Microsoft addresses a critical vulnerability affecting multiple products. Immediate action required.
Microsoft has released a security update addressing CVE-2026-28419, a critical vulnerability affecting multiple Microsoft products. The vulnerability allows for remote code execution with no user interaction required.
Affected Products Windows 10 Version 21H2 Windows 11 Version 22H2 Windows Server 2022 Microsoft Office 2021 Microsoft 365 Apps
Severity CVSS Score: 9.8 (Critical) Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed
The vulnerability exists in the way Microsoft Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.
Microsoft has released security updates to address this vulnerability. Organizations should apply these updates immediately.
Mitigation Steps
- Apply the latest security updates from Microsoft.
- Enable automatic updates on all systems.
- Restrict network access to critical systems.
- Implement application whitelisting.
- Monitor for unusual activity.
Timeline Release Date: January 9, 2026 Exploitation Status: No known public exploitation Next Security Tuesday: February 13, 2026
For detailed information about the security updates, visit the Microsoft Security Response Center or the Security Update Guide.
Organizations experiencing issues with the updates should contact Microsoft Support through the Microsoft Support Portal.
Comments
Please log in or register to join the discussion