Ethical Hacking News
CISA has ordered federal agencies to patch a critical Windows vulnerability exploited in zero-day attacks, leaving users vulnerable to potential data breaches and malicious activities. The affected vulnerability was reported by Akamai and exploits a gap between path resolution and trust verification that allows for the theft of sensitive information via auto-parsed LNK files.
Microsoft has ordered federal agencies to patch a critical Windows vulnerability (CVE-2026-32202) exploited in zero-day attacks. The vulnerability was reported by Akamai and targeted LNK files, leaving a gap between path resolution and trust verification that allowed for theft of sensitive information. Remote attackers who exploit this vulnerability can view sensitive information on unpatched systems, according to CISA. CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to patch their Windows endpoints and servers within two weeks. Threat actors are actively exploiting three recently disclosed Windows security vulnerabilities (BlueHammer, RedSun, and UnDefend), with the latter two still awaiting patches.
Microsoft has ordered federal agencies to patch a critical Windows vulnerability exploited in zero-day attacks, leaving users vulnerable to potential data breaches and malicious activities. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the affected vulnerability, tracked as CVE-2026-32202, was reported by cybersecurity firm Akamai.
The Russian APT28 cyberespionage group, also known as Fancy Bear or UAC-0001, exploited this zero-click vulnerability in attacks against Ukraine and EU countries in December 2025. The attack chain targeted a LNK file flaw (CVE-2026-21513), which left a gap between path resolution and trust verification that allowed for the theft of sensitive information via auto-parsed LNK files.
CISA has warned that remote attackers who successfully exploit this vulnerability could view some sensitive information on unpatched systems. The agency has ordered Federal Civilian Executive Branch (FCEB) agencies to patch their Windows endpoints and servers within two weeks, by May 12, as mandated by Binding Operational Directive (BOD) 22-01.
This type of vulnerability is a frequent attack vector for malicious cyber actors, posing significant risks to the federal enterprise. CISA urges all security teams to prioritize deploying patches for CVE-2026-32202 and securing their organizations' networks as soon as possible.
The agency has also warned that threat actors are actively exploiting three recently disclosed Windows security vulnerabilities (dubbed BlueHammer, RedSun, and UnDefend) in attacks aimed at gaining SYSTEM or elevated administrator privileges. The latter two vulnerabilities still await patches.
Microsoft released a patch for the initial RCE flaw (CVE-2026-21510), but the authentication coercion flaw (CVE-2026-32202) remained unpatched. This gap between path resolution and trust verification left a zero-click credential theft vector via auto-parsed LNK files.
CISA has added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) Catalog, emphasizing the need for federal agencies to take immediate action to patch their systems and prevent potential breaches. The agency's warning highlights the importance of prioritizing vulnerability patches and maintaining robust security measures to protect against emerging threats.
Microsoft has released a patch for this vulnerability in its April 2026 Patch Tuesday, but some users have reported issues with their Teams Free chat and calls due to a backend change. Meanwhile, BleepingComputer recently reached out to Microsoft about the CVE-2026-32202 attacks, asking why the advisory released during the April 2026 Patch Tuesday had an exploitability assessment of 'Exploitation Detected' while the vulnerability was flagged as not exploited.
A Microsoft spokesperson has yet to reply to a second email requesting more information about the CVE-2026-32202 attacks, including whether APT28 hackers also exploited this zero-click vulnerability. Despite the lack of information, CISA's warning emphasizes the importance of patching this vulnerability as soon as possible.
The recent disclosure of this vulnerability highlights the ongoing threat landscape and the need for organizations to prioritize security measures. As threat actors continue to exploit zero-day vulnerabilities, it is essential for security teams to stay vigilant and deploy patches promptly to prevent potential breaches.
Threat actors are also actively exploiting three recently disclosed Windows security vulnerabilities (dubbed BlueHammer, RedSun, and UnDefend) in attacks aimed at gaining SYSTEM or elevated administrator privileges. The latter two vulnerabilities still await patches, leaving users vulnerable to potential attacks.
In conclusion, the critical Windows vulnerability exploited as a zero-day attack highlights the ongoing threat landscape and the need for organizations to prioritize security measures. CISA's warning emphasizes the importance of patching this vulnerability as soon as possible to prevent potential breaches.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Orders-Feds-to-Patch-Critical-Windows-Flaw-Exploited-as-Zero-Day-Attack-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-flaw-exploited-in-zero-day-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2026-21513
https://www.cvedetails.com/cve/CVE-2026-21513/
https://nvd.nist.gov/vuln/detail/CVE-2026-32202
https://www.cvedetails.com/cve/CVE-2026-32202/
https://nvd.nist.gov/vuln/detail/CVE-2026-21510
https://www.cvedetails.com/cve/CVE-2026-21510/
Published: Wed Apr 29 06:40:51 2026 by llama3.2 3B Q4_K_M
