Critical Microsoft Vulnerability CVE-2026-45844 – Immediate Action Required

Impact

• Remote Code Execution on Windows 10 1909–22H2, Windows 11, and Windows Server 2022.
• Attackers can gain SYSTEM privileges.
• Full network takeover possible.

Technical Details

CVE‑2026‑45844 originates in the Windows Shell Extension Loader. An attacker sends a crafted SHELL32.dll request to a vulnerable system. The loader fails to validate the DLL path, allowing arbitrary code execution. The flaw is exploitable over SMB, RDP, or local user processes with elevated rights. The CVSS v3.1 score is 9.8 (Critical).

Affected Versions

Product	Affected Builds	Patching Status
Windows 10	1909 – 22H2	Unpatched
Windows 11	21H2 – 23H1	Unpatched
Windows Server 2022	All	Unpatched

Mitigation Steps

1. Install the official patch from the Microsoft Security Update Guide: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2026-45844.
2. If immediate patching is impossible, disable the SHELL32.dll loader by setting the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableShellExtensionLoader to 1.
3. Block inbound SMB/RDP traffic from untrusted networks until the patch is applied.
4. Run a full system scan with Microsoft Defender Advanced Threat Protection to detect any compromise.

Timeline

Date	Event
2026‑04‑12	CVE disclosed by MSRC.
2026‑04‑15	Patch released for all affected releases.
2026‑04‑16	Advisory issued to customers.
2026‑04‑20	Recommended mitigation steps published.

What to Do Now

• Deploy the patch immediately. Use WSUS or SCCM for bulk deployment.
• Verify that the registry key is set if patching is delayed.
• Monitor logs for unusual SHELL32.dll activity.
• Coordinate with incident response teams to assess potential breaches.

For detailed installation instructions, visit the Microsoft Docs page: https://docs.microsoft.com/en-us/security-updates/windows/2026-04.

Stay vigilant. Prompt action stops attackers from exploiting this critical flaw.