Microsoft has identified a critical security vulnerability affecting multiple products that requires immediate patching to prevent potential exploitation.
Microsoft has issued security guidance for CVE-2026-34757, a critical vulnerability affecting multiple Microsoft products. The vulnerability allows remote code execution which could lead to complete system compromise.
Affected products include:
- Windows 10 (versions 1903, 1909, 2004, 20H2, 21H1, 21H2)
- Windows 11 (versions 21H2, 22H2)
- Windows Server 2019, 2022
- Microsoft Office 2019, 2021
- Microsoft 365 Apps
The vulnerability has a CVSS score of 8.8, indicating high severity. Attackers could exploit this vulnerability through specially crafted Office documents without requiring user authentication.
Microsoft has released security updates to address this vulnerability. Organizations should apply these updates as soon as possible. The updates are available through:
- Windows Update
- Microsoft Update
- Microsoft Download Center
- Windows Server Update Service (WSUS)
Organizations unable to immediately apply updates should implement the following mitigations:
- Block Office file attachments in email
- Use Application Control to restrict execution
- Enable Protected View in Office applications
The timeline for this vulnerability is as follows:
- Discovery: October 15, 2023
- Notification to Microsoft: October 20, 2023
- Patch release: November 14, 2023
- Public disclosure: November 14, 2023
For detailed information on this vulnerability, refer to the Microsoft Security Advisory. Additional information is available in the Security Update Guide.
Comments
Please log in or register to join the discussion