Microsoft has issued an emergency security update addressing CVE-2026-25173, a critical vulnerability affecting multiple Windows versions with CVSS score of 9.8.
Microsoft has released an emergency security update to address CVE-2026-25173, a critical vulnerability affecting Windows operating systems. The vulnerability carries a CVSS score of 9.8 out of 10, indicating severe risk to systems worldwide.
The vulnerability impacts Windows 10 version 1809 through 22H2, Windows 11 versions 21H2 and 22H2, and Windows Server 2019 and 2022. Attackers could exploit this flaw to execute arbitrary code with elevated privileges, potentially compromising entire networks.
Microsoft's Security Update Guide recommends immediate installation of the patches released on March 15, 2026. The update addresses a remote code execution vulnerability in the Windows Remote Procedure Call (RPC) service that could allow unauthenticated attackers to gain system-level access.
Affected organizations should prioritize deployment across all vulnerable systems. The patches are available through Windows Update and Microsoft Update Catalog. Microsoft has also released detailed technical documentation for enterprise environments requiring specific deployment guidance.
Organizations unable to immediately apply updates should implement network segmentation and monitor RPC service traffic for suspicious activity. Microsoft has not observed active exploitation in the wild but warns that proof-of-concept code may soon emerge given the vulnerability's severity.
For additional technical details, visit the Microsoft Security Update Guide or the CVE-2026-25173 details page.
Comments
Please log in or register to join the discussion