Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

2026-04-28

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Microsoft confirmed active exploitation of CVE-2026-32202, a high-severity Windows Shell spoofing vulnerability (CVSS 4.3) that allows unauthorized access to sensitive information.

•The vulnerability stems from an incomplete patch for CVE-2026-21510 and is weaponized by Russian APT28 in exploit chains with CVE-2026-21513
•Attackers use malicious Windows Shortcut (LNK) files to bypass Microsoft Defender SmartScreen without user interaction
•The attack triggers automatic NTLM authentication, sending the victim's Net-NTLMv2 hash to attacker servers for credential theft and relay attacks
•While the February 2026 patch mitigated remote code execution, CVE-2026-32202 remains as a zero-click credential theft vector through auto-parsed LNK files

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Building a safe, effective sandbox to enable Codex on Windows

Mitigate credential exposure in Windows environments with Boundary and Vault

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)