Microsoft has identified a critical security vulnerability affecting multiple products that could allow remote code execution. Organizations must apply patches immediately to prevent potential attacks.
Microsoft has issued a security advisory for a critical vulnerability (CVE-2026-43338) affecting multiple versions of Windows and other Microsoft products. The vulnerability, rated 8.8 in the CVSS scoring system, could allow an attacker to execute arbitrary code with elevated privileges.
CVE-2026-43338 is a remote code execution flaw in the Microsoft Windows Graphics Component. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of the affected system.
The vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker could exploit this vulnerability by convincing a user to open a specially crafted document or view a malicious website that contains embedded graphics content.
Microsoft has released security updates to address this vulnerability. Organizations should apply these updates as soon as possible. The updates are available through the Microsoft Security Response Center (MSRC) portal and Windows Update.
Affected products include:
- Windows 10 Version 21H2 and later
- Windows 11 Version 22H2 and later
- Windows Server 2022
- Windows Server 2019
- Microsoft Office 2021
- Microsoft 365 Apps for Enterprise
Microsoft recommends that customers apply the security updates immediately. For systems that cannot be updated immediately, Microsoft has provided workarounds that customers can implement to reduce the risk of exploitation.
The security updates will be distributed automatically through Windows Update on Patch Tuesday, but organizations can download them manually from the Microsoft Update Catalog or through the Microsoft Download Center.
Organizations should test the updates in a non-production environment before deployment to ensure compatibility with their specific configurations.
For more information about this vulnerability and the available updates, visit the Microsoft Security Advisory page.
Comments
Please log in or register to join the discussion