Microsoft revised its advisory for CVE-2026-32202, a high-severity Windows Shell spoofing vulnerability (CVSS 4.3) that has been actively exploited in the wild. The flaw allows attackers to access sensitive information and was patched as part of Microsoft's Patch Tuesday update.

Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by