Microsoft has released emergency security updates for a critical remote code execution vulnerability affecting multiple products.
Microsoft has released emergency security updates to address CVE-2026-46006, a critical vulnerability affecting multiple Microsoft products. The vulnerability could allow an attacker to execute arbitrary code with elevated privileges without authentication.
Affected Products The following Microsoft products are affected by CVE-2026-46006:
- Windows 10 (version 1803 and later)
- Windows 11 (all versions)
- Microsoft Office 2019 and Microsoft 365 Apps
- Microsoft Edge (Chromium-based)
- Azure Sphere OS
Severity and Impact CVE-2026-46006 has a CVSS score of 8.8, classified as HIGH severity. The vulnerability is a remote code execution flaw in the Windows Graphics Component. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.
The vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.
Exploitation Microsoft has detected limited targeted attacks exploiting this vulnerability in the wild. These attacks are being conducted by sophisticated threat actors with high operational security. The attacks primarily focus on government and enterprise environments with valuable intellectual property.
Mitigation Steps Microsoft has released security updates to address this vulnerability. Organizations should:
- Apply the latest security updates immediately
- Enable automatic updating on all systems
- Deploy additional mitigations if immediate patching is not possible
For systems that cannot be patched immediately, Microsoft recommends:
- Restricting access to affected services from untrusted networks
- Implementing network segmentation to limit potential blast radius
- Using application whitelisting to prevent unauthorized code execution
- Disabling the Windows Graphics Component where not required
Technical Details The vulnerability is caused by improper handling of objects in memory when processing specially crafted image files. An attacker could exploit this vulnerability by convincing a user to open a malicious image file or by hosting a specially crafted image file on a website that a user visits.
The vulnerability affects the way the Windows Graphics Component handles objects in memory. When processing a specially crafted image file, the component could allow an attacker to execute arbitrary code in the context of the current user.
Timeline
- Vulnerability discovered: June 15, 2026
- Security updates released: July 11, 2026 (Patch Tuesday)
- Next security release: August 8, 2026
- End of extended support: January 14, 2027 for Windows 10 version 1803
References For more information, see the Microsoft Security Advisory and the CVE-2026-46006 entry in the CVE database. Additional guidance is available in the Microsoft Security Response Center blog.
Comments
Please log in or register to join the discussion