By The Hacker News
Publication Date: 2026-04-28 05:50:00
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild.
The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could allow an attacker to access sensitive information. It was addressed as part of its Patch Tuesday update for this month.
“Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network,” Microsoft noted in an alert. “An attacker would have to send the victim a malicious file that the victim would have to execute.”
“An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit…