Microsoft has published the Security Update Guide for CVE-2026-9804, addressing a critical vulnerability in multiple products.
Microsoft has released the Security Update Guide for CVE-2026-9804, addressing a critical vulnerability affecting multiple Microsoft products. The vulnerability, rated 8.8 in the CVSS scoring system, could allow remote code execution on unpatched systems.
Affected products include:
- Windows 10 (version 21H2 and later)
- Windows 11 (all versions)
- Microsoft Office 2019 and Microsoft 365 Apps
- Microsoft Edge (Chromium-based)
The vulnerability exists due to improper handling of objects in memory. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.
Microsoft recommends customers apply the security updates immediately. The updates are available through the Microsoft Security Response Center (MSRC) and the standard Windows Update channels.
For organizations unable to apply updates immediately, Microsoft has provided the following mitigations:
- Enable Enhanced Mitigation Experience Toolkit (EMET)
- Configure Microsoft Defender Antivirus to block the exploit
- Implement network segmentation to limit exposure
The security updates were released as part of Microsoft's monthly security update cycle on June 11, 2026. Organizations should prioritize applying these updates to their critical systems first.
For detailed information about the vulnerability and affected products, refer to the Microsoft Security Update Guide and the official Microsoft Security Response Center page.
Comments
Please log in or register to join the discussion