Microsoft has issued an emergency security update addressing CVE-2026-23444, a critical vulnerability affecting Windows systems that could allow remote code execution.
Microsoft has released an emergency security update to address CVE-2026-23444, a critical vulnerability in Windows operating systems that could allow attackers to execute arbitrary code remotely. The vulnerability affects Windows 10, Windows 11, and Windows Server versions 2019 and 2022.
The flaw exists in the Windows Remote Desktop Services component, where improper input validation could enable an unauthenticated attacker to send specially crafted requests that execute code with system privileges. Microsoft rates this vulnerability as "Critical" with a CVSS score of 9.8 out of 10.
Affected systems include:
- Windows 10 version 1809 and later
- Windows 11 all versions
- Windows Server 2019 and 2022
Microsoft recommends immediate installation of the security update, available through Windows Update or the Microsoft Update Catalog. Organizations should prioritize patching systems exposed to the internet or those accessible through remote desktop connections.
Attackers could exploit this vulnerability to gain complete control of affected systems, install programs, view or modify data, or create new accounts with full user rights. The vulnerability is wormable, meaning malware could spread automatically between vulnerable systems without user interaction.
Microsoft has not observed active exploitation in the wild but urges customers to apply the patch immediately due to the severity and potential impact of the vulnerability.
Comments
Please log in or register to join the discussion