CISA orders feds to patch Windows flaw exploited as zero-day
BleepingComputer • • technology
Key Points:
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch a critical Windows vulnerability (CVE-2026-32202) by May 12, following its exploitation in zero-day attacks.
- CVE-2026-32202 is a zero-click NTLM hash leak vulnerability linked to an incomplete Microsoft patch for a previous remote code execution flaw (CVE-2026-21510), exploited by the Russian APT28 group in attacks against Ukraine and EU countries.
- The vulnerability allows attackers to steal NTLM hashes through pass-the-hash attacks, enabling lateral movement within networks and access to sensitive data after sending a malicious file that the victim executes.
- CISA added CVE-2026-32202 to its Known Exploited Vulnerabilities Catalog and emphasized the significant risk it poses to federal systems, urging all organizations to prioritize patching and mitigation efforts immediately.
- Microsoft acknowledged exploitation of the vulnerability but has not yet provided detailed information about the attacks or confirmed if APT28 exploited this specific zero-click flaw.
