Summary
Microsoft confirmed active exploitation of CVE-2026-32202, a Windows Shell flaw that allows zero-click NTLM credential theft via malicious LNK files. The vulnerability is an incomplete fix for earlier RCE flaws used by the APT28 threat group in targeted espionage campaigns.
Take Action:
Apply Microsoft's April 2026 patches immediately to all Windows systems, as this vulnerability steals your credentials just by viewing a folder containing a malicious shortcut file - no clicking required. Block outbound SMB traffic (ports 445 and 139) at your firewall to prevent credential theft.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)