Windows SMB Client Elevation of Privilege Vulnerability

Plan PatchCVSS 7CVE-2026-40410May 12, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally. Exploitation is less likely at this time.

What this means

What could happen

A user with local access to a Windows system could exploit this vulnerability to run commands with higher privileges, potentially allowing them to modify process controls, access sensitive data, or reconfigure the system.

Who's at risk

This affects IT and OT staff who use Windows 10 or Windows 11 workstations, and Windows Server 2016 through 2025 systems that operate automation controllers, data acquisition systems, or historian servers. Servers running SCADA historian databases, HMIs, or engineering workstations are of particular concern in utility environments.

How it could be exploited

An attacker with a local user account on an affected Windows system could trigger a use-after-free condition in the SMB Client component to escalate their privileges from a regular user account to a higher privilege level, such as SYSTEM or Administrator.

Prerequisites

Local user account on the affected Windows system
Ability to interact with SMB Client functionality

Requires local user account accessLow complexity exploitationAffects Windows servers used in ICS environmentsNo active exploitation reported

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (27)

27 with fix

ProductAffected VersionsFix Status

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8755

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8755

Windows Server 2019All versionsBuild 10.0.17763.8755

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8755

Windows Server 2022All versionsBuild 10.0.20348.5139

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Windows Server 2019

HOTFIXPrioritize updates for Windows Server 2019, 2022, and 2025 systems that host critical services or data

All products

HOTFIXApply Microsoft's May 2026 security update to all affected Windows systems

Long-term hardening

0/2

HARDENINGRestrict local logon rights to Windows systems to only authorized personnel with business need

HARDENINGDisable SMB Client on systems that do not require it, particularly on servers in isolated networks

CVEs (1)

CVE-2026-40410

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/df75b9a7-b9e4-4544-aacc-4de1b7bd0222

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.