OTPulse

Windows TCP/IP Information Disclosure Vulnerability

Plan PatchCVSS 7.5CVE-2026-40406May 12, 2026
Microsoft
IT in OT - Windows Server and Active Directory are widely deployed in OT environments
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A use-after-free vulnerability in Windows TCP/IP allows an unauthenticated attacker to disclose information over a network by sending specially crafted network packets. The flaw affects Windows 10 (multiple versions and architectures), Windows 11 (multiple versions and architectures), Windows Server 2016, 2019, 2022, and 2025. Microsoft has released fixes in the May 2026 security update with specific build numbers for each affected version.

What this means
What could happen
An attacker could send specially crafted network packets to Windows TCP/IP to leak sensitive information from system memory over the network, potentially exposing credentials, configuration details, or other operational data.
Who's at risk
Any organization running Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 23H2, 24H2, 25H2, 26H1), Windows Server 2016, 2019, 2022, or 2025 is affected. This includes SCADA servers, historian databases, engineering workstations, and any Windows-based HMI or data acquisition systems connected to your network.
How it could be exploited
An attacker on the same network or with routing access sends a malformed TCP/IP packet to the target Windows system. The use-after-free flaw in the TCP/IP stack processes the packet, causing it to read freed memory and return that data in the response packet, which the attacker can capture and analyze.
Prerequisites
  • Network access to the Windows system (same network segment or internet-routable)
  • No authentication required
  • No user interaction required
remotely exploitableno authentication requiredlow complexityaffects information disclosure (credentials or sensitive data)patches available but not yet deployed
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (27)
27 with fix
ProductAffected VersionsFix Status
Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8755
Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8755
Windows Server 2019All versionsBuild 10.0.17763.8755
Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8755
Windows Server 2022All versionsBuild 10.0.20348.5139
Remediation & Mitigation
0/3
Do now
0/2
WORKAROUNDIf immediate patching is not possible, restrict network access to Windows systems from untrusted networks using firewall rules on network perimeter and host firewalls
HARDENINGMonitor network traffic for anomalous TCP/IP packets or unusual connection patterns to sensitive Windows systems while awaiting patch deployment
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

Windows Server 2019
HOTFIXApply Microsoft's May 2026 security update to Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, or Windows Server 2025 (update build numbers by version listed above)
View full vendor advisory
API: /api/v1/advisories/6b3ae06f-a14a-4518-8f99-033b3dfdac17

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.