Microsoft addresses critical vulnerability in multiple products enabling remote attackers to execute arbitrary code with system privileges.
Microsoft Critical Vulnerability CVE-2026-3479 Allows Remote Code Execution
Microsoft has released security updates to address a critical vulnerability affecting multiple products. The vulnerability, tracked as CVE-2026-3479, could allow an attacker to execute arbitrary code with system privileges.
Impact
This vulnerability is rated Critical with a CVSS score of 9.8. Successful exploitation could allow an attacker to take complete control of an affected system. Attackers could then install programs, view, change, or delete data, or create new accounts with full user rights.
Affected Products
Windows 10 (version 21H2 and later) Windows 11 (all versions) Windows Server 2022 Windows Server 2019 Microsoft Office 2019 and Microsoft 365 Apps
Technical Details
The vulnerability exists in the way Microsoft Windows handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Attackers could exploit the vulnerability by convincing a user to open a specially crafted file or visit a malicious website. The vulnerability does not require authentication, meaning any anonymous user could potentially exploit it.
Mitigation
Microsoft has released security updates to address this vulnerability. Organizations should apply the following updates immediately:
Timeline
- Discovery: January 2026
- Vendor Notification: January 15, 2026
- Patch Release: February 8, 2026 (Patch Tuesday)
- Public Disclosure: February 14, 2026
Workarounds
If unable to install updates immediately, Microsoft recommends the following workarounds:
- Enable the Enhanced Mitigation Experience Toolkit (EMET)
- Block access to suspicious websites through firewalls
- Restrict execution of files from network locations
- Enable Windows Defender Exploit Guard
Organizations should prioritize applying these updates as soon as possible. The vulnerability is being actively exploited in the wild according to multiple threat intelligence reports.
For additional information, refer to the official Microsoft Security Advisory and the CISA Alert AA26-034A.
Comments
Please log in or register to join the discussion