Windows TCP/IP Denial of Service Vulnerability

Plan PatchCVSS 7.4CVE-2026-40413May 12, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A null pointer dereference in Windows TCP/IP allows an unauthorized attacker on the same local network to send crafted packets that crash the TCP/IP stack, denying service to the affected system. All Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and 2025 editions are affected.

What this means

What could happen

An attacker on your local network (Ethernet, WiFi) can crash the TCP/IP stack on Windows servers and workstations, causing them to become unresponsive and interrupting services or communications.

Who's at risk

Any organization running Windows 10, Windows 11, Windows Server 2016, 2019, 2022, or 2025 is affected. This includes HMI/SCADA workstations, engineering stations, and servers that host monitoring or control software in industrial environments.

How it could be exploited

An attacker with access to your local network segment sends specially crafted TCP/IP packets to trigger a null pointer dereference in the Windows TCP/IP driver. The system crashes and requires manual restart to restore service.

Prerequisites

Attacker must be on the same local network segment (adjacent network)
No authentication or credentials required
No user interaction needed

Remotely exploitable (via adjacent network)No authentication requiredLow attack complexityAffects availability of critical systemsImpacts Windows-based OT network infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (21)

21 with fix

ProductAffected VersionsFix Status

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8755

Windows Server 2019All versionsBuild 10.0.17763.8755

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8755

Windows Server 2022All versionsBuild 10.0.20348.5139

Windows Server 2022 (Server Core installation)All versionsBuild 10.0.20348.5139

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply May 2026 Windows security update to all affected servers and workstations

Long-term hardening

0/2

HARDENINGRestrict network access to your servers and workstations from trusted network segments only using firewall or network segmentation

HARDENINGEnable network access control (NAC) or 802.1X on switches to prevent unauthorized devices from connecting to your LAN

CVEs (1)

CVE-2026-40413

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/829a4273-e50d-4014-887b-75aa08cb8667

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.