Microsoft has released security updates to address a critical vulnerability affecting multiple products that could allow remote code execution.
Microsoft has released security updates to address CVE-2026-27136, a critical vulnerability affecting multiple Microsoft products. The vulnerability could allow an attacker to execute arbitrary code with elevated privileges.
The Common Vulnerabilities and Exposures (CVE) tracking system has assigned CVE-2026-27136 to this issue, which has been given a CVSS score of 8.8, indicating high severity. This vulnerability affects Microsoft Windows 10, Windows 11, and Microsoft Server products.
Exploitation of this vulnerability could allow an attacker to take control of an affected system. Attackers could then install programs, view, change, or delete data, or create new accounts with full user rights.
Microsoft has addressed this vulnerability in the Security Updates released on June 11, 2026. Organizations should apply these updates immediately to protect their systems.
Affected Products:
- Windows 10 (Version 1903 and later)
- Windows 11 (Version 21H2 and later)
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
Mitigation:
- Apply the latest security updates provided by Microsoft.
- For systems that cannot be patched immediately, implement workarounds as recommended by Microsoft.
- Deploy additional security controls such as network segmentation and application whitelisting.
- Monitor systems for unusual activity that might indicate exploitation attempts.
Timeline:
- Vulnerability discovered: April 2026
- Microsoft notified: May 2026
- Security updates released: June 11, 2026
- Next scheduled security updates: July 14, 2026
For more information, refer to the Microsoft Security Update Guide and the official CVE entry.
Comments
Please log in or register to join the discussion