Microsoft · Windows Shell · CVE-2026-32202
**Name of the Vulnerable Software and Affected Versions**
Microsoft Windows versions prior to April 2026
**Description**
A protection mechanism failure in the Windows Shell allows an unauthorized remote attacker to perform spoofing. The issue occurs when a malicious Windows shortcut or LNK path triggers an automatic SMB authentication attempt, which exposes the victim's `Net-NTLMv2` hash for potential relay or offline cracking. This can happen without user interaction, such as when a user simply opens a folder containing a malicious shortcut. This flaw has been actively exploited in the wild by APT28 (also known as Fancy Bear) targeting Ukraine and EU nations as part of a larger exploit chain to deliver malicious code from remote servers.
**Recommendations**
Update Microsoft Windows to the version released in April 2026.