Skip to main content

Windows Kernel CVE-2026-45657

| EUVDEUVD-2026-35697 CRITICAL
Heap-based Buffer Overflow (CWE-122)
2026-06-09 secure@microsoft.com GHSA-3r8r-9cjm-whj4
9.8
CVSS 3.1 · NVD
Temporal: 8.5
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
8.5 HIGH
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 17:59 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
CRITICAL 9.8

DescriptionNVD

Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.

AnalysisAI

Remote code execution in the Windows Kernel allows unauthenticated network attackers to execute arbitrary code by triggering a use-after-free condition (CWE-122 heap-related memory corruption). The flaw was reported by Microsoft (secure@microsoft.com) and carries a critical CVSS 9.8 with no public exploit identified at time of analysis. Tag metadata indicates the bug can also be leveraged for heap overflow and denial-of-service outcomes.

Technical ContextAI

The vulnerability resides in the Windows Kernel, the privileged core of the Microsoft Windows operating system responsible for memory management, process scheduling, device I/O, and network stack handling. The root cause is classified as CWE-122 (Heap-based Buffer Overflow), and the description specifies a use-after-free pattern - meaning kernel code continues to dereference a pointer to a heap object after that object has been freed, allowing an attacker who can influence the reallocation of that heap chunk to corrupt adjacent kernel structures or hijack control flow. Because the issue is reachable 'over a network,' the affected code path almost certainly lives in a network-facing kernel component (for example a kernel-mode protocol handler such as SMB, RPC, HTTP.sys, or a similar driver) rather than in user-mode services. No specific CPE strings were provided in the input.

RemediationAI

Apply Microsoft's monthly security update that addresses CVE-2026-45657 as soon as it is published; the authoritative patch matrix and exact KB article numbers per Windows SKU are listed at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657. Patch available per vendor advisory; specific fixed build numbers were not provided in the input and must be taken from the MSRC page. Until patching is complete, restrict exposure of network-facing Windows kernel services by blocking inbound traffic to commonly abused kernel-handled ports (SMB 445, RPC 135, and any HTTP.sys-bound listeners) at the perimeter and host firewall, segment Windows hosts so workstations and servers are not reachable from untrusted networks, and prioritize patching of internet-exposed and domain-controller systems first. Note that blocking SMB/RPC will break file sharing, Active Directory replication, and remote management workflows, so workarounds should be treated as short-term compensating controls rather than substitutes for the update.

Share

CVE-2026-45657 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy