Windows shell spoofing vulnerability puts sensitive data at risk

Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) have sounded the alarm about a Windows shell spoofing vulnerability that is already being exploited by attackers. It is not clear by whom as yet, but the main suspects are hackers in Russia.

CISA has mandated that all federal agencies patch this vulnerability, designated CVE-2026-32202, by May 12. According to a Microsoft advisory, exploitation of the flaw could lead to access to sensitive data, but attackers would not be able to gain control of the system.

However, one security expert has warned that the considerable gap between the time Microsoft identified the bug and the date by which the systems must be patched leads to increased risk.

Lionel Litty, CISO for security company Menlo, said that an incomplete patch for CVE-2026-21510 that resulted in the issue tracked as CVE-2026-32202 adds to the problem. “This has been a theme for many years. A vulnerability exists and the vendor has not been thorough enough in dealing with it, so a small variation has not been fully patched. What normally happens is that they’ve dealt with the main vulnerability, but there are still side effects.” The result of this is that there is a further delay in a complete fix while a new update is developed.

Windows shell spoofing vulnerability puts sensitive data at risk

Other newsrooms on this story

Related reading

Critical cPanel, WHM flaw probs exploited as 0-day, pros say

Other newsrooms on this story

Related reading

Critical cPanel, WHM flaw probs exploited as 0-day, pros say

'CopyFail' attackers start cashing in on Linux flaw

Warning Issued As Hackers Give Microsoft Windows The Finger: Report

Microsoft patch fell short. New Windows flaw exploited

New Microsoft Alert — Update Windows 10 And 11 Now, Attacks Underway

Microsoft Windows 11 Exploited 3 Times In 24 Hours By Zero-Day Hackers