Microsoft Addresses Critical Vulnerability CVE-2026-8328 in Security Update

Microsoft has released critical security updates to address CVE-2026-8328, a vulnerability that could allow remote code execution on affected systems. The vulnerability affects multiple Microsoft products and services.

The vulnerability has been assigned a CVSS score of 8.8, indicating high severity. Attackers could exploit this vulnerability without authentication to take control of affected systems.

Affected products include:

• Windows 10 (version 21H2 and later)
• Windows 11 (all versions)
• Microsoft Office 2019 and 2021
• Microsoft 365 Apps
• Microsoft Edge (Chromium-based)

Microsoft recommends applying the security updates immediately. Organizations should prioritize deploying these updates to critical systems first.

To mitigate the vulnerability, Microsoft has released the following updates:

• Security Update for Windows 10 (KB5035853)
• Security Update for Windows 11 (KB5035854)
• Security Update for Microsoft Office (KB5035855)
• Security Update for Microsoft Edge (KB5035856)

For systems unable to install the updates immediately, Microsoft recommends implementing the following workarounds:

1. Enable Enhanced Mitigation Experience Toolkit (EMET)
2. Configure Microsoft Office to run in protected mode
3. Block TCP ports at the firewall level

The vulnerability was discovered by security researchers at [Company Name] and reported to Microsoft through their Bug Bounty Program. Microsoft credits the researchers for their responsible disclosure.

Organizations can find detailed information about the vulnerability and affected products in the Microsoft Security Advisory.

For enterprise customers, Microsoft has provided deployment guidance through their Security Update Deployment Guide.

The next Patch Tuesday is scheduled for [Date], when Microsoft is expected to release additional security updates for remaining vulnerabilities.