a remote code execution (RCE) vulnerability affecting Microsoft SharePoint Server. Remote code execution flaws are among the most serious security issues because they allow attackers to run malicious code on your server without needing physical access or valid credentials.
In practical terms, an attacker exploiting this vulnerability could:
- Gain unauthorised access to your SharePoint environment
- Steal sensitive business documents and data
- Move laterally across your network to compromise other systems
- Deploy ransomware or other malicious software
- Disrupt business operations by taking systems offline
A proof-of-concept exploit has been publicly available since disclosure, and the first exploitation attempts were observed last week
. This means the barrier to entry for attackers is extremely low—even less sophisticated threat actors now have the tools to target vulnerable SharePoint installations.
Why This Matters for UK SMEs Right Now
SharePoint is one of the most widely deployed collaboration platforms in UK businesses. Whether you’re using SharePoint Online as part of your Microsoft 365 subscription or running SharePoint Server on-premises, this vulnerability demands immediate attention.
The timing is particularly concerning.
June 2026 saw Microsoft’s biggest Patch Tuesday ever, with 206 vulnerability fixes including three zero-day flaws
. With such high patch volumes, it’s understandable that some updates might be delayed or overlooked—but CVE-2026-45659 cannot wait.
As we explored in our recent article on handling Microsoft’s record-breaking patch volumes, UK SMEs are struggling to keep pace with the sheer number of security updates. However, when CISA adds a vulnerability to its Known Exploited Vulnerabilities catalogue and confirms active exploitation, that vulnerability must jump to the top of your priority list.
The Wider Context: Vulnerability Exploitation in 2026
IBM X-Force observed a 44% year-over-year increase in the exploitation of public-facing applications, commonly exploited due to vulnerabilities and deployment or configuration errors
. This aligns with trends we’ve discussed previously—vulnerability exploitation has overtaken passwords as the top cyber threat in 2026.
Attackers are increasingly targeting unpatched systems because it works.
Modern attackers monitor patch release cycles from vendors and exploit gaps before organisations can deploy fixes
. The window between patch release and exploitation has narrowed dramatically, leaving little room for delay.
Immediate Actions for UK Businesses
If your organisation uses SharePoint in any capacity, follow these steps immediately:
1. Identify Your SharePoint Environment
Determine whether you’re running:
- SharePoint Online (part of Microsoft 365): Microsoft handles patching automatically, but you should verify your service is up to date
- SharePoint Server (on-premises): You are responsible for applying patches promptly
- Hybrid environments: Both components need attention
2. Apply Microsoft’s Security Update Without Delay
Microsoft released patches for CVE-2026-45659 as part of its June 2026 security updates. If you haven’t already applied these patches, they must be deployed urgently.
CISA guidance requires applying mitigations in accordance with vendor instructions, ensuring compliance with prioritising security updates based on risk. Stakeholders are responsible for evaluating each asset’s internet exposure and ensuring adherence to patching guidelines
.
3. Review Access Logs and Monitor for Suspicious Activity
Check your SharePoint logs for any unusual access patterns, unexpected administrative actions, or file access by unknown users. If you discover signs of compromise, treat it as a serious incident requiring immediate investigation.
4. Verify Your Backup and Recovery Capability
Ensure you have recent, tested backups of your SharePoint data. In the event of a successful attack, reliable backups are your last line of defence. Our guide to business continuity planning after recent cloud outages provides practical advice on protecting your critical data.
Longer-Term Security Improvements
Once you’ve addressed the immediate CVE-2026-45659 threat, consider these improvements to your vulnerability management approach:
Establish a Patch Management Process
Create a formal process for reviewing, testing, and deploying security updates.
The rapid pace of cyberattacks targeting newly discovered vulnerabilities makes prompt patching more critical than ever, and businesses need to improve patching speed and reduce mean time to remediate vulnerabilities
.
For guidance on managing high patch volumes, see our article on handling Microsoft’s record-breaking patch volumes.
Implement Network Segmentation
Don’t allow a single compromised system to become a gateway to your entire network. Proper segmentation limits the damage an attacker can inflict, even if they successfully exploit a vulnerability.
Consider Managed IT Support
Many SMEs lack the internal resources to monitor security bulletins, assess vulnerabilities, and deploy patches promptly. Professional IT support services can ensure critical updates are applied quickly, reducing your exposure window.
The Bigger Picture: AI-Driven Threats and Patch Fatigue
Google Cloud’s Cybersecurity Forecast 2026 predicts attackers will use AI across the full attack lifecycle—including prompt-injection attacks and AI-generated phishing and deepfakes—while ransomware paired with data-theft extortion remains the most financially damaging form of cybercrime
.
We’re seeing a fundamental shift in the threat landscape. Attackers now leverage automation and AI to discover and exploit vulnerabilities faster than many organisations can patch them. This creates a dangerous asymmetry: your adversaries are automated, but your defences may not be.
This is why proactive security measures, including automated patch deployment and continuous vulnerability scanning, are no longer optional for UK SMEs—they’re essential.
Don’t Wait: Protect Your Business Today
The CVE-2026-45659 SharePoint vulnerability represents exactly the kind of threat that UK SMEs cannot afford to ignore. Active exploitation is confirmed, proof-of-concept code is publicly available, and attackers are scanning for vulnerable systems.
If you’re unsure whether your SharePoint environment is patched, or if you need assistance securing your Microsoft 365 or on-premises systems, don’t leave it to chance. The cost of remediation after a breach far exceeds the investment in prevention.
Need urgent help securing your SharePoint environment or reviewing your patch management process? Meridian Micro provides expert IT support and security services to businesses across Kent and the South East. Call us today on 01303 883111 to discuss how we can help protect your business from emerging threats like CVE-2026-45659.
