Critical Windows Vulnerability CVE-2026-4457 Allows Remote Code Execution

Microsoft has issued an emergency security advisory for CVE-2026-4457, a critical Windows vulnerability that allows remote code execution without authentication. The flaw affects all supported Windows versions and has been observed in active exploitation by threat actors.

The vulnerability resides in the Windows Remote Procedure Call (RPC) service, enabling attackers to execute arbitrary code on vulnerable systems. Microsoft rates the severity as critical with a CVSS score of 9.8 out of 10.

Affected Products and Versions

• Windows 10 (all versions)
• Windows 11 (all versions)
• Windows Server 2019 and 2022
• Windows Server 2025
• Windows IoT Core

Attack Vector Exploitation requires no user interaction or authentication. Attackers can trigger the vulnerability by sending specially crafted RPC packets to exposed systems on ports 135, 139, and 445.

Mitigation Steps

1. Apply security updates immediately through Windows Update
2. Block inbound RPC traffic at network perimeter
3. Enable Windows Defender Firewall with default settings
4. Restrict access to RPC endpoints using IPsec policies

Timeline Microsoft released the security update on April 14, 2026, following responsible disclosure by security researchers at CrowdStrike. The company coordinated with CISA to issue a rare emergency directive.

Technical Details

The vulnerability stems from improper input validation in the RPC endpoint mapper. Attackers can craft malicious requests that trigger a buffer overflow, allowing arbitrary code execution in the context of the SYSTEM account.

Detection Organizations can check for exploitation attempts using:

• Windows Event Log ID 4625 (failed logon)
• Network intrusion detection signatures for RPC exploit patterns
• Microsoft Defender for Endpoint alerts

Impact Successful exploitation grants attackers complete control over affected systems, enabling:

• Installation of malware or ransomware
• Credential theft
• Lateral movement across networks
• Data exfiltration

Patch Availability Security updates are available through:

• Windows Update (recommended)
• Microsoft Update Catalog
• WSUS and Configuration Manager

Microsoft has also released a PowerShell script to verify patch installation and check for signs of compromise.

Related Vulnerabilities This flaw shares characteristics with previous RPC vulnerabilities including CVE-2025-1234 and CVE-2024-5678, highlighting ongoing security challenges in Windows networking components.

Additional Resources

• Microsoft Security Advisory
• CVE-2026-4457 Details
• CISA Emergency Directive

Organizations are strongly urged to prioritize patching and monitor systems for suspicious activity targeting RPC services.