Microsoft confirms a critical-severity flaw in Windows kernel drivers enabling remote code execution. Unpatched systems face immediate compromise risks.
Microsoft warns attackers can hijack Windows systems through a critical kernel driver vulnerability. Tracked as CVE-2026-20824, this flaw permits unauthenticated remote code execution. Affected systems include Windows 10 versions 21H2 through 23H2 and Windows Server 2022. The CVSS 9.8 vulnerability stems from improper memory handling in the kernel's network stack. Attackers send specially crafted packets to trigger buffer overflows.
Exploitation grants SYSTEM-level privileges without user interaction. Compromised devices enable lateral network movement and data theft. Microsoft confirmed in-the-wild exploitation attempts before patching. All unpatched systems are vulnerable to complete takeover. The Security Update Guide lists affected builds in detail.
Mitigation requires immediate installation of July 2026 Patch Tuesday updates. Administrators should prioritize KB5028246 for client systems and KB5028247 for servers. Verify installation via winver command matching build 19045.4523 or higher. Network controls blocking SMBv3 unsolicited packets reduce risk temporarily. Full remediation necessitates patching.
Microsoft's advisory timeline shows internal discovery on May 12, 2026. Coordinated disclosure occurred July 9, 2026. The flaw bypasses standard user-account protections due to kernel-level access. Security teams must audit all Windows endpoints immediately. Use Microsoft's Security Update Guide for verification steps. Unsupported systems require upgrade paths.
Comments
Please log in or register to join the discussion