CISA orders feds to patch Windows flaw exploited as zero-day
CISA orders feds to patch Windows flaw exploited as zero-day
Publish Date: 2026-04-29 06:29:00
Source Domain: www.bleepingcomputer.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks.
Tracked as CVE-2026-32202, this security flaw was reported by cybersecurity firm Akamai, which described it as a zero-click NTLM hash leak vulnerability left behind after Microsoft incompletely patched a remote code execution flaw (CVE-2026-21510) in February.
As CERT-UA revealed, the Russian APT28 (aka UAC-0001 and Fancy Bear) cyberespionage group exploited CVE-2026-21510 in attacks against Ukraine and EU countries in December 2025 as part of an exploit chain that also targeted a LNK file flaw (CVE-2026-21513).
Microsoft says that remote attackers who successfully exploit the CVE-2026-32202 vulnerability in low-complexity attacks by sending “the victim a malicious file that the victim would have to execute,” could “view some sensitive information” on unpatched systems.
Akamai further explained in a Thursday report that this security flaw can be exploited in pass-the-hash attacks to steal NTLM hashes (hashed passwords), which are later used to authenticate as the compromised user, allowing attackers to spread laterally across the network or steal sensitive data.
Microsoft also flagged the CVE-2026-3220 flaw as exploited in attacks on Sunday after BleepingComputer reached out last week to ask why the advisory released during the April 2026 Patch Tuesday had an exploitability assessment of ‘Exploitation Detected’ while the vulnerability was flagged as not exploited.
A Microsoft spokesperson has yet to reply to a second email requesting more information about the CVE-2026-32202 attacks, including whether APT28 hackers also exploited this zero-click vulnerability.
Feds ordered to patch by May 12
On Tuesday, CISA added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) Catalog, ordering Federal Civilian Executive Branch (FCEB) agencies to patch…
