Microsoft has issued an emergency security update to address CVE-2026-3381, a critical vulnerability affecting Windows systems that could allow remote code execution.
Microsoft has released an emergency security update to address CVE-2026-3381, a critical vulnerability in Windows operating systems that could allow attackers to execute arbitrary code remotely. The vulnerability affects multiple Windows versions and carries a CVSS score of 9.8 out of 10, indicating severe risk.
The vulnerability exists in the Windows Remote Procedure Call (RPC) service, a core component that enables communication between processes on networked computers. Attackers can exploit this flaw by sending specially crafted network packets to vulnerable systems, potentially gaining complete control without authentication.
Affected products include:
- Windows 10 (all versions)
- Windows 11 (all versions)
- Windows Server 2019
- Windows Server 2022
- Windows Server 2025
Microsoft rates this as a "wormable" vulnerability, meaning malware could spread automatically between vulnerable computers without user interaction. The company has observed limited targeted attacks in the wild, though no widespread exploitation has been confirmed.
Immediate Actions Required:
- Install security update immediately via Windows Update
- Restart systems after installation
- Verify patch installation through Windows Update history
- Consider network segmentation for critical systems
The security update is available through Windows Update and Microsoft Update Catalog. Organizations should prioritize patching internet-facing Windows systems and domain controllers first. Microsoft has also released guidance for enterprise environments with specific deployment recommendations.
This marks the second critical Windows vulnerability patched this month, following a similar RPC-related flaw addressed in early April. Security researchers note the increasing frequency of high-severity Windows vulnerabilities, particularly in core networking components.
For additional technical details, including vulnerability identifiers and patch deployment guidance, visit the Microsoft Security Update Guide.
Comments
Please log in or register to join the discussion