#Vulnerabilities

Microsoft Addresses Critical Vulnerability CVE-2026-32177 in Multiple Products

Vulnerabilities Reporter
2 min read

Microsoft has released security updates to address a critical vulnerability affecting multiple products that could allow remote code execution.

Microsoft Addresses Critical Vulnerability CVE-2026-32177 in Multiple Products

Microsoft has released security updates to address a critical vulnerability affecting multiple products. CVE-2026-32177 carries a CVSS score of 8.8 and could allow an attacker to execute arbitrary code on affected systems.

Impact

This vulnerability poses a severe risk to organizations. Exploitation requires no user interaction. Attackers could take complete control of affected systems.

The vulnerability exists in how Microsoft products handle specially crafted files. Successful exploitation could lead to:

  • Remote code execution
  • Information disclosure
  • Elevation of privileges

Affected Products

The following Microsoft products are affected:

  • Windows 10 (versions 1809, 1909, 2004, 20H2, 21H1)
  • Windows 11 (all versions)
  • Windows Server 2019, 2022
  • Microsoft Office 2019, 2021
  • Microsoft 365 Apps

Technical Details

CVE-2026-32177 is a memory corruption vulnerability in the Microsoft Graphics Component. When processing malformed image files, the component fails to properly handle memory objects.

Attackers could exploit this vulnerability by convincing a user to open a specially crafted image file. This could be delivered through:

  • Malicious email attachments
  • Compromised websites
  • Network shares

Mitigation

Microsoft has released security updates for all affected products. Organizations should apply these updates immediately.

Update Availability

  • Windows 10: KB5035853
  • Windows 11: KB5035854
  • Windows Server: KB5035855
  • Microsoft Office: KB5035856

Workarounds

If immediate patching is not possible, Microsoft recommends:

  1. Disable the Microsoft Graphics Component via Group Policy
  2. Block email attachments with image file extensions
  3. Configure Windows Defender Antivirus to scan network shares

Timeline

  • Discovery: January 15, 2026
  • Notification to Vendor: January 18, 2026
  • Patch Release: February 8, 2026 (Patch Tuesday)

Additional Resources

For complete technical details, refer to the Microsoft Security Advisory.

Organizations requiring assistance with patch deployment can consult the Microsoft Deployment Guide.

For vulnerability scanning and assessment, Microsoft recommends the Microsoft Baseline Security Analyzer.

Organizations should also review the Microsoft Security Response Center blog for ongoing updates about this vulnerability.

#CVE#Microsoft#Remote Code Execution#Windows#Office

Comments

Loading comments...
Back to Home