Windows Kernel Elevation of Privilege Vulnerability

Plan Patch7.8CVE-2026-24287Mar 10, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in the Windows kernel allows an authorized local user to elevate their privileges. The vulnerability involves external control of a file name or path in the kernel. This affects Windows Server 2019, 2022, and 2025, as well as Windows 10 and Windows 11 across all supported versions and architectures.

What this means

What could happen

A local attacker with user credentials could exploit this Windows kernel vulnerability to gain administrative privileges on the affected computer. This could allow them to modify critical system settings, disable security controls, or alter operational software running on that workstation.

Who's at risk

Any IT department managing Windows Server 2019, 2022, or 2025 installations, plus Windows 10 and Windows 11 workstations running all supported versions (x64, 32-bit, and ARM64-based systems). This affects SCADA workstations, engineering terminals, HMI systems running Windows, and any administrative computers used to manage OT infrastructure.

How it could be exploited

An attacker with valid user login credentials on a Windows workstation can trigger a kernel-level privilege escalation by manipulating a file path or name in the Windows kernel, resulting in administrator-level access to the system.

Prerequisites

Valid user credentials on the Windows workstation
Local access to the system or ability to log in remotely via RDP or similar
No special network access required—this is a local privilege escalation

Local privilege escalation requiredRequires valid user credentialsAffects widely deployed Windows operating systemsLow EPSS score (0.1%) indicates exploitation is unlikely in the wild

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (23)

23 with fix

ProductAffected VersionsFix Status

Windows Server 2022All versionsBuild 10.0.20348.4893

Windows 10 Version 21H2 for 32-bit SystemsAll versionsBuild 10.0.19044.7058

Windows 10 Version 21H2 for ARM64-based SystemsAll versionsBuild 10.0.19044.7058

Windows 10 Version 22H2 for x64-based SystemsAll versionsBuild 10.0.19045.7058

Windows 10 Version 22H2 for ARM64-based SystemsAll versionsBuild 10.0.19045.7058

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGReview and restrict local workstation access to authorized personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

Windows Server 2022

HOTFIXApply the March 2026 Windows security update to Windows Server 2022, Windows Server 2019, Windows Server 2025, and all supported Windows 10 and Windows 11 versions

Long-term hardening

0/1

HARDENINGImplement multi-factor authentication (MFA) for remote access and administrative accounts to reduce risk from credential compromise

CVEs (1)

CVE-2026-24287

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/704b0b51-d297-4524-8386-6d352d35bf66

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.