THE CIRCUITRYYour one-stop source for all tech news

Home/Tech/CISA Orders Feds to Patch Exploited Windows Zero-Day

VERIFIEDBy Xavier Rivera· ·1 min read

CISA Orders Feds to Patch Exploited Windows Zero-Day

CISA orders U.S. federal agencies to patch Windows CVE-2026-32202 by May 12 after zero-day exploitation. The flaw persisted from an incomplete February patch and enables credential theft.

Source:BleepingComputer

Post

CISA Orders Feds to Patch Exploited Windows Zero-Day

TL;DRAI · 60 sec read

The U.S. Cybersecurity and Infrastructure Security Agency orders federal agencies to patch Windows systems against CVE-2026-32202, a vulnerability exploited in zero-day attacks.

Akamai reports the flaw as a zero-click vulnerability remaining after Microsoft incompletely patched a remote code execution issue, CVE-2026-21510, in February. CERT-UA states that Russian APT28 exploited CVE-2026-21510 in December 2025 attacks on Ukraine and EU countries, chaining it with CVE-2026-21513 targeting an LNK file flaw. Akamai describes a gap between path resolution and trust verification enabling zero-click credential theft via auto-parsed LNK files.

Microsoft explains that remote attackers exploit the low-complexity flaw by sending a malicious file for the victim to execute, allowing viewing of sensitive information on unpatched systems. Microsoft flagged CVE-2026-32202 as exploited on Sunday following BleepingComputer's inquiry about its April 2026 Patch Tuesday advisory.

CISA adds the flaw to its Known Exploited Vulnerabilities Catalog on Tuesday, requiring Federal Civilian Executive Branch agencies to patch endpoints and servers by May 12 under Binding Operational Directive 22-01. CISA warns of significant risks and urges all organizations to apply patches immediately. Threat actors also exploit three other recent Windows flaws dubbed BlueHammer, RedSun, and UnDefend.

EXPERT TAKE

Expert Take: Enterprise admins should prioritize CVE-2026-32202 patching across Windows endpoints to block low-complexity credential theft vectors.

Why this mattersAI · ~100 words

Tap a lens to see what this story means for you.

Reader-supported

DonateBuy me a coffee →Follow@thecircuitry_ →Follow@thecircuitry.to →

Reader-supported · Daily Brief

Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.

HELP US IMPROVE

Reader-supported

The Circuitry is a passion project I've always wanted to build, and I love the work behind it.

Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.

Any contribution is appreciated. If not, no pressure. Thanks for reading.

Buy me a coffee

Microsoft Windows CISA Zero-Day Security

MORE IN TECH

Linux Foundation Debuts Akrites to Speed Up Open Source Vulnerability Fixes

The Linux Foundation launched Akrites on Thursday with 19 founding members including major tech firms and banks to organize remediation of critical open source vulnerabilities before AI-powered attackers can exploit them. The project tackles the reality that fewer than 5% of thousands of AI-identified flaws have received patches by instituting one confidential response team in place of scattered reports.

CISA gives feds until Sunday to patch exploited Cisco and PTC flaws

CISA has ordered federal agencies to patch two critical vulnerabilities in Cisco Unified Communications Manager and PTC Windchill/FlexPLM products by June 28 due to active exploitation. The move underscores the urgency of addressing known exploited flaws in widely used enterprise and industrial software.

Apple Vision Pro and Smart Glasses Chief Paul Meade Departs for OpenAI

Paul Meade, Apple’s VP in charge of Vision Pro and smart glasses development, is leaving for OpenAI’s hardware unit by next week to work on its AI-powered devices. The departure, reported June 26, 2026, continues a pattern of executives exiting Apple for AI rivals and follows a 2025 restructuring of the company’s spatial computing teams.