Microsoft patches critical SharePoint RCE vulnerability (CVE-2026-45659)
Microsoft released a series of security updates in May 2026 addressing several high‑severity issues across its products. A remote code execution flaw in SharePoint (CVE‑2026‑45659) was patched for SharePoint Server Subscription Edition, SharePoint Server 2019 and SharePoint Enterprise 2016. The vulnerability, rated CVSS 8.8, allows an authenticated attacker with basic site‑member permissions to execute code via deserialization of untrusted data. Microsoft urges immediate deployment of the updates.
A separate remote code execution vulnerability in the Netlogon service (CVE‑2026‑41089) affecting Windows Server domain controllers was also patched. The flaw could be triggered by an unauthenticated network packet, causing LSASS memory corruption and a server reboot. The vendor‑supplied fix hardens the Netlogon string handling, and third‑party micropatches are available for legacy Windows versions.
In addition, Microsoft announced a preview of the Windows 365 Cloud Input Protection feature, which encrypts keyboard input at the kernel level and requires TPM 2.0‑enabled Windows 11 devices. The feature is enabled via group‑policy or Intune remediation scripts.
Separately, a known issue in the May 2026 update for Windows Server 2016 causes domain‑controller lookup failures on machines with exactly 15‑character hostnames. Microsoft has acknowledged the problem but has not yet provided a fix.