The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog.
This specific security flaw, identified as CVE-2008-0015, impacts the Windows Video ActiveX Control and allows for remote code execution (RCE).
The agency updated the catalog on February 17, 2026, confirming that evidence of active exploitation exists in the wild and posing a significant risk to unpatched systems.
| CVE ID | Vulnerability Name | Date Added | Due Date |
|---|---|---|---|
| CVE-2008-0015 | Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability | 2026-02-17 | 2026-03-10 |
The vulnerability resides within the way the Microsoft Windows Video ActiveX Control processes specific inputs.
Attackers can exploit this weakness by constructing a specially crafted webpage designed to trigger the flaw.
When a user navigates to this malicious page, the vulnerability allows the attacker to execute arbitrary code remotely on the victim’s machine.
Successful exploitation grants the threat actor the same user rights as the currently logged-on user.
If the user is logged in with administrative privileges, the attacker could effectively take control of the affected system, allowing them to install programs, view or delete data, and create new accounts with full user rights.
The fact that threat actors are leveraging a vulnerability originally identified in 2008 highlights the continued risk posed by legacy software components.
In accordance with Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are mandated to remediate this vulnerability by March 10, 2026.
While this directive is legally applicable only to federal agencies, CISA strongly recommends that all organisations prioritise this fix to prevent potential network compromise.
System administrators should apply the mitigations provided by Microsoft or discontinue the use of the product if specific mitigations are unavailable.
Although CISA has not yet confirmed if this flaw is being utilized in ransomware campaigns, the capability for remote code execution necessitates immediate action from network defenders.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Googlemrithi@03
