Microsoft Addresses Critical Remote Code Execution Vulnerability CVE-2026-44662

Microsoft has released critical security updates to address CVE-2026-44662, a remote code execution vulnerability affecting multiple Windows components. The vulnerability carries a CVSS score of 9.8 and is being actively exploited in the wild.

The vulnerability exists in the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights could be less impacted than users who operate with administrative user rights.

Affected products include:

• Windows 10 Version 21H2 (and earlier)
• Windows 11 Version 22H2 (and earlier)
• Windows Server 2022 (and earlier)
• Windows Server 2019
• Windows Server 2016
• Microsoft Office 2021
• Microsoft Office LTSC 2021
• Microsoft 365 Apps for Enterprise

Microsoft has released security updates to address this vulnerability. Organizations should apply these updates immediately as the vulnerability is being actively exploited in attacks targeting government, financial, and critical infrastructure sectors.

Mitigation steps:

1. Apply the latest security updates immediately
2. Enable automatic updating on all systems
3. Restrict access to affected components
4. Implement network segmentation to limit lateral movement
5. Monitor for suspicious activity related to graphics processing

Microsoft has rated this update as Critical for all affected versions. The updates are available through the Microsoft Security Response Center and can be deployed via Windows Update, WSUS, or SCCM.

For complete details on this vulnerability, visit the Microsoft Security Advisory. Additional information about the vulnerability is available in the National Vulnerability Database.

Organizations experiencing issues with the updates should contact Microsoft Support or refer to the deployment guidance provided in the security bulletin.