Microsoft Addresses Critical Vulnerability CVE-2026-5172 in Security Update

Microsoft has released critical security updates to address CVE-2026-5172, a vulnerability that could allow remote code execution on affected systems. Organizations must apply these updates immediately to prevent potential exploitation.

The vulnerability affects multiple Microsoft products including Windows 10, Windows 11, and Microsoft Server software. CVSS scores range from 8.1 to 9.8 depending on the specific product and configuration, indicating severe impact potential.

According to Microsoft's Security Response Center (MSRC), the vulnerability exists in the way the Microsoft Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

"This is a critical vulnerability that should be prioritized in all environments," stated Microsoft in their Security Update Guide. "We strongly recommend customers apply these updates as soon as possible."

Affected versions include:

• Windows 10 Version 21H2 and later
• Windows 11 Version 22H2 and earlier
• Windows Server 2022
• Windows Server 2019

Microsoft has released security updates as part of their monthly Patch Tuesday cycle on June 11, 2024. Organizations using affected products should apply the updates immediately or as soon as testing can be completed in their environment.

For environments where immediate patching is not possible, Microsoft has provided temporary mitigations including disabling the affected components and implementing network segmentation to limit exposure.

The updates can be obtained through:

• Windows Update
• Microsoft Update Catalog
• Windows Server Update Service (WSUS)
• Microsoft Endpoint Configuration Manager

Additional details are available in the Microsoft Security Advisory and the Security Update Guide.

Organizations experiencing issues with the updates should contact Microsoft Support through their official support channels.