Microsoft just fixed a critical SharePoint Server vulnerability
Microsoft just patched a major security flaw in its on-premises SharePoint Server, part of the "ToolShell" exploit chain.
This bug let hackers take over servers without even logging in—pretty serious stuff.
The fix came out fast, but only for newer versions; if you're still on SharePoint Server 2016, you're not covered yet.
ToolShell exploit can access sensitive data
ToolShell lets attackers get full access to files and settings, and even mess with connected apps like Teams and OneDrive.
Big organizations—including US federal agencies—were targeted, so it's not just small businesses at risk.
What to do if you're still on SharePoint Server 2016
The US cybersecurity agency CISA says if your server is vulnerable, disconnect it from the network until you can patch it.
Good news: SharePoint Online and Microsoft 365 aren't affected.
Microsoft and CISA are keeping watch, but if you're running an older version, stay alert until an update drops.