Microsoft has quickly responded to critical security vulnerabilities affecting Windows and Office users, as reported by TechCrunch. These vulnerabilities have become the target of cyber attackers aiming to compromise victims’ computers through malicious links and files. The exploits, known as zero-days, enable hackers to gain complete control of a system with minimal user interaction, underscoring the urgency for users to apply the patches immediately.
The vulnerabilities allow for one-click attacks, where a simple action like clicking on a malicious link or opening a corrupted Office file can lead to a system breach. Microsoft acknowledged the severity of the situation, emphasizing the need for prompt action to prevent further exploitation.
Security researcher Dustin Childs highlighted the significance of one of the bugs, CVE-2026-21510, found in the Windows shell. This bug, affecting all supported Windows versions, circumvents Microsoft’s SmartScreen protection, facilitating the remote installation of malware upon clicking a malicious link.
Google’s Threat Intelligence Group also confirmed the active exploitation of the Windows shell bug, posing significant risks due to the silent execution of malware with elevated privileges. The collaboration between security researchers and tech companies remains crucial in identifying and mitigating such threats.
Source: TechCrunch