Microsoft has published guidance for CVE-2026-23439, a vulnerability affecting select Windows and server products. The advisory includes severity details, affected versions, and steps to apply mitigations.
Microsoft released a security update guide for CVE-2026-23439 on the MSRC portal. The vulnerability impacts Windows 10 version 2004 and later, Windows 11, and certain editions of Windows Server 2022.
CVSS v3.1 base score: 9.0 (Critical). The flaw allows remote code execution when an attacker sends a specially crafted request to the affected service.
Affected products:
- Windows 10, version 2004 through 22H2
- Windows 11, version 21H2 through 23H2
- Windows Server 2022
Mitigation steps:
- Apply the latest security update from Windows Update or Microsoft Update Catalog.
- If immediate patching is not possible, block inbound traffic to the vulnerable port at the network perimeter.
- Enable exploit protection via Windows Defender Exploit Guard.
Timeline:
- Advisory published: 2025-08-27
- Security update released: 2025-08-28
Users should prioritize patching systems exposed to the internet. Refer to the full advisory for detailed registry workarounds and verification steps.
For more information, see the Microsoft Security Update Guide: CVE-2026-23439.
Comments
Please log in or register to join the discussion