Skip to main content

Windows NT Kernel CVE-2026-42980

| EUVDEUVD-2026-35598 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-06-09 secure@microsoft.com GHSA-jh49-99q5-mwf2
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 18:40 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionNVD

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged attacker to elevate to SYSTEM by triggering an integer underflow condition. With a CVSS of 7.8 and no public exploit identified at time of analysis, this issue is primarily a post-compromise escalation vector commonly chained after initial access via phishing or commodity malware. Microsoft has released a patch through MSRC, and given Windows kernel EoP bugs are frequently weaponized by ransomware and APT actors historically, prompt patching is warranted despite the absence of confirmed in-the-wild exploitation.

Technical ContextAI

The vulnerability resides in the Windows NT OS Kernel - the core ring-0 component (ntoskrnl.exe) responsible for memory management, process scheduling, and system call handling. The root cause is CWE-122 (Heap-based Buffer Overflow), here triggered through an integer underflow/wraparound: an arithmetic operation on an unsigned value produces a value larger than expected, which is then used as a size or index for a heap allocation or copy, resulting in out-of-bounds writes within kernel pool memory. The 'Buffer Overflow, Heap Overflow' tags confirm the bug manifests as a heap corruption primitive in kernel space, which when exploited successfully grants attackers arbitrary kernel read/write and full SYSTEM privileges. Specific affected Windows builds are not enumerated in the available data and must be retrieved from MSRC.

RemediationAI

Apply the Microsoft-released security update referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42980 - patch available per vendor advisory, though the specific KB number and exact fixed kernel build are not enumerated in the input data and must be retrieved from MSRC for each affected Windows SKU. Prioritize patching multi-user systems, terminal servers, VDI hosts, and developer workstations where untrusted local code is most likely to execute. Until patching is complete, compensating controls include restricting local logon rights to trusted accounts via Group Policy (User Rights Assignment), enforcing application allowlisting through Windows Defender Application Control or AppLocker to prevent unsigned attacker binaries from running, and enabling Microsoft Defender for Endpoint with attack surface reduction rules to detect post-exploitation kernel-mode behavior - noting that AppLocker bypasses are well-known and these controls only raise the bar rather than eliminate the vector.

Share

CVE-2026-42980 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy