Microsoft has identified a critical security vulnerability affecting multiple products that requires immediate patching to prevent potential exploitation.
Microsoft has issued a security advisory for CVE-2026-21717, a critical vulnerability affecting multiple Windows products. The vulnerability could allow remote code execution, giving attackers complete control over affected systems.
Affected Products:
- Windows 10 (version 21H2 and later)
- Windows 11 (all versions)
- Windows Server 2022
- Windows Server 2019
- Microsoft Office 2021
- Microsoft 365 Apps for Enterprise
CVSS Severity: 9.8 (Critical)
The vulnerability exists in the way Microsoft Windows handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code with system privileges. Attackers could then install programs, view, change, or delete data, or create new accounts with full user rights.
Microsoft has released security updates to address this vulnerability. Organizations should apply these updates immediately. The updates are available through Windows Update and the Microsoft Update Catalog.
For systems that cannot be updated immediately, Microsoft has provided temporary workarounds:
- Enable Enhanced Mitigation Experience Toolkit (EMET)
- Configure Windows Defender Application Control to block the vulnerable component
- Restrict network access to affected systems
The MSRC (Microsoft Security Response Center) has classified this as a priority 1 vulnerability for all affected products. Microsoft is not aware of any instances of this vulnerability being used in attacks at this time.
Organizations should review Microsoft's Security Update Guide for detailed information about the vulnerability and mitigation steps. The guide provides technical details about the vulnerability, including the attack vectors and impact.
For more information, visit:
Organizations experiencing issues with the updates should contact Microsoft Support through their support portal.
Comments
Please log in or register to join the discussion