Microsoft “Shell Spoofing” Zero‑Day (CVE‑2026‑32202): Silent NTLM Coercion via LNK Files and What to Do Now
A new Microsoft Windows zero‑day, tracked as CVE‑2026‑32202, is turning a previously patched exploit chain back into a live fire. The original updates addressed a remote code execution (RCE) and a SmartScreen bypass, but they left behind a zero‑click way to coerce NTLM authentication. That omission enables attackers to silently force a victim endpoint to…