{"id":236250,"date":"2026-04-30T22:22:24","date_gmt":"2026-05-01T03:22:24","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/04\/cisa-orders-feds-to-patch-windows-flaw-exploited-as-zero-day"},"modified":"2026-04-30T22:22:24","modified_gmt":"2026-05-01T03:22:24","slug":"cisa-orders-feds-to-patch-windows-flaw-exploited-as-zero-day","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/04\/cisa-orders-feds-to-patch-windows-flaw-exploited-as-zero-day","title":{"rendered":"CISA orders feds to patch Windows flaw exploited as zero-day"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/cisa-orders-feds-to-patch-windows-flaw-exploited-as-zero-day.jpg\"><\/a><\/p>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks.<\/p>\n<p>Tracked as <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-32202\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2026\u201332202<\/a>, this security flaw was reported by cybersecurity firm Akamai, which described it as a zero-click NTLM hash leak vulnerability left behind after Microsoft incompletely patched a remote code execution flaw (<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-21510\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2026\u201321510<\/a>) in February.<\/p>\n<p>As CERT-UA revealed, the Russian APT28 (aka UAC-0001 and Fancy Bear) cyberespionage group <a href=\"http:\/\/cert.gov.ua\/article\/6287250\" target=\"_blank\" rel=\"nofollow noopener\">exploited CVE-2026\u201321510<\/a> in attacks against Ukraine and EU countries in December 2025 as part of an exploit chain that also targeted a LNK file flaw (CVE-2026\u201321513).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. Tracked as CVE-2026\u201332202, this security flaw was reported by cybersecurity firm Akamai, which described it as a zero-click NTLM hash leak vulnerability left behind after Microsoft incompletely patched a remote code [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-236250","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/236250","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=236250"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/236250\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=236250"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=236250"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=236250"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}