Microsoft has released critical security updates for CVE-2026-32223, a remote code execution vulnerability affecting multiple Windows and Office products with a CVSS score of 9.8.
Microsoft has issued security updates for CVE-2026-32223, a critical vulnerability allowing remote code execution with no user interaction required. The vulnerability affects multiple Microsoft products and requires immediate attention.
Affected Products:
- Windows 10 (21H2 and later)
- Windows 11 (all versions)
- Microsoft Office 2021
- Microsoft 365 Apps for Enterprise
- Microsoft Server 2022
CVSS Score: 9.8 (Critical)
The vulnerability stems from improper handling of memory objects in affected components. An attacker could exploit this vulnerability by sending specially crafted content to a target system. Successful exploitation could allow an attacker to execute arbitrary code with elevated privileges.
Microsoft has released security updates to address this vulnerability. Organizations should apply these updates immediately. The updates are available through Windows Update and Microsoft Update, as well as through the Microsoft Download Center.
Mitigation Steps:
- Apply security updates immediately
- Enable automatic updates where possible
- Implement network segmentation
- Restrict access to affected systems
- Monitor for suspicious activity
Timeline:
- Discovery: January 15, 2026
- Microsoft notified: January 20, 2026
- Patch release: February 11, 2026
- Public disclosure: February 14, 2026
For detailed information on affected files and download locations, visit the official Microsoft Security Response Center and the security advisory page.
Organizations unable to immediately patch should implement workarounds including disabling affected protocols and implementing application whitelisting. Additional guidance is available in the Mitigation section of the advisory.
Comments
Please log in or register to join the discussion