Microsoft Critical Vulnerability CVE-2026-42013 Allows Remote Code Execution

Microsoft has released security updates for multiple products addressing a critical vulnerability that could allow attackers to execute arbitrary code on affected systems. CVE-2026-42013 carries a CVSS score of 9.8 and is being actively exploited in limited attacks.

The vulnerability exists in the way Microsoft Windows handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.

Affected products include:

• Windows 10 (version 21H2 and later)
• Windows 11 (all versions)
• Windows Server 2022
• Windows Server 2019
• Microsoft Office 2019 and 2021
• Microsoft 365 Apps for Enterprise

Microsoft has released security updates to address this vulnerability. Organizations should apply these updates immediately as the vulnerability is being exploited in the wild.

Mitigation steps:

1. Apply the security updates immediately
2. Enable automatic updates on all systems
3. Restrict access to untrusted users
4. Implement network segmentation
5. Monitor for unusual activity

The security updates are available through the Microsoft Security Response Center and Windows Update. For detailed information on the specific updates for each affected product, visit the Microsoft Security Response Center.

Organizations unable to immediately patch should implement the following temporary mitigations:

• Disable the affected components where possible
• Implement application control policies
• Configure Windows Defender Application Control to block unsigned applications

Microsoft has confirmed that they are aware of limited targeted attacks exploiting this vulnerability and recommends immediate action to protect systems. The vulnerability was discovered by security researchers at Google Project Zero and reported to Microsoft through their vulnerability reporting program.

For continuous security updates, organizations should subscribe to the Microsoft Security Blog and enable Microsoft Defender for Endpoint to detect and respond to potential exploitation attempts.