top of page
perceptive_background_267k.jpg

CISA orders feds to patch Windows flaw exploited as zero-day

Published:

29 april 2026 om 10:29:31

Alert date:

29 april 2026 om 11:01:07

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Operating Systems, Zero-Day Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an order requiring federal agencies to patch a Windows vulnerability that is being actively exploited in zero-day attacks. This represents a critical security threat requiring immediate attention from government organizations. The vulnerability poses significant risk due to its active exploitation in the wild. Federal agencies must prioritize patching their Windows systems to prevent potential compromise. CISA's directive indicates the severity and urgency of addressing this security flaw.

Technical details

CVE-2026-32202 is a zero-click vulnerability that was left behind after Microsoft incompletely patched a remote code execution flaw (CVE-2026-21510) in February. The vulnerability is an authentication coercion flaw that creates a gap between path resolution and trust verification, leaving a zero-click credential theft vector via auto-parsed LNK files. Remote attackers can exploit this in low-complexity attacks by sending the victim a malicious file that would have to be executed, potentially allowing them to view sensitive information on unpatched systems. The flaw was part of an exploit chain that also targeted a LNK file flaw (CVE-2026-21513).

Mitigation steps:

Federal Civilian Executive Branch agencies must patch their Windows endpoints and servers by May 12, 2026 as mandated by Binding Operational Directive (BOD) 22-01. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. CISA urges all security teams to prioritize deploying patches for CVE-2026-32202 and securing their organizations' networks as soon as possible.

Affected products:

Microsoft Windows systems
Windows endpoints
Windows servers

Related links:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510
http://cert.gov.ua/article/6287250
https://www.akamai.com/blog/security-research/incomplete-patch-apt28s-zero-day-cve-2026-32202
https://www.cisa.gov/news-events/alerts/2026/04/06/cisa-adds-one-known-exploited-vulnerability-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search=CVE-2026-32202&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=20&url=
https://www.cisa.gov/binding-operational-directive-22-01

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page