Windows Kernel Information Disclosure Vulnerability

MonitorCVSS 5.5CVE-2026-32218Apr 14, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in the Windows Kernel allows insertion of sensitive information into log files. An authorized local user could read these logs and obtain sensitive system information. The vulnerability requires local user credentials and does not enable remote access, privilege escalation, or system disruption. Microsoft has released patches for all supported Windows versions.

What this means

What could happen

An authorized user with local access to a Windows system could extract sensitive information from kernel logs, potentially exposing configuration details or system secrets. This is a local information disclosure with no impact on system availability or integrity.

Who's at risk

This affects all Windows Server 2022, 2025, Windows 10 (all versions 21H2 and 22H2), and Windows 11 (versions 23H2, 24H2, 25H2, 26H1) systems. Organizations running these operating systems on engineering workstations, HMI servers, or any IT infrastructure connected to OT networks should prioritize patching to prevent information disclosure through log analysis.

How it could be exploited

An attacker with a local user account on the Windows system could read kernel log files to retrieve sensitive information that should not be logged. This requires local system access and user privileges; remote exploitation is not possible.

Prerequisites

Valid local user account on the Windows system
Local file system access to kernel log files
Windows kernel running the affected build

Requires local credentialsLow complexity exploitationAffects confidentiality only (no integrity or availability impact)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (19)

19 with fix

ProductAffected VersionsFix Status

Windows Server 2022All versionsBuild 10.0.20348.5020

Windows Server 2022 (Server Core installation)All versionsBuild 10.0.20348.5020

Windows 10 Version 21H2 for 32-bit SystemsAll versionsBuild 10.0.19044.7184

Windows 10 Version 21H2 for ARM64-based SystemsAll versionsBuild 10.0.19044.7184

Windows 10 Version 21H2 for x64-based SystemsAll versionsBuild 10.0.19044.7184

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

Windows Server 2022

HOTFIXApply the April 2026 Windows security update to all Windows Server 2022, Windows Server 2025, Windows 10, and Windows 11 systems

Long-term hardening

0/2

HARDENINGRestrict local file system access to kernel log locations using NTFS permissions to only authorized administrators

HARDENINGReview and audit access logs to kernel log files on systems where local user access is broadly granted

CVEs (1)

CVE-2026-32218

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d59b47a6-36f3-4fd6-9d5b-211a017b513d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.