Skip to main content

Windows Hotpatch CVE-2026-42910

| EUVDEUVD-2026-35576 HIGH
Out-of-bounds Write (CWE-787)
2026-06-09 secure@microsoft.com GHSA-gv67-34rh-v566
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 17:42 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionNVD

Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in the Windows Hotpatch Monitoring Service enables an authenticated low-privileged attacker to gain elevated privileges through an out-of-bounds write (CWE-787) memory corruption flaw. The CVSS 7.8 (AV:L/AC:L/PR:L) reflects local attack vector with low complexity once a foothold is obtained, and no public exploit identified at time of analysis. The vulnerability was reported by Microsoft's own security team (secure@microsoft.com), suggesting internal discovery prior to disclosure.

Technical ContextAI

The Windows Hotpatch Monitoring Service is part of Microsoft's Hotpatch infrastructure that enables applying security updates to running processes without requiring a system restart, primarily used in Azure and Windows Server environments. The root cause is CWE-787 (Out-of-bounds Write), a memory safety flaw where the service writes data past the boundaries of an allocated buffer - typically corrupting adjacent memory structures such as function pointers, return addresses, or object headers. Because the Hotpatch service runs with elevated system privileges to manage kernel and user-mode patching operations, corruption of its memory space provides a direct path to privilege elevation. The 'Buffer Overflow, Memory Corruption' tags reinforce that this is a classic memory-safety defect rather than a logic flaw.

RemediationAI

Apply the Microsoft security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42910 as the primary remediation - patch available per vendor advisory, with exact build numbers to be retrieved from the MSRC update guide per affected Windows Server / Azure SKU. Because the attack requires local low-privileged access, defenders without an immediate patch window should harden local access controls: restrict interactive and remote PowerShell/RDP logon to Hotpatch-enabled hosts to administrators only, enforce LAPS-managed local accounts, and monitor for unexpected child processes spawned by the Hotpatch service (trade-off: tighter access controls may break automation accounts that rely on low-privilege local logon). If Hotpatch is not actively required, disabling the feature and reverting to scheduled-restart patching removes the attack surface entirely at the cost of patch-induced downtime.

Share

CVE-2026-42910 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy