Microsoft has released security updates addressing a critical vulnerability affecting multiple products. Organizations must apply patches immediately to prevent potential exploitation.
Microsoft has released security updates addressing a critical vulnerability affecting multiple products. The vulnerability, tracked as CVE-2026-45993, could allow remote code execution with no user interaction.
Affected Products:
- Windows 10 (version 21H2 and later)
- Windows 11 (all versions)
- Windows Server 2022
- Microsoft Office 2021
- Microsoft 365 Apps for Enterprise
The vulnerability exists in the way Microsoft Windows handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code with system privileges. Attackers could then install programs, view, change, or delete data, or create new accounts with full user rights.
CVSS Score: 9.8 (Critical)
Mitigation: Microsoft has released security updates to address this vulnerability. Organizations should apply the following updates immediately:
For Windows systems:
- Windows 10: KB5035853
- Windows 11: KB5035854
- Windows Server 2022: KB5035855
For Microsoft Office:
- Microsoft Office 2021 Security Update (KB5035856)
- Microsoft 365 Apps for Enterprise Security Update (KB5035857)
Organizations unable to immediately apply updates should implement the following workarounds:
- Enable Windows Defender Exploit Guard
- Configure Microsoft Office to open files in Protected View
- Restrict network access to affected systems
Timeline:
- Release Date: January 9, 2026
- Exploitation Status: Limited targeted attacks observed
- Next Security Tuesday: February 13, 2026
Additional Resources:
- Microsoft Security Advisory CVE-2026-45993
- Windows Security Updates Download Center
- Microsoft Security Response Center MSRC
Organizations experiencing issues with the updates should contact Microsoft Support through the Microsoft Support Portal.
Comments
Please log in or register to join the discussion