Microsoft has identified a critical vulnerability affecting multiple products that could allow remote code execution. Organizations must apply security updates immediately to prevent potential attacks.
Microsoft has released security updates addressing a critical vulnerability, CVE-2026-4675, that could allow attackers to execute arbitrary code on affected systems. The vulnerability carries a CVSS score of 8.8, making it a high-priority security concern.
Affected Products:
- Windows 10 (Version 21H2 and later)
- Windows 11 (All versions)
- Microsoft Office 2021
- Microsoft 365 Apps for Enterprise
The vulnerability exists in the way Microsoft Windows handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code with system privileges. Users whose accounts are configured to have fewer user rights could be less impacted than those who operate with administrative privileges.
Attackers could exploit the vulnerability by convincing a user to open a specially crafted file or visit a malicious website. No additional execution privileges are required to exploit this vulnerability.
Microsoft has released security updates to address this vulnerability. Organizations should apply these updates as soon as possible. For systems that cannot be updated immediately, Microsoft has provided additional mitigation steps.
Mitigation Steps:
- Apply the latest security updates immediately.
- Enable the Windows Defender Antivirus to detect and block known exploitation attempts.
- Configure Microsoft Office to open files in Protected View.
- Restrict user privileges to minimize potential impact.
Timeline:
- Vulnerability discovered: October 15, 2023
- Security updates released: November 14, 2023
- Exploit code detected in the wild: November 20, 2023
For complete details on the vulnerability and affected products, refer to the Microsoft Security Response Center and the official security advisory.
Organizations should prioritize patching systems that are directly accessible from the internet and those containing sensitive data. The vulnerability is being actively exploited in limited targeted attacks, making immediate remediation critical.
Additional information about this vulnerability and related security updates can be found in the Microsoft Security Update Guide.
Comments
Please log in or register to join the discussion