Windows Kernel Elevation of Privilege Vulnerability

Plan PatchCVSS 7.8CVE-2026-48583Jun 9, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A use-after-free memory vulnerability in the Windows Kernel allows an authorized local user to escalate their privileges to system/administrator level. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 23H2, 24H2, 25H2, 26H1), Windows Server 2016, 2019, 2022, and 2025 across 32-bit, x64, and ARM64 architectures. Microsoft has released fixes in the June 2026 security update.

What this means

What could happen

An attacker with a local user account on a Windows machine could exploit a memory error in the kernel to gain administrative privileges, allowing them to run arbitrary commands and bypass all security controls on that device.

Who's at risk

Organizations running Windows 10, Windows 11, Windows Server 2016, 2019, 2022, or 2025 should prioritize patching. This affects all standard office workstations, engineering workstations used for HMI/SCADA engineering, and server infrastructure. In OT environments, this is critical for any Windows-based engineering stations, historian servers, or administrative machines that interface with control systems.

How it could be exploited

An attacker must first have a valid user account and local login access to the Windows machine. They would then execute code that triggers the use-after-free vulnerability in the kernel memory management, escalating their privileges from user to system/administrator level.

Prerequisites

Valid local user account on the Windows system
Local code execution capability or interactive login access
Running a vulnerable version of Windows kernel

Low complexity exploitationLocal authentication requiredAffects Windows servers commonly used in OT infrastructurePrivilege escalation to full system control

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (26)

26 with fix

ProductAffected VersionsFix Status

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8880

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8880

Windows Server 2019All versionsBuild 10.0.17763.8880

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8880

Windows Server 2022All versionsBuild 10.0.20348.5256

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDIf immediate patching is not possible, restrict local user accounts and limit interactive login access to trusted administrators only

HARDENINGEnsure antivirus and endpoint detection are enabled to monitor for suspicious privilege escalation attempts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply the June 2026 Windows security update for your version of Windows (listed versions above with corresponding build numbers)

CVEs (1)

CVE-2026-48583

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9de6dc5c-e392-44b4-b92d-ff832600bdea

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.