Microsoft Patch for Russian-Spy 0-Day Fell Short — New Windows Shell Flaw CVE-2026-32202 Now Under Active Attack

CVE-2026-32202, a Windows Shell spoofing vulnerability (CVSS 4.3), is under active exploitation after an incomplete Microsoft patch for CVE-2026-21510 created the new flaw, according to Akamai researcher Maor Dahan. Russia's APT28 (Fancy Bear) exploited the original CVE-2026-21510 against Ukraine and EU countries in January 2026. CISA added CVE-2026-32202 to the KEV catalog with a May 12, 2026 deadline for federal agencies to remediate. The incident highlights the risks of incomplete patches creating new attack surfaces, particularly when nation-state actors are actively targeting the original vulnerability chain.