Microsoft Says Windows Shell Flaw CVE-2026-32202 Is Being Used by Hackers
Microsoft updated its warning about a serious Windows security flaw called CVE-2026-32202, which affects the Windows Shell and has already been used in real attacks. Although the issue has now been fixed, it could allow attackers to trick users into opening a malicious file and gain access to some private information. Microsoft explained that the flaw involves a failure in protection against spoofing attacks. If exploited, an attacker could view certain sensitive data but would not be able to change it or block access. The company also admitted that some earlier details about the vulnerability, including its severity and exploit status, were incorrect and had to be corrected later.
The flaw was discovered by security researcher Maor Dahan, who said it was caused by an incomplete fix for an earlier vulnerability (CVE-2026-21510), which had been used along with another flaw (CVE-2026-21513) by a hacking group known as APT28. These attacks targeted Ukraine and European Union countries in late 2025 using malicious shortcut files to bypass Windows security and run harmful code. Even after Microsoft released a fix, part of the issue remained, allowing a victim’s computer to silently connect to an attacker’s server and send login data without the user knowing. This leftover weakness made it possible for attackers to steal credentials through a “zero-click” attack, meaning no user action was needed.
To stay safe:
- Keep your Windows system updated with the latest security patches from Microsoft
- Avoid opening files or links from unknown or suspicious sources, especially shortcut files
- Use antivirus software
- Enable multi-factor authentication (MFA) for extra account security
- Avoid connecting to untrusted or public networks when possible
Source: https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html