Akamai researchers discovered that Microsoft's patch for an APT28 zero-day (CVE-2026-21510) was incomplete, resulting in a new zero-click authentication coercion vulnerability (CVE-2026-32202). While the patch successfully mitigated remote code execution by adding SmartScreen verification, it failed to prevent Windows Explorer from initiating an SMB connection to resolve UNC paths during icon extraction, allowing attackers to steal Net-NTLMv2 hashes without user interaction.