Skip to main content

Windows Telephony Service EUVDEUVD-2026-35728

| CVE-2026-42968 MEDIUM
Out-of-bounds Read (CWE-125)
2026-06-09 secure@microsoft.com GHSA-hjx2-grp5-hc9f
5.5
CVSS 3.1 · NVD
Temporal: 4.8
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CIRCL (temporal)
4.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 19:54 vuln.today
Patch available
Jun 09, 2026 - 19:03 EUVD
CVE Published
Jun 09, 2026 - 17:17 nvd
MEDIUM 5.5

DescriptionNVD

Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.

AnalysisAI

Out-of-bounds read in the Windows Telephony Service exposes sensitive memory contents to locally authenticated attackers across a broad range of Windows client and server versions. The flaw (CWE-125) is exploitable with only low privileges and no user interaction, yielding high confidentiality impact while leaving integrity and availability unaffected. No public exploit code or active exploitation has been identified; CISA's SSVC framework rates this as non-automatable with partial technical impact, placing it at medium operational priority.

Technical ContextAI

The Windows Telephony Service implements Microsoft's Telephony Application Programming Interface (TAPI), a subsystem enabling voice, data, and fax communications for applications. CWE-125 (Out-of-bounds Read) identifies the root cause as an improper bounds check during a memory read operation within the service - the code reads beyond the intended buffer boundary, returning data from adjacent memory regions. The CVSS vector AV:L/AC:L/PR:L/UI:N indicates the vulnerable code path is accessible to standard, low-privilege local users interacting with the telephony service API without requiring elevated rights. Notably, the source data includes a 'Buffer Overflow' tag; this appears to be a loose categorization, as the authoritative CWE-125 classifies this as an out-of-bounds read rather than a write - a meaningful distinction since reads disclose memory rather than corrupt it. Affected CPE strings span Windows builds from 6.2.9200 (Server 2012) through 10.0.28000 (Windows 11 26H1), confirming the vulnerability is present across many generations of the Windows codebase.

RemediationAI

Apply the Microsoft security update for each affected Windows version as documented in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42968. Per EUVD-2026-35728 version range data, the minimum fixed builds are: Windows Server 2012 to 6.2.9200.26132, Windows Server 2012 R2 to 6.3.9600.23228, Windows Server 2016 and Windows 10 1607 to 10.0.14393.9234, Windows Server 2019 and Windows 10 1809 to 10.0.17763.8880, Windows Server 2022 to 10.0.20348.5256, Windows 10 21H2 to 10.0.19044.7417, Windows 10 22H2 to 10.0.19045.7417, Windows 11 23H2 to 10.0.22631.7219, Windows 11 24H2 and Windows Server 2025 to 10.0.26100.8655 (client) and 10.0.26100.32995 (server), Windows 11 25H2 to 10.0.26200.8655, and Windows 11 26H1 to 10.0.28000.2269. Where immediate patching is not feasible, a targeted compensating control is to disable the Windows Telephony Service (tapisrv) on systems that do not require TAPI functionality - this can be done via Services MMC or 'sc config tapisrv start= disabled' followed by a service stop. Trade-off: disabling tapisrv will break any application relying on TAPI for voice, modem, or fax communication. Additionally, restricting local interactive logon rights on sensitive systems to minimize the pool of users who could trigger the vulnerable code path reduces exposure without functional impact.

Share

EUVD-2026-35728 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy