Windows Shell Zero-Day Vulnerability Allows Attackers to Bypass Authentication - gbhackers.com

Windows Shell Zero-Day Vulnerability CVE/vulnerabilityCyber Security NewsVulnerability 2 min.Read Windows Shell Zero-Day Vulnerability Allows Attackers to Bypass Authentication By Divya February 11, 2026 Share Facebook Twitter Pinterest WhatsApp Microsoft has issued an urgent security warning following the discovery of a zero-day vulnerability in the Windows Shell, now tracked as CVE-2026-21510. This critical flaw, which carries a high severity score of 8.8, is currently being exploited in the wild, forcing a race against time for IT administrators globally. Bypassing the Gatekeepers The vulnerability is classified as a “Security Feature Bypass.” In simple terms, it allows attackers to sneak malicious programs past the guards that usually stop them. Normally, Windows uses tools like SmartScreen and user security prompts to check files before they run. Metric Value CVE ID CVE-2026-21510 Title Windows Shell Security Feature Bypass Vulnerability CVSS v3.1 Score 8.8 / 10 (High) Max Severity Important Exploitation Status Exploited (Zero-Day) These tools act as a digital ID check, verifying that a file is safe or authorized. CVE-2026-21510 allows hackers to trick Windows into skipping this check entirely.​ By exploiting a flaw in how the Windows Shell (the interface you use to navigate folders and files) handles specific information, an attacker can create a malicious file, often a link or shortcut, that looks harmless to the system. When a victim opens this file, the malicious code runs immediately, without the usual warning pop-ups or consent requests that would normally alert the user.​ The attack vector is network-based but requires user interaction. Attackers are likely spreading this via: Malicious Shortcuts (LNK files): These are disguised as legitimate documents or folders. Phishing Links: Users are tricked into clicking a link that triggers the exploit. Because the vulnerability bypasses the “Mark of the Web” (the tag Windows puts on downloaded files to treat them with caution), the malware executes with the same trust level as a local, safe file. This effectively bypasses the authentication and authorization steps that usually block unauthorized software.​ The scope of this vulnerability is massive. It affects nearly every supported version of Windows, including: Desktop: Windows 10 and Windows 11 (versions 21H2 through 25H2). Server: Windows Server 2012, 2016, 2019, 2022, and the new Server 2025. Microsoft has credited the Microsoft Threat Intelligence Center (MSTIC) and Google Threat Intelligence Group for identifying the flaw. Because active attacks have already been detected, this is not a theoretical drill. Administrators and users must apply the February 2026 Security Updates immediately. The specific patches (e.g., KB5077179 for Windows 11, KB5075912 for Windows 10) are available now through Windows Update. Until patched, users should be extremely cautious when opening shortcut files or links from untrusted sources. Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google Tags cyber security Cyber Security News Vulnerability Divya Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world. Hot this week Infosec- Resources How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities June 4, 2023 1 What is Deep Web The deep web, invisible web, or... SOC Architecture How to Build and Run a Security Operations Center (SOC Guide) – 2023 June 3, 2023 12 Today’s Cyber security operations center (CSOC) should have everything... Cyber Security News Network Penetration Testing Checklist – 2025 March 2, 2025 0 Network penetration testing is a cybersecurity practice that simulates... Cyber Security News Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component October 18, 2023 0 TeamViewer's popularity and remote access capabilities make it an... Checklist Web Server Penetration Testing Checklist – 2026 January 6, 2026 0 Web server pentesting is performed under three significant categories: identity,... Topics AcquisitionAdobeAdwareAIAmazonAmazon AWSAMDAndroidAnti VirusAntimalwareAntispoofingANY RUNApacheAPIAppleAPTArtificial IntelligenceAvastAWSAzureBackdoorBitcoinBluetoothBotnetBrowserBuffer over flowBug BountyBusinessChatbotsChatGPTChecklistChromeCiscoCISOCISO AdvisoryCloudCloud SecurityCloudflareComputer SecurityCourseCPUCross site ScriptingcryptocurrencyCryptocurrency hackCVE/vulnerabilityCyber AdvisoryCyber AICyber AttackCyber Crimecyber securityCyber security CourseCyber Security NewsCyber Security ResourcesDark WebData BreachData GovernanceDDOSDealsDeepSeekDiscordDNSDos AttackDriveDropboxEducationEmailEmail SecurityEthical HackingExploitExploitation ToolsExtratorrentsFACEBOOKFeaturedFirefoxFirefox NewsFirewallForensics ToolsgameGenAIGitHubGitLabGmailGoogleGoogle dorksGovernanceGRCHacking BooksHacksHardware HackingHBOHTMLHTTPIBMIISIncident ResponseInformation GatheringInformation Security RisksInfosec- ResourcesInsider ThreatsInstagramMore cyber security Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks 0 Handala Hack is an Iranian state-linked destructive actor that... Cyber Attack Cyberattack Hits Poland’s Nuclear Research Center 0 Poland's National Centre for Nuclear Research recently experienced a... Cyber Attack CamelClone Uses Public File-Sharing Sites in Government Cyberattacks 0 A new cyber espionage campaign dubbed Operation CamelClone, targeting... AI Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories 0 Zach Rice, the original creator of the widely popular... Botnet RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs 0 RondoDox is a Mirai‑style botnet that has quickly evolved... cyber security MEA Shipment Phishing Scams Surge, Stealing Banking Data in Real Time 0 Every day, billions of people rely on postal and... Android Google Unveils Android 17 Advanced Protection Mode to Stop Malicious Services 0 Google is preparing to launch Android 17, introducing a... Cyber Security News Google Looker Studio Vulnerabilities Allow Attackers to Exfiltrate Data from Google Services 0 Tenable Research recently uncovered “LeakyLooker,” a critical set of... Related Articles Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks cyber security March 16, 2026 Cyberattack Hits Poland’s Nuclear Research Center Cyber Attack March 16, 2026 CamelClone Uses Public File-Sharing Sites in Government Cyberattacks Cyber Attack March 16, 2026 Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories AI March 16, 2026 RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs Botnet March 16, 2026 Recent News Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks Mayura Kathir - March 16, 2026 Cyberattack Hits Poland’s Nuclear Research Center Divya - March 16, 2026 CamelClone Uses Public File-Sharing Sites in Government Cyberattacks Mayura Kathir - March 16, 2026 Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories Divya - March 16, 2026 RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs Mayura Kathir - March 16, 2026 MEA Shipment Phishing Scams Surge, Stealing Banking Data in Real Time Mayura Kathir - March 16, 2026