VulnHub

Real-time Cybersecurity News

CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)

Help Net Security
Actively Exploited
WindowsCVEMicrosoftExploitVulnerabilityPatch

Overview

CISA and Microsoft have issued a warning about the exploitation of a Windows Shell vulnerability identified as CVE-2026-32202. This zero-click vulnerability allows attackers to trick victims' systems into authenticating with the attacker's server, potentially exposing sensitive information. CVE-2026-32202 is linked to an incomplete fix for a previous vulnerability (CVE-2026-21510), which was targeted by the APT28 group using malicious LNK files. Microsoft had released patches for these vulnerabilities in February 2026, but the new exploit indicates that attackers have found ways to bypass these security measures. Users and organizations running affected systems need to be vigilant and apply available updates to safeguard against these kinds of attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Windows Shell, systems vulnerable to CVE-2026-21510 and CVE-2026-21513, Microsoft Windows environments.
  • Action Required: Users should ensure they have applied the patches released by Microsoft in February 2026 for CVE-2026-21510 and CVE-2026-21513 to mitigate the risk associated with CVE-2026-32202.
  • Timeline: Newly disclosed

Original Article Summary

Attackers are exploiting CVE-2026-32202, a zero-click Windows Shell spoofing vulnerability that causes victims’ systems to authenticate the attacker’s server, CISA and Microsoft have warned. About CVE-2026-32202 CVE-2026-32202 stems from an incomplete patch for CVE-2026-21510, a vulnerability that, in conjunction with CVE-2026-21513, has been exploited by APT28 (aka Fancy Bear) via weaponized LNK files that bypass Windows security features. Microsoft fixed those two flaws in February 2026, successfully preventing the initial remote code execution and SmartScreen … More → The post CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202) appeared first on Help Net Security.

Impact

Windows Shell, systems vulnerable to CVE-2026-21510 and CVE-2026-21513, Microsoft Windows environments.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should ensure they have applied the patches released by Microsoft in February 2026 for CVE-2026-21510 and CVE-2026-21513 to mitigate the risk associated with CVE-2026-32202. Regularly updating Windows systems and monitoring for any unusual activity is also recommended.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Windows, CVE, Microsoft, and 3 more.

Read Original Article

Related Coverage

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

The Hacker News

The ShadowPad malware is exploiting a recently patched vulnerability in Microsoft Windows Server Update Services (WSUS), identified as CVE-2025-59287, allowing attackers to gain full system access. This exploitation highlights the critical need for organizations to promptly apply security updates to vulnerable systems to prevent unauthorized access.

Nov 24, 2025

⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

The Hacker News

This week, significant cybersecurity threats emerged as hackers exploited new 0-day vulnerabilities in Fortinet and Chrome, infiltrating supply chains and SaaS tools. The rapid response from major companies like Microsoft, Salesforce, and Google highlights the severity of these attacks and the ongoing challenges in securing trusted applications and software updates.

Nov 24, 2025

Microsoft Highlights Security Risks Introduced by New Agentic AI Feature

SecurityWeek

Microsoft has raised concerns about the security risks associated with its new Agentic AI feature, highlighting the potential for AI agents to engage in malicious activities like data exfiltration and malware installation if not properly secured. This underscores the critical need for robust security controls to mitigate these risks.

Nov 24, 2025

ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

The Hacker News

ToddyCat, a threat actor, has developed a new tool called TCSectorCopy to steal Outlook emails and Microsoft 365 access tokens by exploiting the OAuth 2.0 authorization protocol through users' browsers. This poses a significant threat to corporate email security, as it allows unauthorized access to sensitive information outside the compromised infrastructure.

Nov 25, 2025

Microsoft: Security keys may prompt for PIN after recent updates

BleepingComputer

Microsoft has alerted users that FIDO2 security keys may require a PIN for sign-in following recent Windows updates since September 2025. This change could affect user experience and security practices, particularly for those relying on these security keys for authentication.

Nov 26, 2025

Microsoft to secure Entra ID sign-ins from script injection attacks

BleepingComputer

Microsoft is set to enhance the security of its Entra ID authentication system to protect against external script injection attacks starting in mid-to-late October 2026. This improvement aims to mitigate potential vulnerabilities that could be exploited by attackers to compromise user sign-ins.

Nov 26, 2025