Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html
Publish Date: 2026-04-28 01:50:00
Source Domain: thehackernews.com
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild.
The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could allow an attacker to access sensitive information. It was addressed as part of its Patch Tuesday update for this month.
“Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network,” Microsoft noted in an alert. “An attacker would have to send the victim a malicious file that the victim would have to execute.”
“An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).”
On April 27, 2026, Microsoft said it rectified the “Exploitability Index, Exploited flag, and CVSS vector” as they were incorrect when they were published on April 14.
While the tech giant did not share any details about the exploitation activity, Akamai security researcher Maor Dahan, who is credited with discovering and reporting the bug, said the zero-click vulnerability stems from an incomplete patch for CVE-2026-21510.
The latter has been weaponized by a Russian nation-state group tracked as APT28 (aka Fancy Bear, Forest Blizzard, GruesomeLarch, and Pawn Storm) along with CVE-2026-21513 as part of an exploit chain –
- CVE-2026-21510 (CVSS score: 8.8) – A protection mechanism failure in Windows Shell that allows an unauthorized attacker to bypass a security feature over a network. (Fixed by Microsoft in February 2026)
- CVE-2026-21513 (CVSS score: 8.8) – A protection mechanism failure in MSHTML Framework that allows an unauthorized attacker to…
