Microsoft has confirmed ongoing exploitation of a critical Windows Shell vulnerability tracked as CVE-2026-32202, discovered shortly after the April 27 security patch was released. This zero-click flaw leverages SMB authentication mechanisms to extract sensitive NTLMv2 password hashes from affected systems without user interaction. Organizations running vulnerable Windows versions face immediate risk of credential compromise and lateral movement attacks. Security teams should prioritize deployment of the latest Microsoft patches and implement network segmentation to mitigate potential breach scenarios.

Summary auto-generated by AI from the original publisher's content. Editorial standards.