VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Microsoft: CVE-2026-32202 in Windows Shell — active exploitation and NTLM theft risk

Microsoft: CVE-2026-32202 в Windows Shell — активная эксплуатация и риск кражи NTLM

Colleagues, a cybersecurity notice: Microsoft has confirmed active exploitation of CVE-2026-32202 in Windows Shell.

- The spoofing vulnerability could disclose portions of sensitive data; a patch was released on Patch Tuesday.
- Akamai ties it to an incomplete remediation of CVE-2026-21510: automatic parsing of LNK/UNC can trigger SMB and send Net-NTLMv2 hashes.
- A campaign attributed to APT28 used LNK/CPL files against targets in Ukraine and the EU.

Why it matters: the attack vector for credential theft and NTLM-relay persists.

Have you applied the patches and reviewed logs for unexpected SMB/NTLM authentications?

#cybersecurity #vulnerabilities #Microsoft #ThreatIntelligence

Latest comments

No comments yet.