Microsoft has released a security update addressing CVE-2026-22991, a critical vulnerability affecting multiple Windows versions. Users should apply patches immediately to prevent potential exploitation.
Microsoft has issued an emergency security update to address CVE-2026-22991, a critical vulnerability rated 9.8/10 on the CVSS scale that could allow remote code execution on unpatched systems.
The vulnerability affects Windows 10 version 1809 through 21H2, Windows Server 2019, and Windows Server 2022. Attackers could exploit this flaw to execute arbitrary code with system privileges, potentially compromising entire networks.
Affected Products:
- Windows 10 version 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2
- Windows Server 2019 (all editions)
- Windows Server 2022 (all editions)
CVSS Score: 9.8 (Critical) Attack Vector: Network Attack Complexity: Low Privileges Required: None
Microsoft recommends immediate action:
- Enable automatic updates or check Windows Update manually
- Apply the latest security patch released March 12, 2026
- Restart systems after installation to complete the update process
- Verify patch installation through Windows Update history
The vulnerability stems from improper input validation in the Windows kernel, allowing specially crafted network packets to trigger memory corruption. Microsoft reports no active exploitation in the wild but warns the flaw's severity demands urgent remediation.
Organizations should prioritize patching critical infrastructure and domain controllers first. Microsoft has also released guidance for enterprise environments with specific deployment considerations for large-scale rollouts.
For detailed technical information and patch download links, visit the Microsoft Security Update Guide or contact Microsoft Support for enterprise assistance.
Comments
Please log in or register to join the discussion