Skip to main content

Windows Kernel-Mode Drivers CVE-2026-45600

| EUVDEUVD-2026-35561 HIGH
Access of Resource Using Incompatible Type (Type Confusion) (CWE-843)
2026-06-09 secure@microsoft.com GHSA-672h-59xc-v8h6
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 18:11 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionNVD

Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Microsoft Windows Kernel-Mode Drivers allows an authenticated low-privileged user to elevate to SYSTEM via a type confusion (CWE-843) flaw. The vulnerability carries a CVSS 7.8 (High) with low attack complexity and no user interaction once local access is obtained, though no public exploit identified at time of analysis. Reported by Microsoft's MSRC, this fits the recurring pattern of Windows kernel driver EoP bugs frequently abused in post-compromise stages.

Technical ContextAI

The flaw resides in Windows Kernel-Mode Drivers, which run in ring 0 and have unrestricted access to system memory and hardware. CWE-843 (Access of Resource Using Incompatible Type, or 'type confusion') occurs when code allocates or accesses an object as one type but the underlying memory is actually a different type - leading to out-of-bounds reads/writes, corrupted vtables, or attacker-controlled function pointers. In kernel context, successful exploitation typically results in arbitrary kernel memory write primitives that can be turned into SYSTEM-level token replacement. The 'Memory Corruption' and 'Information Disclosure' tags suggest the bug can be leveraged both to leak kernel addresses (defeating KASLR) and to corrupt kernel structures.

RemediationAI

Patch available per vendor advisory - apply the Microsoft security update published in the MSRC entry at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45600 as part of the corresponding Patch Tuesday cycle; exact KB numbers per Windows build should be retrieved from that advisory since they are not included in the provided data. Because exploitation requires local authenticated access, compensating controls while patching include restricting interactive and RDP logon rights to trusted administrators, enforcing application allowlisting (WDAC or AppLocker) to block unknown user-mode exploit binaries, enabling Hypervisor-Protected Code Integrity (HVCI) which raises the bar for kernel type-confusion exploitation by enforcing kernel code integrity (trade-off: incompatible with some older third-party drivers), and monitoring EDR telemetry for suspicious token-stealing or kernel memory access patterns. There is no documented configuration-level workaround that removes the vulnerable driver without functional loss.

Share

CVE-2026-45600 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy