Microsoft’s Loading component suffers a remote code execution flaw. Affected Windows 10/11 builds 22621.0–22621.4000 are vulnerable. CVSS 9.8. Immediate patching required. Follow the MSRC guidance to remediate.
CVE-2026-44390: Critical Microsoft Loading Vulnerability Exploited
Impact
A flaw in the Windows Loading component allows attackers to execute arbitrary code with SYSTEM privileges. An attacker can trigger the vulnerability remotely via a specially crafted DLL. Successful exploitation results in full system takeover.
Technical Details
The vulnerability resides in the LoadLibraryExW function when loading DLLs from untrusted paths. The function fails to validate the DLL path correctly, enabling a crafted path that bypasses the loader’s integrity check. When the loader processes the malicious DLL, it executes code embedded in the DLL’s entry point. The flaw is exploitable without user interaction.
- CVE ID: CVE-2026-44390
- Affected Products: Windows 10 (builds 22621.0–22621.4000), Windows 11 (builds 22621.0–22621.4000)
- CVSS v3.1 Base Score: 9.8 (Critical)
- Attack Vector: Remote Network
- Privileges Required: None
- User Interaction: None
- Impact: Privilege Escalation, Confidentiality, Integrity, Availability
Mitigation Steps
- Apply the latest cumulative update. Download the patch from the Microsoft Security Update Guide: CVE-2026-44390.
- Verify installation. Run
sfc /scannowandDISM /Online /Cleanup-Image /RestoreHealthto ensure system integrity. - Restrict DLL loading. Configure AppLocker or Software Restriction Policies to allow DLLs only from trusted locations.
- Enable Exploit Protection. In Windows Security, set the DLL Search Order to System and enable Control Flow Guard.
- Monitor for indicators. Watch for unusual DLL loads in Event Viewer under Security and Application logs.
Timeline
- 2026-04-15: CVE disclosed by Microsoft. Public advisory released.
- 2026-04-20: Patch 24H2.1 released for Windows 10/11.
- 2026-04-25: Advisory updated with additional mitigation guidance.
- 2026-05-01: Patch deployed to 90% of enterprise machines.
Additional Resources
- Microsoft Security Response Center
- Windows Security Documentation – Exploit Protection
- AppLocker Overview
Act now. Apply the patch immediately. Failure to do so exposes systems to immediate compromise.
Comments
Please log in or register to join the discussion