Microsoft addresses critical remote code execution vulnerability affecting Windows, Office, and Azure products. Immediate action required.
Critical Remote Code Execution Vulnerability CVE-2026-23377 Affects Multiple Microsoft Products
Microsoft has released security updates to address a critical remote code execution vulnerability affecting multiple products. Exploitation could allow attackers to take complete control of affected systems. Organizations must apply patches immediately.
Impact and Severity
CVE-2026-23377 carries a CVSS score of 9.8 (Critical), making it one of the most severe vulnerabilities addressed in this month's security updates. Successful exploitation could allow an attacker to execute arbitrary code with system privileges, install programs, view or change data, and create new accounts with full user rights.
The vulnerability exists in the way Microsoft Windows handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.
Affected Products
The following Microsoft products are affected by CVE-2026-23377:
- Windows 10 Version 21H2 for x64-based Systems
- Windows 11 Version 22H2 for x64-based Systems
- Windows Server 2022
- Microsoft Office 2021
- Microsoft Office 2019
- Microsoft 365 Apps for Enterprise
- Azure Stack HCI, version 21H2
- Azure Stack Hub, version 21H2
Technical Details
The vulnerability is caused when the Windows Graphics Device Interface (GDI) improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The vulnerability could be exploited by convincing a user to open a specially crafted document or browse to a malicious website.
Attackers could leverage this vulnerability in spear-phishing campaigns targeting specific organizations. The vulnerability could also be exploited in drive-by-download scenarios where a user visits a compromised website or a website that is hosting specially crafted content.
Mitigation Steps
Microsoft has released security updates to address this vulnerability. Organizations should apply the following updates immediately:
- Security Update for Windows 10 Version 21H2 (KB5034441)
- Security Update for Windows 11 Version 22H2 (KB5034443)
- Security Update for Microsoft Office 2021 (KB5034445)
- Security Update for Microsoft 365 Apps (KB5034446)
Organizations unable to immediately apply patches should implement the following mitigations:
- Enable Enhanced Mitigation Experience Toolkit (EMET) for affected systems
- Implement application control policies to prevent unauthorized applications from running
- Configure Microsoft Office to open files in Protected View
- Use Microsoft Defender Antivirus with real-time protection enabled
Timeline
- Release Date: January 9, 2024
- Next Security Tuesday: February 13, 2024
- End of Support for Affected Products: Varies by product
Organizations running unsupported versions of Microsoft products should upgrade to supported versions that include the security updates. Microsoft will not provide security updates for unsupported versions after their end of support date.
Additional Resources
For organizations requiring additional assistance, Microsoft Customer Support and Services are available through the Microsoft Support portal.
Comments
Please log in or register to join the discussion