Microsoft has released security updates to address CVE-2026-4442, a critical vulnerability in the Windows Graphics Component that could allow remote code execution. Immediate action required.
Microsoft has released critical security updates addressing CVE-2026-4442, a vulnerability in the Windows Graphics Component that could allow an attacker to execute arbitrary code on affected systems. The vulnerability exists due to improper handling of objects in memory when processing specially crafted image files.
CVSS 9.8. Critical severity. Exploitation could allow remote code execution without authentication.
Affected products include:
- Windows 10 Version 21H2 and later
- Windows 11 Version 22H2 and later
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
The vulnerability could be exploited by convincing a user to open a specially crafted image file or visit a website hosting malicious content. Successful exploitation could lead to complete system compromise with elevated privileges.
Microsoft has released the following updates:
- KB5034441 for Windows 10
- KB5034442 for Windows 11
- KB5034443 for Windows Server 2022
- KB5034444 for Windows Server 2019
- KB5034445 for Windows Server 2016
Mitigation steps:
- Apply the security updates immediately
- Deploy updates through Windows Server Update Services or Microsoft Endpoint Manager
- Block access to suspicious websites and email attachments
- Enable the Windows Defender Exploit Guard
- Consider blocking untrusted image file formats as a temporary measure
Timeline:
- Vulnerability discovered: June 2026
- Patch released: July 12, 2026
- Next security update: August 8, 2026
- Exploitation observed in the wild: July 15, 2026
Organizations should prioritize deploying these updates, especially on systems exposed to the internet. No workarounds are available at this time.
For more information, visit the Microsoft Security Response Center or the official CVE entry.
Comments
Please log in or register to join the discussion