Microsoft has issued an urgent security update addressing CVE-2026-40372, a critical vulnerability affecting multiple Windows versions. Users should apply patches immediately to prevent potential exploitation.
Microsoft has released a critical security update to address CVE-2026-40372, a vulnerability that could allow remote code execution on affected systems. The flaw impacts multiple Windows operating systems, including Windows 10, Windows 11, and various Windows Server versions.
The vulnerability exists in the Windows kernel component and could be exploited by attackers to gain elevated privileges on compromised systems. Microsoft rates the severity as Critical, with a CVSS score of 9.8 out of 10.
Affected systems include:
- Windows 10 version 1809 and later
- Windows 11 all versions
- Windows Server 2019 and 2022
- Windows Server version 1809 and later
Microsoft recommends immediate installation of the security update through Windows Update or by downloading the patches directly from the Microsoft Update Catalog. The update addresses the vulnerability by implementing additional validation checks in the affected kernel component.
Organizations should prioritize deployment of these patches, particularly for systems exposed to the internet or handling sensitive data. Microsoft has not reported any active exploitation in the wild but advises taking preventive action given the severity of the flaw.
For detailed installation instructions and verification steps, visit the Microsoft Security Update Guide.
Comments
Please log in or register to join the discussion