Urgent: Critical Microsoft Update for Windows 10/11 – CVE‑2026‑12345 & CVE‑2026‑12346

Impact

• Affected systems: Windows 10 1909 and newer, Windows 11 21H2 and newer.
• Threat: Remote code execution (RCE) via malformed SMB packets.
• Severity: CVSS 9.8 (Critical) for both CVEs.
• Potential damage: Full system compromise, data exfiltration, lateral movement.

Technical Details

• CVE‑2026‑12345: A buffer overflow in the SMBv3 protocol handler occurs when parsing a specially crafted READ request. The overflow overwrites the return address on the stack, allowing an attacker to execute arbitrary code with SYSTEM privileges.
• CVE‑2026‑12346: A related integer overflow in the SMBv3 WRITE handler leads to a heap corruption. An attacker can trigger this by sending a large WRITE request with a negative length field, causing a memory overwrite that can be leveraged for code execution.
• Both vulnerabilities are exploitable over the network without authentication. An attacker only needs to send the crafted packets to the target’s SMB port (TCP 445).

Mitigation Steps

1. Apply the update immediately. Download from the Microsoft Update Catalog. Search for KB5021234.
2. Verify installation: Run powershell -NoProfile -Command "Get-HotFix | Where-Object {$_.HotFixID -eq 'KB5021234'}".
3. If the system is part of a domain, coordinate with the IT administrator to push the update via WSUS or SCCM.
4. Disable SMBv1 if not required: Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -Name SMB1 -Value 0.
5. Monitor network traffic for anomalous SMB packets. Use IDS signatures such as Snort rule alert tcp any any -> any 445 (msg:"SMB RCE attempt"; sid:1000001; rev:1);.

Timeline

• 2026‑05‑01: Vulnerabilities discovered by internal security team.
• 2026‑05‑03: CVE assignments released.
• 2026‑05‑05: Patch developed and tested.
• 2026‑05‑07: Public update released.
• 2026‑05‑08: Advisory issued.

What to Do Now

• Immediate action: Install the update. Do not wait for automatic rollout.
• Post‑update: Run a full system scan with the latest antivirus definitions. Verify that no malicious processes are running.
• Long‑term: Keep all Windows systems updated. Enable automatic updates and configure a patch management policy.

For more details, visit the official Microsoft Security Advisory: https://msrc.microsoft.com/update-guide/vulnerability/2026-12345.