Microsoft has released security updates to address a critical remote code execution vulnerability affecting multiple Windows products. Exploitation could allow attackers to take complete control of affected systems.
Microsoft has released security updates to address CVE-2026-46091, a critical remote code execution vulnerability affecting multiple Windows products. The vulnerability exists in the way Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated privileges.
CVSS 9.8 severity rating. Exploitation is possible without user authentication. Attackers could run arbitrary code, install programs, view or change data, or create new accounts with full user rights.
Affected products include:
- Windows 10 (version 21H2 and later)
- Windows 11 (version 22H2 and later)
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012 R2
Microsoft recommends applying these security updates immediately. Organizations should prioritize systems exposed to untrusted networks.
Mitigation steps:
- Apply the security updates immediately
- Enable automatic updates where possible
- Deploy updates through Windows Server Update Services (WSUS)
- Test updates in non-production environments first
- Monitor for exploitation attempts
The vulnerability was discovered by security researchers at Zero Day Initiative who reported it to Microsoft through their coordinated vulnerability disclosure program.
For complete technical details, refer to the Microsoft Security Advisory and Security Update Guide.
Comments
Please log in or register to join the discussion