Microsoft has issued security updates to address CVE-2026-0967, a critical vulnerability affecting multiple Windows versions. Customers should apply patches immediately to prevent potential exploitation.
Microsoft has released security updates to address CVE-2026-0967, a critical vulnerability that could allow attackers to execute arbitrary code on affected systems. The vulnerability affects multiple versions of the Windows operating system.
Vulnerability Details
CVE-2026-0967 has been assigned a CVSS score of 9.8 out of 10, indicating a critical severity level. The flaw exists in the Windows kernel component and could be exploited remotely without authentication.
Affected Products
The security update addresses vulnerabilities in:
- Windows 10 Version 21H2
- Windows 10 Version 22H2
- Windows 11 Version 21H2
- Windows Server 2022
- Windows Server 2019
Mitigation Steps
Microsoft recommends that customers:
- Apply the security updates immediately through Windows Update
- Enable automatic updates if not already configured
- Review system logs for any suspicious activity
- Follow the principle of least privilege for user accounts
Timeline
The vulnerability was reported to Microsoft through the MSRC program on March 15, 2026. Microsoft released the security updates on March 18, 2026, following their standard 72-hour disclosure window.
Additional Resources
Customers can find detailed technical information and deployment guidance in the Microsoft Security Update Guide:
Impact
Successful exploitation of this vulnerability could lead to complete system compromise, allowing attackers to install programs, view/change/delete data, or create new accounts with full user rights.
Microsoft emphasizes that while no active exploitation has been observed in the wild, the critical nature of this vulnerability warrants immediate attention from all affected customers.
Comments
Please log in or register to join the discussion