CVE-2009-0238 in Microsoft Products: Actively Exploited, Added to CISA KEV

📅 April 15, 2026 🔴 Exploit Risk: 0.429 📊 Intelligence Score: 60/100 📰 10 sources synthesized

TL;DR — Read this first

CVE-2009-0238, a legacy vulnerability in an unspecified Microsoft product, has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation.
The vulnerability has a high EPSS score of 0.57177, indicating a significant probability of exploitation. The CVSS score is not available.
Immediate action is to investigate for the presence of potentially vulnerable legacy Microsoft systems and prioritize based on confirmed exploitation, even without a patch advisory for this specific campaign.

Intelligence Metadata

First Reported Bythehackernews.com

Outbreak Velocity1184 minutes spread to 6 unique domains

Consensus10 articles across 6 unique domains

CVSS ScoreNot available

EPSS Score0.57177 (97.5th percentile)

CISA KEV StatusConfirmed

Exploit Risk Score0.4287

Race LabelZERO-DAY RACE

Technical Analysis

CONFIRMED: CVE-2009-0238 is being actively exploited in the wild, evidenced by its addition to the CISA KEV catalog on 2026-04-14. The specific attack vector, vulnerability class, and preconditions for the current exploitation campaign are not detailed in the available intelligence. The provided source articles reference other, unrelated Microsoft vulnerabilities (CVE-2026-26181, CVE-2026-26149, CVE-2026-20945) and do not offer technical specifics on the exploit chain for CVE-2009-0238.

INFERRED: The re-emergence of a 2009 vulnerability in a modern campaign suggests threat actors have developed a new, reliable exploit for legacy systems that may be unpatched or have fallen out of standard vulnerability management cycles. The lack of a CVSS score should be disregarded in light of the KEV status, which serves as definitive proof of risk.

Affected Systems

Vendor: Microsoft

Affected Versions:

Not specified in provided intelligence

Exposure: Not available

Blast Radius: Unknown. Potentially includes legacy Microsoft systems that remain unpatched against this vulnerability.

Intelligence Context

The addition of CVE-2009-0238 to the CISA KEV catalog is the primary signal for prioritization. This action confirms active, real-world exploitation. The high EPSS score of 0.57177 further substantiates the threat, placing it in the 97.5th percentile of vulnerabilities likely to be exploited. The 'ZERO-DAY RACE' label, despite the CVE's age, indicates that a new exploit method has been discovered, initiating a race for defenders to identify and mitigate affected assets before the exploit is widely operationalized. This combination of confirmed exploitation and high probability metrics mandates immediate investigation over routine patching cycles.

Remediation & Defense

Investigate immediately. Use asset inventories to identify any systems potentially vulnerable to a 2009-era Microsoft flaw. The CISA KEV status supersedes standard CVSS-based prioritization.

Patch Status: Not available

Patch Version: Not available. Patches for a 2009 vulnerability would likely be part of historical security rollups. The affected product may be End-of-Life.

Workarounds:

Not available

Detection Hints:

Monitor for anomalous activity on legacy Microsoft systems, as specific IoCs for this campaign are not yet available.

Source Timeline

thehackernews.com — First reporter
cisa.gov — Official KEV entry confirmation
msrc.microsoft.com — Vendor advisory source
nvd.nist.gov — Official CVE record

CVE-2009-0238 microsoft vulnerability kev actively-exploited legacy-systems