Particle.news
Get it on Google Play
Download on the App Store
3 ARTICLES
·
6d ago

CISA Flags Actively Exploited Windows Shell Bug, Sets May 12 Patch Deadline

The order signals urgent risk from a bug that forces Windows to authenticate to attacker-run servers.

Overview

  • CISA added CVE-2026-32202 to its catalog of known exploited bugs and ordered federal civilian agencies to patch by May 12 under BOD 22-01.
  • The Windows Shell flaw can fire with no clicks when File Explorer loads a folder, which makes the PC connect over SMB, the Windows file-sharing protocol, and send the user’s Net-NTLMv2 hash.
  • Security teams are urged to install Microsoft’s April 14 update now and, where possible, block outbound SMB to untrusted hosts on Windows 10, Windows 11, and Windows Server systems.
  • Microsoft disclosed the issue on April 14 without labeling it exploited, then later confirmed active attacks as CISA also verified exploitation.
  • Akamai linked the bug to an incomplete February fix for CVE-2026-21510, and CERT-UA reported related APT28 activity against Ukraine and EU targets in December 2025, highlighting ongoing espionage risk.