Windows Kernel Elevation of Privilege Vulnerability

Plan PatchCVSS 7CVE-2026-45653Jun 9, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

Use after free vulnerability in Windows Kernel allows an authorized attacker with local access to elevate privileges to system level. Affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 23H2, 24H2, 25H2, 26H1), Windows Server 2016, 2019, 2022, and 2025.

What this means

What could happen

An authorized user or service account on a Windows system could escalate their privileges to system level, allowing them to take full control of the computer, modify industrial automation software, or alter system configurations critical to facility operations.

Who's at risk

Any organization running Windows 10 or Windows Server 2016 through Windows 11 or Windows Server 2025 as engineering workstations, historian servers, HMI/SCADA frontends, or supervisory systems. Also affects any Windows-based industrial automation software platforms that rely on kernel-level operations.

How it could be exploited

An attacker with a valid user account on a Windows computer runs a crafted program that triggers the use-after-free flaw in the kernel, gaining system-level permissions without needing administrator credentials.

Prerequisites

Valid local user account on the affected Windows system
Ability to execute programs locally
Physical or remote desktop access to the system

requires local accessrequires valid user credentialslow attack complexityaffects IT/OT hybrid systems where Windows controls industrial processes

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (26)

26 with fix

ProductAffected VersionsFix Status

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8880

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8880

Windows Server 2019All versionsBuild 10.0.17763.8880

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8880

Windows Server 2022All versionsBuild 10.0.20348.5256

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply the June 2026 Windows security update from Microsoft Update or Windows Update

CVEs (1)

CVE-2026-45653

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/34793070-960d-4cf4-bf51-1c93edf41c06

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.