Windows Kernel Elevation of Privilege Vulnerability

Plan Patch7.8CVE-2026-26132Mar 10, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A use-after-free vulnerability in the Windows Kernel allows a user with standard privileges to elevate to system-level access. An authorized attacker with a user account can exploit this flaw to gain full control of the affected machine. This affects all recent versions of Windows 10, Windows 11, and Windows Server 2022/2025 across x64, ARM64, and 32-bit platforms.

What this means

What could happen

A user with standard access on a Windows machine could run commands with system-level privileges, potentially gaining control of critical control systems, HMIs, or engineering workstations that process production data or send commands to industrial equipment.

Who's at risk

Windows 10, Windows 11, and Windows Server 2022/2025 systems used as engineering workstations, human-machine interfaces (HMIs), data historians, or supervisory control systems. Any OT network that relies on Windows endpoints for process monitoring, configuration, or command dispatch is at risk.

How it could be exploited

An attacker with a user account on a Windows machine (common for engineering workstations, HMIs, or data collection systems) exploits a use-after-free flaw in the kernel to escalate privileges to system level. Once elevated, the attacker can modify processes, install backdoors, or alter industrial control logic running on that machine.

Prerequisites

Valid user account on the target Windows system
Local logon access to the machine

locally exploitablelow complexityaffects core operating systemauthentication required but easily obtained in OT environments

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (19)

19 with fix

ProductAffected VersionsFix Status

Windows 11 Version 24H2 for x64-based SystemsAll versionsBuild 10.0.26100.8037

Windows Server 2025All versionsBuild 10.0.26100.32522

Windows 11 Version 26H1 for ARM64-based SystemsAll versionsBuild 10.0.28000.1719

Windows Server 2022All versionsBuild 10.0.20348.4893

Windows Server 2022 (Server Core installation)All versionsBuild 10.0.20348.4893

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply March 2026 Windows security updates to all affected Windows versions

CVEs (1)

CVE-2026-26132

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8f126a6a-d4fe-46a6-a76b-0e1b131f90ad

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.