Microsoft said exploitation was 'less likely' ... but CISA just added SharePoint RCE to KEV list

Attackers need little more than a valid SharePoint account to execute code on vulnerable on-prem servers