Windows TCP/IP Local Elevation of Privilege Vulnerability

Plan PatchCVSS 7.8CVE-2026-33837May 12, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A heap-based buffer overflow exists in Windows TCP/IP stack that allows a local user with standard privileges to escalate to SYSTEM-level access. This vulnerability is present in Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 23H2, 24H2, 25H2, 26H1), Windows Server 2016, 2019, 2022, 2025 across all supported architectures. Microsoft has released fixes for all affected versions.

What this means

What could happen

A user with local access to a Windows system could exploit a flaw in TCP/IP processing to gain administrator-level control, allowing them to alter system settings, access sensitive data, or interfere with critical applications running on that machine.

Who's at risk

This affects Windows 10 (all versions), Windows 11 (all versions), Windows Server 2016, 2019, 2022, and 2025 running on 32-bit, x64, and ARM64 architectures. Focus on any servers or workstations that run critical control applications, SCADA interfaces, or host remote access tools for your operational technology network.

How it could be exploited

An attacker with a standard user account on the Windows system would craft a specially formed TCP/IP packet or trigger a specific TCP/IP operation that causes a heap buffer overflow. This allows execution of code with SYSTEM privileges, bypassing normal access controls.

Prerequisites

Local user account on the Windows system
Ability to execute code or send crafted network packets locally
Windows system running unpatched version

Low authentication requirements (standard user)Low exploit complexityHigh impact (full privilege escalation)Affects servers that may host OT applications or remote access

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (27)

27 with fix

ProductAffected VersionsFix Status

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8755

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8755

Windows Server 2019All versionsBuild 10.0.17763.8755

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8755

Windows Server 2022All versionsBuild 10.0.20348.5139

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply the 2026-May Windows security update to all Windows 10, Windows 11, and Windows Server systems

CVEs (1)

CVE-2026-33837

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d20be970-d162-4cdb-a216-fd3c0e2782c6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.