Microsoft Issues Emergency Patch for Critical Windows Kernel RCE Flaw

Microsoft’s Security Response Center released an out‑of‑band update to fix CVE‑2026‑12345, a newly disclosed vulnerability in the Windows kernel that permits remote code execution with full system privileges. The flaw was initially reported by independent researchers, quickly validated by Microsoft, and subsequently observed being leveraged in active attacks against enterprise environments.

Defenders must prioritize deploying the patch across all Windows endpoints, as exploitation grants attackers unrestricted control, facilitating ransomware deployment, data exfiltration, and lateral movement. Until the update is applied, monitor for anomalous kernel‑level activity, enforce strict application whitelisting, and consider temporary mitigations such as disabling vulnerable drivers or applying available Microsoft Defender exploit protection rules.

Categories: Vulnerabilities & Exploits

Source: Read original article