Cast your mind back to 2016. Bitcoin was trading somewhere between a curiosity and a punchline, hovering around $430 at the start of the year, slowly creeping toward $1,000 by December. The Chicago Cubs finally broke a 108-year World Series drought. Pokemon GO had grown adults walking into traffic, eyes locked to their phones. Apple shipped the iPhone 7 and quietly deleted the headphone jack, triggering an outrage cycle that lasted roughly three weeks before everyone just bought wireless earbuds.
And somewhere in your organization's server room, someone was racking up a fresh install of SharePoint 2016.
Or maybe your milestone was 2019. Back when a "remote work policy" meant being allowed to work from home one Friday a month, if your manager was feeling generous. When a global pandemic was the stuff of disaster movies. When “general purpose AI” still belonged mostly to science fiction and anxious think pieces. OpenAI had just quietly released a language model they were so worried about; they initially refused to publish the full version. Nobody could see what was coming.
And in that same server room, someone may have upgraded to SharePoint 2019.
A lot has changed since then. Your SharePoint server has not!
Microsoft has confirmed that extended support for both SharePoint Server 2016 and SharePoint Server 2019 ends on July 14, 2026. That date is weeks away. Not months, not years. Weeks.
What does "end of extended support" actually mean in practice? It means no more security patches. No more bug fixes. No emergency updates when a critical vulnerability is discovered. Your server keeps running; the content databases still mount, users still log in, workflows still grind along. But if someone finds a way in, Microsoft will not be coming to the rescue.
You are on your own.
Last summer, the security world got a very clear preview of that future. In July 2025, researchers discovered CVE-2025-53770, a critical remote code execution vulnerability in on-premises SharePoint servers. The exploit was dubbed "ToolShell", and it was very bad. A CVSS score of 9.8 out of 10, which is the security industry's way of saying drop everything.
The attack was elegant in its brutality. By spoofing a single HTTP Referer header, attackers could completely bypass authentication and upload files directly to the server, including web shells that gave them persistent, remote control of the underlying system. No credentials required. No social engineering. Just a crafted HTTP request and the keys to the kingdom.
The breaches that followed hit U.S. federal and state agencies, universities, and energy companies. The FBI got involved. Microsoft issued emergency out-of-band patches on July 20 and 22, 2025, working through a weekend to push fixes for SharePoint 2016, 2019, and Subscription Edition.
Those customers were saved. Not because the vulnerability was not critical. It absolutely was. But because they were still inside the support window. Microsoft had both the obligation and the infrastructure to act.
SharePoint Server 2013 reached end of extended support in April 2023. When ToolShell hit in July 2025, security researchers confirmed that SharePoint 2010 and 2013 were vulnerable to the exact same exploit: the same authentication bypass, the same web shell upload vector, the same 9.8 CVSS score.
Microsoft issued no patch for those versions. The guidance was effectively: good luck.
Segment your network. Try a "virtual patch." And maybe finally get around to that migration you have been putting off.
For every SharePoint 2013 administrator watching the ToolShell coverage last summer, the lesson was unmistakable: being one support generation behind the patch window is the difference between a fixed vulnerability and one that sits permanently and silently in your environment.
On July 15, 2026, SharePoint 2016 and 2019 customers become the new SharePoint 2013 customers.
Here is what makes the post-July 14 world even more dangerous than what 2013 customers faced in 2023.
The threat landscape has fundamentally changed. AI-powered reconnaissance tools now scan the Internet continuously, cataloging software versions, identifying known vulnerability patterns, and flagging targets for exploitation, at a scale and speed no human team could match. The moment a new CVE drops for an unsupported piece of software, automated tooling begins probing it across every exposed endpoint on the internet, often within hours of disclosure.
Your SharePoint server, sitting behind a corporate firewall, may feel invisible. But it almost certainly has more external exposure than you think, through VPN connections, through integrations with cloud services, through everyday user behavior. And the attackers are not guessing anymore. They are systematic.
When ToolShell dropped, it was actively exploited before most organizations had even read the advisory. That happened while Microsoft was still issuing patches. Imagine the same scenario, but with no patch coming. Ever. That is the post-EOL reality.
It is worth pausing on what is actually sitting in your SharePoint environment. Financial records. HR files. Contracts. Customer data. Regulatory documents. The things your organization depends on most are likely indexed in a legacy system that, in a matter of weeks, will have no security safety net.
A single successful exploitation of a ToolShell-class vulnerability gives an attacker remote code execution on your server. From there, every document in your library is trivially accessible. Data exfiltration. Ransomware deployment. Credential harvesting. The playbook writes itself.
We are not writing this to trigger a panic. We have been in the SharePoint ecosystem for a long time, and we have watched organizations delay migrations for years, for entirely understandable reasons. Complexity. Cost. Disruption. The age-old logic of "it still works." We get it.
"It still works" and "it is still safe" are two very different things. And as of July 14, 2026, the gap between those two statements gets a lot wider.
KnowledgeLake has helped thousands of organizations modernize their document management environments, including migrations off legacy SharePoint to Microsoft 365 and the cloud. We know the workflows, the integrations, the edge cases, and the governance concerns that make these projects feel daunting. And we know how to get through them without tearing the organization apart in the process.
If you are still running SharePoint 2016 or 2019, the clock is not ticking toward some abstract future risk. It is ticking toward July 14th. The next ToolShell will not wait for you to finish the planning phase.
Let's talk about how we get you there before it does.
Ready to Move? Talk to KnowledgeLake.
KnowledgeLake has helped organizations of all sizes navigate the migration from on-premises SharePoint to modern, cloud-native document management. Contact us today to learn how we can help you modernize before the window closes.