Microsoft has released critical security updates to address CVE-2026-43116, a severe vulnerability affecting multiple products that could allow remote code execution.
Microsoft has issued critical security updates to address CVE-2026-43116, a vulnerability affecting multiple Microsoft products. The vulnerability carries a CVSS score of 8.8, classified as high severity.
CVE-2026-43116 is a remote code execution vulnerability in the Windows Graphics Component. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of the affected system.
The vulnerability affects the following Microsoft products:
- Windows 10 Version 21H2 and later
- Windows 11 Version 22H2 and later
- Windows Server 2022
- Windows Server 2019
Microsoft has released security updates on Patch Tuesday, January 14, 2026 to address this vulnerability. Customers are urged to apply these updates immediately.
Mitigation steps:
- Apply the security updates immediately through Windows Update or the Microsoft Update Catalog.
- For systems that cannot be updated immediately, implement the workarounds detailed in the Microsoft Security Advisory.
- Enable the Windows Graphics Component protection feature in Group Policy for enterprise deployments.
Organizations should prioritize updating systems that are accessible from untrusted networks, as these are at the highest risk of exploitation.
The vulnerability was reported to Microsoft by security researchers at Conti Security Labs. Microsoft is not aware of any exploits targeting this vulnerability in the wild at this time.
For more information about this vulnerability and the available updates, visit the Microsoft Security Response Center or the official security bulletin.
Comments
Please log in or register to join the discussion