CRITICAL: Microsoft patches severe vulnerability allowing remote code execution across multiple products.
Microsoft has released security updates to address CVE-2026-45963, a critical vulnerability affecting multiple Microsoft products. The vulnerability could allow an attacker to execute arbitrary code on affected systems with elevated privileges.
The vulnerability is rated Critical with a CVSS score of 8.8, indicating a severe security risk that requires immediate attention. Exploitation could lead to complete system compromise.
Affected products include:
- Microsoft Windows 10 (Version 21H2 and later)
- Microsoft Windows 11 (Version 22H2 and later)
- Microsoft Server 2022
- Microsoft Office 2021
- Microsoft 365 Apps for Enterprise
The vulnerability exists in the way Microsoft Windows handles certain objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, the attacker could take control of the affected system.
Microsoft has released security updates to address this vulnerability. Organizations should apply these updates as soon as possible.
To mitigate the vulnerability before patching, Microsoft recommends:
- Restricting access to affected systems from untrusted networks
- Implementing network segmentation to limit the potential impact
- Using application control solutions to prevent unauthorized code execution
- Ensuring users have the least privileges necessary
The security updates are available through:
Organizations using Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager can deploy the updates through their existing infrastructure.
For detailed information about the vulnerability and the affected products, refer to the Microsoft Security Update Guide.
This security update is part of Microsoft's monthly security release, scheduled for the second Tuesday of each month. The next security release is scheduled for January 14, 2025.
Organizations that have questions about this security update should contact Microsoft Support.
Comments
Please log in or register to join the discussion