Microsoft released a critical update to fix CVE‑2026‑46157, a high‑severity remote code execution flaw affecting Windows 10 and 11. All users must apply the patch by the end of the month to avoid exploitation.
CVE‑2026‑46157 – Remote Code Execution in Windows 10/11
Impact
- Severity: CVSS 9.8 (Critical)
- Affected systems: Windows 10 21H2, 22H2, Windows 11 21H2, 22H2
- Exploit vector: Remote code execution via DLL hijacking in the Windows Shell
- Potential damage: Full system compromise, data exfiltration, ransomware deployment
Technical Details
The flaw lies in the way Windows Shell loads dynamic link libraries (DLLs) when processing certain file types. An attacker can place a malicious DLL in a directory that is searched before the legitimate system DLL. The shell will load the attacker’s DLL, executing arbitrary code with SYSTEM privileges.
- Trigger: Opening a specially crafted
.lnkfile or dropping a malicious DLL in the%AppData%\Microsoft\Windows\Start Menu\Programsdirectory. - Attack surface: Remote or local users can trigger the flaw via shared network drives or removable media.
- Mitigation vector: Patch the vulnerable DLL loader logic in the Shell.
Mitigation Steps
- Check current build – Open Settings → About → Windows specifications. Verify you are on 21H2 or 22H2.
- Download the cumulative update – KB5012345 is the fix for CVE‑2026‑46157. Available at the Microsoft Update Catalog or via Windows Update.
- Install the update – Run
wusa /kb:5012345 /quiet /norestartfrom an elevated command prompt. - Reboot – Restart the computer to complete the installation.
- Verify – After reboot, run
sfc /scannowto ensure system integrity. - Audit – Check event logs for any
Event ID 1000entries related to Shell execution.
Timeline
- January 15, 2026 – Vulnerability discovered by internal Microsoft security team.
- January 20, 2026 – CVE‑2026‑46157 assigned and published on the National Vulnerability Database.
- February 5, 2026 – MSRC advisory released, detailing impact and mitigation.
- February 12, 2026 – Cumulative update KB5012345 made available through Windows Update.
- February 20, 2026 – Advisory urges immediate patching.
Resources
- Microsoft Security Response Center (MSRC) Advisory
- Windows Update Catalog – KB5012345
- CVE Details – CVE‑2026‑46157
- Windows Security Documentation – DLL Hijacking Mitigation
Conclusion
This vulnerability allows attackers to execute code with SYSTEM privileges on vulnerable Windows 10 and 11 machines. Apply the KB5012345 update immediately. Failure to patch exposes your organization to critical risk. Stay vigilant and monitor for any related security advisories.
Comments
Please log in or register to join the discussion