OTPulse

Windows TCP/IP Driver Security Feature Bypass Vulnerability

MonitorCVSS 6.5CVE-2026-35422May 12, 2026
Microsoft
IT in OT - Windows Server and Active Directory are widely deployed in OT environments
Attack path
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

A security feature bypass in the Windows TCP/IP driver allows an authenticated attacker to bypass network-level security controls over the network. An authorized user could exploit an alternate path in the TCP/IP stack to circumvent firewall rules or connection restrictions, potentially gaining unauthorized access to network resources or enabling lateral movement within your network.

What this means
What could happen
An authenticated attacker on your network could bypass TCP/IP security features (such as firewall rules or connection restrictions) to gain unauthorized access to network services. This could allow them to reach systems or ports they should not have access to, potentially leading to lateral movement or data theft.
Who's at risk
Water utilities and municipal electric systems using Windows-based SCADA workstations, historian servers, or engineering systems should prioritize patching. Affected systems include Windows 10 (all current versions), Windows 11 (all current versions), Windows Server 2016, 2019, 2022, and 2025. IT/OT network administrators managing Windows hosts should apply updates to prevent insider threats and lateral movement attacks.
How it could be exploited
An attacker with valid credentials on your network could send specially crafted TCP/IP traffic that bypasses security checks in the Windows TCP/IP driver. By exploiting this alternate path, they could access restricted network resources without triggering standard firewall or access control mechanisms.
Prerequisites
  • Valid user account credentials on a Windows system running an affected version
  • Network access to the target Windows system
  • Ability to send network traffic from an authenticated session
remotely exploitableauthentication requiredaffects network isolation controlsimpacts multiple Windows versions
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (27)
27 with fix
ProductAffected VersionsFix Status
Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8755
Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8755
Windows Server 2019All versionsBuild 10.0.17763.8755
Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8755
Windows Server 2022All versionsBuild 10.0.20348.5139
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXApply Windows security updates for May 2026 to all affected systems (see product fixes for specific build versions)
HOTFIXPrioritize patching Windows Server systems in your network perimeter or DMZ that face untrusted networks
Long-term hardening
0/2
HARDENINGReview and enforce network segmentation to restrict lateral movement between systems and OT networks
HARDENINGEnforce strong access controls and credential management to limit the number of authenticated users with network access
View full vendor advisory
API: /api/v1/advisories/0f78002c-f127-4e42-9966-93df0565e421

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.