Skip to main content

Windows Kernel CVE-2026-42984

| EUVDEUVD-2026-35734 HIGH
Use After Free (CWE-416)
2026-06-09 secure@microsoft.com GHSA-q49g-3g5j-2vj8
7.0
CVSS 3.1 · NVD
Temporal: 6.1
Share

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.1 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 18:42 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.0

DescriptionNVD

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Microsoft Windows Kernel allows an authorized low-privileged attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 (High) rating with high attack complexity, and Microsoft has released a patch via MSRC; no public exploit identified at time of analysis. Successful exploitation breaks the local Windows security boundary, enabling full host compromise from any authenticated session.

Technical ContextAI

The vulnerability resides in the Windows NT kernel, the privileged core of the Windows operating system that manages memory, scheduling, and hardware abstraction. The root cause is CWE-416 (Use After Free), a memory-corruption class in which a kernel object is dereferenced after its backing memory has been freed and potentially reallocated for attacker-controlled data, allowing the attacker to redirect execution or corrupt adjacent kernel structures. Because the bug lives in ring-0 code, successful manipulation of the dangling pointer can lead to arbitrary kernel-mode code execution and bypass of user/kernel privilege boundaries. The vuldb tag set also notes denial-of-service as a secondary impact, consistent with kernel memory corruption that may simply crash the host (bugcheck) when exploitation fails.

RemediationAI

Apply the Microsoft-released patch published through the MSRC update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42984 by deploying the monthly cumulative security update (KB) for each affected Windows version via Windows Update, WSUS, Intune, or SCCM; this is the only complete fix. Where immediate patching is not feasible, reduce risk by restricting interactive and remote (RDP, WinRM) logon to trusted administrative accounts, enforcing least-privilege so standard users cannot run arbitrary code, enabling Windows Defender Application Control or AppLocker to constrain untrusted binaries that could host exploit code, and turning on Hypervisor-Protected Code Integrity (HVCI) / Virtualization-Based Security where supported to raise the bar for kernel memory corruption - noting that HVCI may impact older drivers and that aggressive WDAC policies can break legitimate workflows. There is no documented configuration-only workaround for the underlying kernel UAF, so these controls are mitigations, not substitutes for the patch.

Share

CVE-2026-42984 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy