""Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network. An attacker would have to send the victim a malicious file that the victim would have to execute.""
""An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).""
Microsoft revised its advisory for a high-severity security flaw in Windows Shell, CVE-2026-32202, confirming it has been actively exploited. This spoofing vulnerability, with a CVSS score of 4.3, allows attackers to access sensitive information by sending malicious files to victims. Although the vulnerability was patched in the recent Patch Tuesday update, it was noted that the exploitability index and CVSS vector were previously incorrect. The flaw is linked to an incomplete patch for CVE-2026-21510, which has been weaponized by a Russian nation-state group.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]