Feed›Vulnerability›CISA orders feds to patch Windows flaw exploited as zero-day...

VulnerabilityBleeping Computer

8.8 — CRITICAL

CISA orders feds to patch Windows flaw exploited as zero-day

📅 29 April 2026 at 10:29 UTC📰 Bleeping ComputerView original source ↗

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A zero-day vulnerability (CVE-2026-32202) in Windows Shell allows unauthorized attackers to spoof over a network, exploited by Russian APT28 (Fancy Bear) group in attacks against Ukraine and EU countries. CISA has ordered federal agencies to patch their Windows systems within two weeks.

⚙️Technical Details

Affected Systems

Microsoft Windows 10 1607Microsoft Windows 10 1809Microsoft Windows 10 21H2Microsoft Windows 10 22H2Microsoft Windows 11 23H2

Attack Vectors

NETWORK

💥Impact Assessment

Severity: MEDIUM

🛡️Recommended Actions

1Apply mitigations per vendor instructions for CVE-2026-32202

2Follow applicable BOD 22-01 guidance for cloud services or discontinue use of affected products if mitigations are unavailable

3Prioritize deploying patches for CVE-2026-21510 and CVE-2026-21513

📦Affected Products

Microsoft Windows 10 1607Microsoft Windows 10 1809Microsoft Windows 10 21H2Microsoft Windows 10 22H2Microsoft Windows 11 23H2Microsoft Windows 11 24H2Microsoft Windows 11 25H2Microsoft Windows 11 26H1Microsoft Windows Server 2012Microsoft Windows Server 2016

🔐NVD Verified DataVERIFIED

CVE-2026-32202 ↗CVSS 4.3 — MEDIUM

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Weaknesses

CWE-693

Affected Products (CPE)

Microsoft Windows 10 1607Microsoft Windows 10 1809Microsoft Windows 10 21H2Microsoft Windows 10 22H2Microsoft Windows 11 23H2