Windows Kernel Remote Code Execution Vulnerability

Act NowCVSS 9.8CVE-2026-45657Jun 9, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A use-after-free vulnerability in the Windows Kernel allows an unauthorized attacker to execute arbitrary code over a network without authentication. The flaw affects Windows Server 2022, 2025, and Windows 11 (versions 23H2, 24H2, 25H2, and 26H1) on both x64 and ARM64 architectures. Exploitation is assessed as less likely but the vulnerability carries critical severity due to the potential for complete system compromise.

What this means

What could happen

An attacker could exploit a use-after-free flaw in the Windows Kernel to remotely execute arbitrary code with kernel-level privileges, potentially allowing them to take full control of the system and access or manipulate any data or process running on it.

Who's at risk

Any organization running Windows Server 2022, 2025, or Windows 11 systems, particularly those used as domain controllers, file servers, application servers, or remote access gateways in water utilities, electrical utilities, and other critical infrastructure. This affects both standard and Server Core installations across x64 and ARM64 architectures.

How it could be exploited

An attacker with network access sends a specially crafted packet or request to the vulnerable Windows system. The kernel process the malicious input, triggering a use-after-free condition that allows the attacker to execute arbitrary code at kernel privilege level without authentication.

Prerequisites

Network connectivity to the affected Windows system
No authentication or valid user credentials required

Remotely exploitableNo authentication requiredLow complexity attackCritical severity (CVSS 9.8)Affects kernel-level code execution

Exploitability

Likely to be exploited — EPSS score 15.5%

Affected products (12)

12 with fix

ProductAffected VersionsFix Status

Windows Server 2022All versionsBuild 10.0.20348.5256

Windows Server 2022 (Server Core installation)All versionsBuild 10.0.20348.5256

Windows Server 2025 (Server Core installation)All versionsBuild 10.0.26100.32995

Windows 11 Version 25H2 for ARM64-based SystemsAll versionsBuild 10.0.26200.8655

Windows 11 Version 25H2 for x64-based SystemsAll versionsBuild 10.0.26200.8655

Windows 11 Version 23H2 for ARM64-based SystemsAll versionsBuild 10.0.22631.7219

Windows 11 Version 23H2 for x64-based SystemsAll versionsBuild 10.0.22631.7219

Windows 11 Version 24H2 for ARM64-based SystemsAll versionsBuild 10.0.26100.8655

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGPrioritize patching systems that are exposed to untrusted networks or internet-facing

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

Windows Server 2022

HOTFIXApply the 2026-Jun Windows security update to all affected Windows Server 2022, 2025, and Windows 11 systems

Long-term hardening

0/1

HARDENINGImplement network segmentation to restrict access to critical Windows systems to only trusted administrative networks

CVEs (1)

CVE-2026-45657

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/293bb1fc-8add-45c0-882c-f4ead5c78fdb

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.