Microsoft has released security updates to address a critical vulnerability affecting multiple products that could allow remote code execution.
Microsoft has issued security updates to address a critical vulnerability affecting multiple products. The vulnerability, tracked as CVE-2026-6429, has a CVSS score of 9.8 and is actively exploited in the wild.
Organizations must apply patches immediately. The vulnerability allows remote code execution with no user interaction. Attackers can gain the same user rights as the current user.
Affected products include:
- Windows 10 (versions 1903, 1909, 2004, 20H2, 21H1)
- Windows 11 (versions 21H2, 22H2)
- Windows Server 2022
- Microsoft Office 2021
- Microsoft 365 Apps for Enterprise
The vulnerability exists in the way Microsoft Windows handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code with system privileges.
Microsoft released security updates on June 11, 2026. Organizations should apply these updates as soon as possible. The updates are available through the Microsoft Security Response Center portal and Windows Update.
For systems that cannot be patched immediately, Microsoft recommends implementing workarounds. These include restricting access to affected systems and enabling enhanced logging.
Microsoft has confirmed limited targeted exploitation of this vulnerability. Organizations should assume their systems may be targeted.
The security update guide provides detailed instructions for deployment. IT administrators should test updates in a staging environment before deployment to production systems.
For more information, visit the Microsoft Security Response Center and review the security update guide.
Comments
Please log in or register to join the discussion