Microsoft Addresses Critical Vulnerability CVE-2026-45130 in Multiple Products

Microsoft has released security updates to address a critical vulnerability affecting multiple products. The vulnerability, tracked as CVE-2026-45130, allows for remote code execution without authentication.

Affected Products

• Windows 10 (version 1903 and later)
• Windows 11 (all versions)
• Windows Server 2019 and 2022
• Microsoft Office 2019 and 2021
• Microsoft 365 Apps for Enterprise

Severity

CVSS Score: 9.8 (Critical)

Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None

Scope: Changed

Impact

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with SYSTEM privileges. The vulnerability is being actively exploited in the wild, making immediate patching critical.

Mitigation

Microsoft has released security updates as part of the February 2026 Security Updates. All affected systems should be patched immediately.

For Windows systems:

1. Go to Settings > Update & Security > Windows Update
2. Click "Check for updates"
3. Install all available updates

For Microsoft Office:

1. Open any Office application
2. Go to File > Account > Update Options
3. Select "Update Now"

Workarounds

If immediate patching is not possible, Microsoft recommends the following workarounds:

1. Enable Windows Defender Application Control
2. Implement network segmentation to limit exposure
3. Disable the affected protocols where possible
4. Deploy Microsoft Defender Antivirus with real-time protection enabled

Timeline

• Vulnerability discovered: December 2025
• Patch release: February 11, 2026
• Next security update: March 10, 2026

For complete details on this vulnerability and affected products, refer to the Microsoft Security Advisory.

Organizations experiencing issues with the updates should contact Microsoft Support for assistance.