#Vulnerabilities

Microsoft Releases Critical Security Update for CVE-2026-6357 Vulnerability

Vulnerabilities Reporter
2 min read

Microsoft addresses critical remote code execution vulnerability affecting multiple products, urging immediate action.

Critical Security Update: Microsoft Addresses CVE-2026-6357

Microsoft has released security updates to address a critical vulnerability affecting multiple products. The vulnerability, tracked as CVE-2026-6357, could allow remote code execution. Organizations must apply these updates immediately.

Impact Assessment

CVE-2026-6357 carries a CVSS score of 8.8, classified as High severity. Exploitation does not require authentication. Attackers could exploit this vulnerability to take control of affected systems.

The vulnerability affects:

  • Windows 10 (version 21H2 and later)
  • Windows 11 (all versions)
  • Microsoft Office 2019 and 2021
  • Microsoft 365 Apps
  • .NET Framework 4.8 and later

Technical Details

The vulnerability exists in how Microsoft Windows handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

Attackers could craft a specially designed document or application to trigger the vulnerability. When a user opens the malicious file, the vulnerability could allow the attacker to install programs, view, change, or delete data, or create new accounts with full user rights.

Mitigation

Microsoft has released security updates to address this vulnerability. Organizations should:

  1. Apply the latest security updates immediately
  2. Enable automatic updates where possible
  3. Implement the workarounds below until patches can be applied

Temporary Workarounds

  • Block Office file types at email gateways
  • Disable macros from untrusted sources
  • Implement application control policies

Update Information

The updates are available through:

  • Windows Update
  • Microsoft Update Catalog
  • Microsoft Update Server

For detailed information about the updates, visit the Microsoft Security Update Guide.

Timeline

  • Discovery: December 2025
  • Disclosure: January 2026
  • Patch Release: January 2026
  • Next Scheduled Review: April 2026

Organizations experiencing issues with the updates should contact Microsoft Support.

Additional Resources

#CVE-2026-6357#Microsoft#Remote Code Execution#Windows#Office

Comments

Loading comments...
Back to Home