Critical Microsoft Vulnerability CVE-2026-41605 Allows Remote Code Execution

Microsoft has released security guidance for CVE-2026-41605, a critical vulnerability affecting multiple Microsoft products. The vulnerability allows an attacker to execute arbitrary code on a target system with elevated privileges.

Affected Products:

• Windows 10 (version 21H2 and later)
• Windows 11 (all versions)
• Microsoft Office 2021
• Microsoft 365 Apps for Enterprise
• Microsoft Server 2022

CVSS Score: 9.8 (Critical)

The vulnerability exists due to improper memory handling in the Microsoft Graphics Component. When a specially crafted file is opened or processed, the system may allow execution of arbitrary code. Attackers could exploit this vulnerability by convincing a user to open a malicious document or visit a compromised website.

Microsoft has rated this vulnerability as critical due to the ease of exploitation and potential for significant impact. Successful exploitation could lead to complete system compromise, data theft, or ransomware deployment.

Mitigation Steps:

1. Apply the security updates released on Patch Tuesday, January 14, 2026
2. For systems unable to receive immediate updates, implement the following workarounds:
   • Disable the Microsoft Graphics Component via Group Policy
   • Block access to untrusted file sources
   • Use Application Control policies to restrict execution of untrusted applications
3. Enable Windows Defender Antivirus with real-time protection
4. Train users to avoid opening suspicious attachments or links

Timeline:

• Security Release: January 14, 2026
• Exploitation in the wild: January 8, 2026 (limited targeted attacks)
• Final security update: February 11, 2026

For detailed information on the vulnerability, refer to the Microsoft Security Advisory. Additional guidance is available in the Microsoft Security Response Center blog.

Organizations should prioritize applying these updates, particularly on systems handling sensitive data or providing critical services. The vulnerability is being actively exploited in limited targeted attacks against high-value targets.