Active Directory Spoofing Vulnerability

MonitorCVSS 6.2CVE-2026-32072Apr 14, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.

What this means

What could happen

An attacker with local access to a Windows system could spoof identities in Active Directory, potentially gaining unauthorized access to network resources and compromising authentication-dependent processes.

Who's at risk

Organizations running Windows 10 (versions 1607, 1809, 21H2, 22H2) or Windows 11 (any version) as either workstations or servers, and Windows Server 2016, 2019, 2022, or 2025 systems that are domain members. This affects IT administrators, engineers with workstation access, and any user with administrative or local access to these systems.

How it could be exploited

An attacker with local access to the Windows system could exploit the improper authentication in Active Directory to perform identity spoofing, bypassing normal authentication checks and gaining access as a different user or computer account on the domain.

Prerequisites

Local access to a Windows 10 or Windows Server system
The system must be domain-joined to an Active Directory environment

No authentication required (local access only)Affects Active Directory authenticationLow complexity exploitation

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (27)

27 with fix

ProductAffected VersionsFix Status

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8644

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8644

Windows Server 2019All versionsBuild 10.0.17763.8644

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8644

Windows Server 2022All versionsBuild 10.0.20348.5020

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Windows Server 2016

HOTFIXApply the April 2026 Windows security update to all Windows Server 2016, 2019, 2022, and 2025 systems

All products

HOTFIXApply the April 2026 Windows security update to all Windows 10 and Windows 11 workstations

Long-term hardening

0/2

HARDENINGRestrict local administrative access to only authorized personnel who require it

HARDENINGReview and enforce strong local system access controls and physical security measures

CVEs (1)

CVE-2026-32072

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6afb47d2-8f6e-4569-bbac-b95e49202a3f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.