Windows TCP/IP Denial of Service Vulnerability

Plan PatchCVSS 7.5CVE-2026-40405May 12, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A null pointer dereference in Windows TCP/IP allows an attacker on the network to cause a denial of service by sending specially crafted TCP/IP packets. The vulnerability affects Windows Server 2025 and Windows 11 versions 24H2, 25H2, and 26H1 across both x64 and ARM64 architectures. No authentication is required, and the attack requires only network access.

What this means

What could happen

An attacker on the network can send specially crafted TCP/IP packets to crash or hang Windows systems, disrupting any services running on those machines including SCADA servers, engineering workstations, or data historians.

Who's at risk

Water utilities and municipalities running Windows-based SCADA servers, engineering workstations, historians, or other control system support servers on Windows Server 2025 or Windows 11 (any version from 24H2 onwards). Any Windows system exposed to untrusted networks is at risk.

How it could be exploited

An attacker sends malformed TCP/IP packets from any network-reachable location to a vulnerable Windows system. The TCP/IP stack attempts to process the packet, encounters a null pointer, and the system becomes unresponsive or crashes.

Prerequisites

Network access to the target Windows system on any port
No authentication required
System must be running one of the affected Windows versions

remotely exploitableno authentication requiredlow complexitydenial of service impact on critical systems

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (8)

8 with fix

ProductAffected VersionsFix Status

Windows Server 2025 (Server Core installation)All versionsBuild 10.0.26100.32860

Windows 11 Version 25H2 for ARM64-based SystemsAll versionsBuild 10.0.26200.8457

Windows 11 Version 25H2 for x64-based SystemsAll versionsBuild 10.0.26200.8457

Windows 11 Version 24H2 for ARM64-based SystemsAll versionsBuild 10.0.26100.8457

Windows 11 Version 24H2 for x64-based SystemsAll versionsBuild 10.0.26100.8457

Windows Server 2025All versionsBuild 10.0.26100.32860

Windows 11 version 26H1 for x64-based SystemsAll versionsBuild 10.0.28000.2113

Windows 11 Version 26H1 for ARM64-based SystemsAll versionsBuild 10.0.28000.2113

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

Windows Server 2025

HOTFIXApply the 2026-May Microsoft security update to all affected Windows Server 2025, Windows 11 24H2, Windows 11 25H2, and Windows 11 26H1 systems

CVEs (1)

CVE-2026-40405

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/378a78fa-5d3d-45b1-bb96-ee7cfd9937f7

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.