Microsoft has released a critical security update to address a remote code execution vulnerability in Windows, tracked as CVE-2026-46108. Attackers could exploit this flaw to take control of affected systems.
Microsoft has released an emergency security update to patch a critical remote code execution (RCE) vulnerability affecting supported versions of Windows. Tracked as CVE-2026-46108, the flaw allows attackers to execute arbitrary code on vulnerable systems remotely.
The vulnerability exists in the Windows Remote Desktop Protocol (RDP) and can be exploited by sending a specially crafted request to a targeted system. Successful exploitation could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
This vulnerability affects Windows 10, Windows Server 2019, and later versions. It is considered 'wormable', meaning it could spread from one vulnerable computer to another without user interaction.
Microsoft has assigned this vulnerability a CVSS severity rating of 9.8 out of 10, underscoring its critical nature. Users and administrators are urged to apply the available security updates immediately to mitigate potential risks.
To apply the update, go to Settings > Update & Security > Windows Update and click 'Check for Updates'. The update will be downloaded and installed automatically. No system restart is required.
Microsoft has also provided guidance on additional steps organizations can take to protect their networks, including disabling RDP if not needed and enabling Network Level Authentication (NLA).
This vulnerability was reported to Microsoft by an anonymous researcher through the company's bug bounty program. More technical details are available in the Microsoft Security Update Guide.
Comments
Please log in or register to join the discussion