Microsoft patch fell short. New Windows flaw exploited • The Register

https://www.theregister.com/2026/04/29/microsoft_zero_click_exploit/

Publish Date: 2026-04-29 15:15:00

Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose sensitive information on vulnerable systems.

While we don’t know who is attacking this one, tracked as CVE-2026-32202, we’d suggest betting it all on Putin’s goons. The flaw stems from an incomplete fix for an earlier vulnerability found and abused by Russian spies a month before Redmond released a patch.

The new bug, CVE-2026-32202, is an authentication coercion flaw in Windows Shell that can expose sensitive information on vulnerable systems via network spoofing. “An attacker who successfully exploited the vulnerability could view some sensitive information,” Redmond warned when it disclosed the CVE on April 14.

On Monday, the Windows giant marked the bug as “exploitation detected.” The next day, CISA added CVE-2026-32202 to its Known Exploited Vulnerabilities catalog, and set a May 12 deadline for federal agencies to fix the flaw.

The Register reached out to Microsoft about the scope of exploitation, who is responsible for the attacks, and what they are doing with the illicit access. We will update this story if we receive any response.

Microsoft credited Akamai senior security researcher Maor Dahan with finding and reporting CVE-2026-32202, and in Dahan’s write-up, he says an incomplete patch for CVE-2026-21510 created the newer vuln.

Redmond attempted to patch CVE-2026-21510 in February. It was one of six actively exploited zero-days disclosed during that month’s Patch Tuesday, and Akamai detected Russia’s APT28 (also known as Fancy Bear) exploiting that security hole in January.

According to Akamai, citing Ukraine’s Computer Emergency Response Team, APT28 exploited CVE-2026-21510 in attacks against Ukraine and European Union countries.

These attacks…

Source