Microsoft has identified a critical vulnerability affecting multiple products that requires immediate patching to prevent potential system compromise.
Microsoft has issued urgent guidance for CVE-2026-46138, a critical vulnerability affecting multiple products. The vulnerability allows remote code execution with no user interaction required. Organizations must apply patches immediately.
Affected Products:
- Windows 10 (version 21H2 and later)
- Windows 11 (all versions)
- Microsoft Office 2021
- Microsoft 365 Apps
- Microsoft Edge (Chromium-based)
The vulnerability has a CVSS score of 9.8, indicating critical severity. Exploitation could allow an attacker to take complete control of an affected system. Microsoft reports active exploitation attempts in the wild.
Mitigation Steps:
- Apply security updates immediately
- Enable automatic updates on all systems
- Implement network segmentation to limit lateral movement
- Review firewall rules to block suspicious traffic
Microsoft has released security updates as part of the December 2025 Security Updates. The updates address the vulnerability across all affected products.
Organizations should prioritize patching systems exposed to the internet. The vulnerability can be exploited through compromised websites or malicious documents. No additional configuration changes are required after patching.
For enterprise environments, Microsoft recommends deploying updates through Windows Server Update Services or Microsoft Endpoint Configuration Manager.
The vulnerability was discovered by Microsoft's security team. No workarounds are available. All affected systems must be patched to ensure protection.
Additional information is available in the Microsoft Security Advisory. Organizations experiencing issues with the updates should contact Microsoft Support.
Comments
Please log in or register to join the discussion