The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted organizations to an active exploitation campaign targeting a remote code execution vulnerability in Microsoft SharePoint that was inadvertently excluded from Microsoft's May Patch Tuesday release. The oversight has left systems vulnerable while threat actors actively leverage the flaw in the wild.
Why it matters: IT leaders must immediately identify and patch this unscheduled SharePoint vulnerability to prevent unauthorized remote code execution in widely deployed collaboration environments.