Microsoft confirms critical security flaw in Windows TCP/IP stack enabling unauthenticated remote code execution.
A critical vulnerability in Microsoft Windows TCP/IP stack exposes systems to remote attacks. Tracked as CVE-2026-21221, this flaw allows unauthenticated attackers to execute arbitrary code via specially crafted packets. Successful exploitation enables complete system takeover without user interaction.
Affected products include Windows 10 versions 21H2 through 23H2, Windows 11 versions 21H2 to 23H2, and Windows Server 2022. Microsoft rates this vulnerability Critical with a CVSS v3.1 base score of 9.8. The flaw resides in how the TCP/IP driver handles certain network packets. Attack vectors include both local networks and internet-facing systems.
Microsoft released patches addressing this vulnerability in their May 2026 security updates. Organizations must apply these patches immediately. For systems requiring temporary mitigation, block TCP ports 445 and 139 at network perimeter devices. Disabling unnecessary SMBv1 services provides additional protection layers.
Timeline:
- Vulnerability discovered: April 12, 2026
- Vendor notified: April 15, 2026
Comments
Please log in or register to join the discussion