Microsoft has published a security update guide addressing CVE-2026-32077, a critical vulnerability affecting multiple Windows components. The guide details affected versions, CVSS score, mitigation steps, and a timeline for patch deployment.
Microsoft has published a security update guide for CVE-2026-32077.
The vulnerability resides in the Windows Print Spooler service. Attackers with low privileges can achieve remote code execution by sending specially crafted print jobs. The flaw impacts Windows 10 version 2004 through Windows 11 version 22H2 and Windows Server 2019 and 2022.
CVSS v3.1 assigns a base score of 9.8 (Critical). The vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/H:H. This reflects network attack vector, low complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability.
Affected products include:
- Windows 10, versions 2004, 20H2, 21H1, 21H2, 22H2
- Windows 11, versions 21H2, 22H2
- Windows Server 2019
- Windows Server 2022
Microsoft recommends immediate application of the security update released on October 8, 2026. The update is available via Windows Update, Microsoft Update Catalog, and WSUS. Systems configured for automatic updates will receive the patch without further action.
For environments where immediate patching is not feasible, a temporary workaround restricts access to the Print Spooler service. Administrators can disable the service via Group Policy or stop the spooler service manually. This reduces risk but may impair printing functionality.
The security update guide provides a timeline:
- October 8, 2026: Initial release of security update
- October 15, 2026: Re‑release with additional logging improvements
- Ongoing: Monitoring for exploit attempts in the wild
Users should verify update installation by checking the KB article number associated with the patch. The guide links to the KB article for each affected product line.
Further details and download links are available at the Microsoft Security Response Center:
Administrators are advised to review the guide, test updates in a staging environment, and deploy broadly as soon as possible.
Comments
Please log in or register to join the discussion