#Vulnerabilities

Microsoft Releases Security Updates for Critical Remote Code Execution Vulnerability CVE-2026-43331

Vulnerabilities Reporter
2 min read

Microsoft addresses critical vulnerability affecting multiple products, urges immediate action.

Microsoft Releases Security Updates for Critical Remote Code Execution Vulnerability CVE-2026-43331

Microsoft has released security updates to address a critical remote code execution vulnerability affecting multiple products. The vulnerability, tracked as CVE-2026-43331, carries a CVSS score of 9.8 and is being actively exploited in the wild. Organizations must apply patches immediately to prevent compromise.

Affected Products

The vulnerability impacts the following Microsoft products:

  • Windows 11 (version 22H2 and later)
  • Windows Server 2022
  • Microsoft Edge (Chromium-based)
  • Visual Studio 2022
  • .NET Framework 4.8

Technical Details

CVE-2026-43331 is a memory corruption vulnerability in the Microsoft Graphics Component. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights could be less impacted than users who operate with administrative user rights.

The vulnerability exists when the Microsoft Graphics Component improperly handles objects in memory. An attacker could exploit this vulnerability by convincing a user to open a specially crafted document or view a maliciously crafted website. This vulnerability could also be exploited through compromised websites or advertisements.

Mitigation

Microsoft recommends the following immediate actions:

  1. Apply the security updates immediately
  2. Enable the Enhanced Mitigation Experience Toolkit (EMET)
  3. Configure Microsoft Edge to block untrusted sites
  4. Implement network segmentation

The security updates are available through the Microsoft Security Response Center and the Windows Update service.

Timeline

  • Discovery: January 15, 2026
  • Disclosed: January 25, 2026
  • Patch Released: February 8, 2026
  • Exploitation Detected: February 10, 2026
  • Required Action: Apply patches within 7 days

Organizations that cannot immediately apply patches should implement the following compensating controls:

  • Block TCP port 445 at the network perimeter
  • Disable the Microsoft Graphics Component via Group Policy
  • Implement application control policies

For complete technical details, refer to the Microsoft Security Advisory.

Additional Resources

Organizations experiencing issues with the updates should contact Microsoft Support through the Microsoft Support portal.

#CVE-2026-43331#Remote Code Execution#Microsoft#Windows#Security Update

Comments

Loading comments...
Back to Home