Windows Kernel Information Disclosure Vulnerability

MonitorCVSS 5.5CVE-2026-32217Apr 14, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Insertion of sensitive information into log file in Windows Kernel allows an authorized local attacker to disclose information. The vulnerability requires local user access with basic privileges to trigger and read kernel log files containing sensitive data.

What this means

What could happen

A user with local access to a Windows system could read sensitive information from kernel log files, potentially exposing configuration details or credentials. This risk is primarily relevant if your OT systems run Windows-based engineering workstations, HMIs, or historian servers with untrusted users.

Who's at risk

Windows servers and workstations used in OT environments—including HMI servers, engineering workstations, Windows-based data historians, and DCS operator stations. This affects all versions of Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and 2025 across 32-bit, x64, and ARM64 platforms.

How it could be exploited

An attacker with a local user account on a Windows system can access and read kernel log files containing sensitive data. No special tools or network access are required—only the ability to log in locally or via RDP.

Prerequisites

Local user account or RDP access to an affected Windows system
Ability to read kernel log files or event logs

Low complexity exploitationRequires local access (not remote)Sensitive data exposure

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (27)

27 with fix

ProductAffected VersionsFix Status

Windows 11 Version 26H1 for ARM64-based SystemsAll versionsBuild 10.0.28000.1836

Windows 11 version 26H1 for x64-based SystemsAll versionsBuild 10.0.28000.1836

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8644

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8644

Windows Server 2019All versionsBuild 10.0.17763.8644

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict local and remote desktop access to Windows systems to authorized personnel only. Review and remove unnecessary local user accounts.

WORKAROUNDDisable or restrict access to kernel event logs on systems where local users should not view system diagnostics. Use Windows Event Viewer permissions or Group Policy to limit log access.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply the April 2026 Windows security update to all affected Windows systems. Consult your OS version's fixed build number and verify installation via Windows Update or WSUS.

CVEs (1)

CVE-2026-32217

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2288231a-d286-40fe-b569-1cf7a03a8e88

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.