OTPulse

Windows TCP/IP Denial of Service Vulnerability

Plan PatchCVSS 7.1CVE-2026-40401May 12, 2026
Microsoft
IT in OT - Windows Server and Active Directory are widely deployed in OT environments
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A null pointer dereference in the Windows TCP/IP driver allows a local attacker to cause a denial of service by sending a malformed TCP/IP packet. The affected systems crash and become unreachable over the network until rebooted. This affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 23H2, 24H2, 25H2, 26H1), and Windows Server 2016, 2019, 2022, and 2025 across both standard and Server Core installations.

What this means
What could happen
An attacker with local access to a Windows system could send a malformed TCP/IP packet, causing the networking stack to crash and deny service to that device, potentially interrupting connections to networked equipment or monitoring systems in your plant.
Who's at risk
Windows system administrators should prioritize updates for Windows 10 (all versions), Windows 11 (all versions), Windows Server 2016, 2019, 2022, and 2025. Any of these systems used as engineering workstations, data aggregators, HMIs, or network nodes in critical paths should be updated to ensure continuous availability of monitoring and control connections.
How it could be exploited
An attacker with local system access crafts a specially malformed TCP/IP packet. The Windows TCP/IP driver processes the packet, hits a null pointer dereference in memory, and crashes the networking stack. This causes the device to stop responding to network requests until it is rebooted.
Prerequisites
  • Local system access (ability to execute code or send packets from the Windows machine)
  • No authentication required beyond local access
Local exploitation requiredLow complexity attackHigh severity denial of service impact
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (21)
21 with fix
ProductAffected VersionsFix Status
Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8755
Windows Server 2019All versionsBuild 10.0.17763.8755
Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8755
Windows Server 2022All versionsBuild 10.0.20348.5139
Windows Server 2022 (Server Core installation)All versionsBuild 10.0.20348.5139
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply the Windows May 2026 security update to all affected Windows 10 and Windows Server systems in your environment
View full vendor advisory
API: /api/v1/advisories/25fc30cc-0170-4c88-b8da-e26f5c3075bd

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Windows TCP/IP Denial of Service Vulnerability | CVSS 7.1 - OTPulse