Windows TCP/IP Denial of Service Vulnerability

Plan PatchCVSS 7.4CVE-2026-40414May 12, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A null pointer dereference vulnerability in the Windows TCP/IP stack allows an attacker on an adjacent network to cause a denial of service (system crash or unresponsiveness) by sending specially crafted TCP/IP packets. The attack requires no authentication or user interaction and affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (all recent versions), Windows Server 2016, 2019, 2022, and 2025.

What this means

What could happen

An attacker on the local network could cause a Windows system to become unresponsive by sending malformed TCP/IP packets, interrupting communications with critical equipment like HMIs, gateways, or monitoring systems.

Who's at risk

Any OT facility running Windows-based systems is affected, particularly those using Windows Server 2016, 2019, 2022, or 2025 as: • HMI servers or engineering workstations • Data historians or time-series databases • OPC servers connecting field equipment to control systems • Remote access gateways or demilitarized zone (DMZ) hosts • Process monitoring or SCADA middleware systems Windows 10 end-user devices on the OT network are also at risk.

How it could be exploited

An attacker with access to the local network segment (same switch or VLAN) sends crafted TCP/IP packets to a vulnerable Windows system. The packets trigger a null pointer dereference in the TCP/IP stack, causing the system to crash or become unresponsive. No authentication or user interaction is required.

Prerequisites

Network access to the same local network segment (adjacent network)
No credentials or authentication required
Ability to send specially crafted TCP/IP packets

remotely exploitableno authentication requiredlow complexityaffects availability of critical systemsrequires local network access but not internet routing

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (21)

21 with fix

ProductAffected VersionsFix Status

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8755

Windows Server 2019All versionsBuild 10.0.17763.8755

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8755

Windows Server 2022All versionsBuild 10.0.20348.5139

Windows Server 2022 (Server Core installation)All versionsBuild 10.0.20348.5139

Remediation & Mitigation

0/7

Do now

0/1

HARDENINGRestrict network access to OT systems running affected Windows versions—use network switches or firewalls to limit connections from untrusted network segments to only necessary ports and services

Schedule — requires maintenance window

0/6

Patching may require device reboot — plan for process interruption

Windows Server 2019

HOTFIXUpdate Windows Server 2019 to Build 10.0.17763.8755 or later

Windows Server 2022

HOTFIXUpdate Windows Server 2022 to Build 10.0.20348.5139 or later

All products

HOTFIXUpdate Windows 10 Version 1809 x64 to Build 10.0.17763.8755 or later

HOTFIXUpdate Windows 10 Version 21H2 x64 to Build 10.0.19044.7291 or later

HOTFIXUpdate Windows 10 Version 22H2 x64 to Build 10.0.19045.7291 or later

HOTFIXUpdate Windows 11 all versions to latest available build

CVEs (1)

CVE-2026-40414

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4f439366-67ab-4b2d-9528-007d080aa780

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.