Google has warned that hackers are actively and widely exploiting a critical security flaw in Microsoft Windows, raising concerns about potential ransomware attacks and large-scale system compromises.
The vulnerability, tracked as CVE-2026-21510, affects the Windows shell, a core component that powers the operating system’s user interface. According to Google’s Threat Intelligence Group, the flaw is under “widespread, active exploitation,” allowing attackers to silently execute malicious code on targeted systems.
Successful attacks can grant hackers elevated privileges, increasing the risk of ransomware deployment, data theft, and broader network compromise, Google said.
The flaw allows attackers to bypass Microsoft’s SmartScreen security feature, which is designed to block malicious files and suspicious links. By tricking a user into clicking a specially crafted link or shortcut file, hackers can execute malware with minimal interaction — a rare “one-click” pathway to full system compromise.
Security expert Dustin Childs described the vulnerability as particularly dangerous because of its simplicity.
“There is user interaction here, as the client needs to click a link or a shortcut file,” Childs wrote in a blog post. “Still, a one-click bug to gain code execution is a rarity.”
Microsoft has since released security updates to address the issue, acknowledging the role of Google’s researchers in identifying the flaw. The company also warned that technical details about the exploit have been made public, potentially increasing the likelihood of further attacks.
In addition to the Windows shell vulnerability, Microsoft patched several other zero-day flaws in Windows and Office that were also being actively exploited.
Users and organizations are advised to install the latest security updates immediately to mitigate the risk.
