Windows 0-Click Flaw Bypasses SmartScreen; Patch Leaves NTLM Exposure

April 29, 2026 at 10:45 AM

•

1 min read

Windows 0-Click Flaw Bypasses SmartScreen; Patch Leaves NTLM Exposure — Photo: CyberSecurityNews

TL;DR Summary

APT28 exploited a Windows Shell 0-click vulnerability chain (CVE-2026-21510 and CVE-2026-21513) via a weaponized LNK file to bypass Defender SmartScreen and load a CPL component without user interaction; Microsoft patched the RCE path in the April 2026 Patch Tuesday by adding ControlPanelLinkSite and a trust-verification flag, but a residual flaw (CVE-2026-32202) allows NTLM authentication to be triggered during UNC-path resolution when opening a folder containing the LNK, enabling credential exposure. Defenders should apply the April 2026 updates immediately, monitor outbound SMB traffic, enforce NTLMv2 or Kerberos, and perform regression testing to prevent patch regressions.

Topics:technology #apt28 #cve-2026-21510 #cve-2026-32202 #cyber-security-news #smartscreen #windows

Share this article

New Windows 0-Click Vulnerability Exploited to Bypass Defender SmartScreen CyberSecurityNews
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 The Hacker News
Incomplete Windows Patch Opens Door to Zero-Click Attacks SecurityWeek
CISA orders feds to patch Windows flaw exploited as zero-day BleepingComputer
CISA Warns of Windows Shell Zero-Day Exploited in Attacks gbhackers.com

Reading Insights

Total Reads

Unique Readers

Time Saved

58 min

vs 59 min read

Condensed

99%

11,755 → 94 words

Want the full story? Read the original article

Read on CyberSecurityNews

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights