Microsoft: CVE-2026-32202 in Windows Shell — active exploitation and NTLM theft risk

Colleagues, a cybersecurity notice: Microsoft has confirmed active exploitation of CVE-2026-32202 in Windows Shell.
- The spoofing vulnerability could disclose portions of sensitive data; a patch was released on Patch Tuesday.
- Akamai ties it to an incomplete remediation of CVE-2026-21510: automatic parsing of LNK/UNC can trigger SMB and send Net-NTLMv2 hashes.
- A campaign attributed to APT28 used LNK/CPL files against targets in Ukraine and the EU.
Why it matters: the attack vector for credential theft and NTLM-relay persists.
Have you applied the patches and reviewed logs for unexpected SMB/NTLM authentications?
#cybersecurity #vulnerabilities #Microsoft #ThreatIntelligence


Latest comments
No comments yet.