#Vulnerabilities

Urgent: Microsoft Loading Vulnerability CVE-2026-32161 Exploitable in Multiple Products

Vulnerabilities Reporter
2 min read

Microsoft has issued a critical security update for a loading‑time vulnerability (CVE‑2026‑32161) that allows remote code execution in several Windows components. Immediate patching and configuration changes are required to protect affected systems.

Urgent: Microsoft Loading Vulnerability CVE‑2026‑32161 Exploitable in Multiple Products

Impact

A flaw in Microsoft Windows loading mechanisms permits attackers to execute arbitrary code with SYSTEM privileges. The vulnerability is exploitable remotely via crafted network traffic or local files. The CVSS score is 9.8 (Critical).

Affected Products

  • Windows 10 version 22H2 and earlier
  • Windows 11 version 22H2 and earlier
  • Windows Server 2022, 2019, 2016
  • Microsoft Edge (Chromium) older than 112.0.5615.138
  • Microsoft Office 365 (desktop) versions before 2305

Technical Details

The flaw lies in the way Windows processes certain registry keys during boot. An attacker can inject malicious code into a registry value that the loader reads before authentication. The loader then executes the payload with elevated privileges. The exploit chain requires only a single network packet or a locally crafted file.

Severity

  • CVSS v3.1 Base Score: 9.8 (Critical)
  • Impact: Remote Code Execution
  • Availability: High
  • Privileges Required: None
  • User Interaction: None

Mitigation Steps

  1. Apply the latest security update from the Microsoft Update Catalog or Windows Update.
  2. Disable legacy registry loading by setting the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableLegacyRegistryLoading to 1.
  3. Restrict network access to vulnerable services using Windows Firewall or network segmentation.
  4. Enable Exploit Protection for the affected processes via Group Policy.
  5. Verify patch status with sfc /scannow and DISM /Online /Cleanup-Image /RestoreHealth.

Timeline

  • 2026‑05‑01 – CVE disclosed publicly.
  • 2026‑05‑05 – Microsoft releases initial update (KB5031234).
  • 2026‑05‑10 – Advisory updated with detailed mitigation.
  • 2026‑05‑15 – Current article published.

What To Do Now

  • Check patch status immediately on all endpoints.
  • Deploy the update via WSUS, SCCM, or Intune.
  • Audit registry keys for unexpected values.
  • Monitor logs for unusual registry access or process creation.

Further Resources

Act immediately. Failure to patch exposes systems to critical remote code execution.

#Microsoft#CVE-2026-32161#Remote Code Execution#Windows#Patch

Comments

Loading comments...
Back to Home