Microsoft addresses critical remote code execution vulnerability affecting multiple products, including Windows and Office. CVSS score 9.8. Immediate action required.
Microsoft has released security updates for CVE-2026-27211. Critical vulnerability with CVSS score 9.8.
The vulnerability allows remote code execution in the Windows Graphics Component. Attackers can run arbitrary code in the context of the current user. Systems with administrative rights are most vulnerable.
Exploitation requires user interaction. Attackers trick users into opening malicious files or visiting malicious websites. Once exploited, attackers can install programs, view or delete data, and create new accounts with full rights.
Affected products:
- Windows 10 Version 21H2 and later
- Windows 11 Version 22H2 and later
- Windows Server 2022
- Microsoft Office 2019 and later
- Microsoft Office for Mac
Microsoft has corrected how the Windows Graphics Component handles objects in memory. Security patches are available now.
Organizations must apply updates immediately. Prioritize systems exposed to the internet. The vulnerability poses significant risk.
Temporary workarounds available if patching is delayed. Disable the problematic component. Use application control solutions to block the attack vector.
Researchers discovered the vulnerability through responsible disclosure. Reported to Microsoft's Security Response Center.
This vulnerability highlights the critical need for regular security updates. Enterprise environments should implement robust patch management processes.
For detailed information, visit Microsoft's Security Update Guide. See the Security Update Summary for additional technical details.
Comments
Please log in or register to join the discussion