Microsoft has released an urgent security update addressing CVE-2026-34353, a critical vulnerability affecting multiple Windows versions. The flaw allows remote code execution and requires immediate patching.
Microsoft has released a critical security update addressing CVE-2026-34353, a remote code execution vulnerability affecting multiple Windows operating systems. The vulnerability, rated 9.8 out of 10 on the CVSS scale, allows attackers to execute arbitrary code on affected systems without authentication.
The flaw exists in the Windows Remote Procedure Call (RPC) service, a core component that enables communication between processes on networked computers. Attackers can exploit this vulnerability by sending specially crafted RPC requests to vulnerable systems, potentially gaining complete control over the affected machine.
Affected Products
- Windows 10 Version 1809 and later
- Windows Server 2019 and 2022
- Windows 11 (all versions)
- Windows Server 2025
Microsoft has confirmed that the vulnerability is being actively exploited in the wild, with initial reports indicating targeted attacks against enterprise networks. The company urges all users to apply the security update immediately.
Mitigation Steps
- Enable automatic updates or manually check for updates through Windows Update
- Install the latest security patch (KB5035123)
- Restart systems after installation to ensure complete patching
- Verify patch installation by checking the Windows Update history
For organizations with managed environments, Microsoft recommends deploying the update through Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. The update is also available through the Microsoft Update Catalog for manual installation.
Timeline
- Vulnerability discovered: March 15, 2026
- Microsoft notified: March 16, 2026
- Patch development completed: March 20, 2026
- Public disclosure and release: March 24, 2026
Security researchers credit the Microsoft Security Response Center (MSRC) for their rapid response to this critical issue. The company has also released additional hardening guidelines for organizations that cannot immediately apply the patch, including network segmentation and RPC traffic filtering.
Users can verify their vulnerability status by checking their Windows version and installed updates. Systems running Windows 10 version 21H2 or later with the March 2026 security updates installed are protected against this specific vulnerability.
Microsoft has not disclosed detailed technical information about the exploit to prevent further attacks while organizations complete their patching efforts. The company continues to monitor for active exploitation attempts and will provide additional guidance if necessary.
For more information and technical details, visit the Microsoft Security Update Guide or contact Microsoft Support for enterprise assistance.
Comments
Please log in or register to join the discussion