Microsoft released a security update addressing CVE-2026-23357, a critical remote code execution flaw in Windows OLE components. Users are urged to apply the patch immediately.
Microsoft issued a security update for CVE-2026-23357. The update addresses a remote code execution vulnerability in Windows operating systems.
The flaw exists in the Windows Object Linking and Embedding (OLE) component. An attacker can exploit the flaw by persuading a user to open a specially crafted file, which triggers arbitrary code execution.
Successful exploitation allows an attacker to run code with the same privileges as the logged‑on user. Microsoft rates the vulnerability as Critical and assigns a CVSS v3.1 base score of 9.8.
Users should install the latest security update from Microsoft Update or Windows Update immediately. Enable automatic updates to ensure future patches are applied without delay. Restrict opening of untrusted files and consider using application control policies to block OLE execution.
Microsoft released the update on September 24, 2025, as part of its monthly Patch Tuesday cycle. For more details, see the Microsoft Security Update Guide entry for CVE-2026-23357.
Comments
Please log in or register to join the discussion