Attackers need little more than a valid SharePoint account to execute code on vulnerable on-prem servers