Windows SMB Server Elevation of Privilege Vulnerability

Plan Patch7.8CVE-2026-24294Mar 10, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A flaw in Windows SMB Server's authentication handling allows a user with local access to escalate their privileges to administrator level. This affects Windows Server 2016, 2019, 2022, 2025 and Windows 10/11 systems across all supported versions and architectures (x64, 32-bit, ARM64).

What this means

What could happen

A user with local access to a Windows server can exploit this vulnerability to gain administrator-level privileges, allowing them to modify system settings, access sensitive data, or disrupt critical operations on systems like SCADA servers or engineering workstations.

Who's at risk

IT operators managing Windows servers in industrial environments should prioritize this, especially for Windows Server 2016, 2019, 2022, and 2025 systems used as domain controllers, engineering workstations, or OT gateway servers. Windows 10 and 11 systems used as SCADA front-ends or engineering clients are also affected.

How it could be exploited

An attacker with a regular user account logs into the Windows machine locally. They exploit a flaw in the SMB server's authentication check to bypass privilege requirements and execute commands with administrator rights.

Prerequisites

Local user account on the affected Windows system
Physical or remote desktop access to the machine

low complexityhigh CVSS score (7.8)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (27)

27 with fix

ProductAffected VersionsFix Status

Windows Server 2022All versionsBuild 10.0.20348.4893

Windows Server 2022 (Server Core installation)All versionsBuild 10.0.20348.4893

Windows 10 Version 21H2 for 32-bit SystemsAll versionsBuild 10.0.19044.7058

Windows 10 Version 21H2 for ARM64-based SystemsAll versionsBuild 10.0.19044.7058

Windows 11 Version 24H2 for x64-based SystemsAll versionsBuild 10.0.26100.8037

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply Microsoft's March 2026 security update to all affected Windows Server and Windows 10/11 systems

CVEs (1)

CVE-2026-24294

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7a709432-7cf3-414e-b918-b41ddf81d55b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.