Skip to main content

Windows Deployment Services EUVDEUVD-2026-35757

| CVE-2026-42987 HIGH
Use After Free (CWE-416)
2026-06-09 secure@microsoft.com GHSA-9wx6-gp73-qg3j
8.1
CVSS 3.1 · NVD
Temporal: 7.1
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
7.1 HIGH
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 18:44 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 8.1

DescriptionNVD

Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.

AnalysisAI

Remote code execution in Microsoft Windows Deployment Services (WDS) allows unauthenticated network-based attackers to execute arbitrary code by exploiting a use-after-free memory corruption flaw (CWE-416). The CVSS 8.1 score reflects high impact on confidentiality, integrity, and availability, though exploit complexity is rated High. No public exploit identified at time of analysis, and SSVC marks exploitation status as none with the flaw classified as not automatable.

Technical ContextAI

Windows Deployment Services is a Microsoft Windows Server role used to network-deploy Windows operating systems via PXE boot, typically in enterprise imaging and provisioning workflows. The underlying defect is a use-after-free (CWE-416), a memory-safety bug where freed heap memory is dereferenced again, enabling attackers to corrupt allocator metadata, hijack object virtual function pointers, or otherwise redirect control flow. Because WDS exposes network-facing services (TFTP and related WDS protocols) to facilitate boot and image transfer, the vulnerable code path is reachable by remote unauthenticated peers on the same network segment as the WDS server.

RemediationAI

Apply the vendor-released patch from Microsoft per the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42987, following the monthly Patch Tuesday update channel for the affected Windows Server SKUs running the WDS role. If patching must be deferred, the most effective compensating control is to restrict network reachability of the WDS server: block inbound TFTP (UDP/69) and WDS-related ports at the network boundary so only trusted imaging VLANs can reach the service, accepting that this will break PXE deployments outside those segments. Where WDS is not in active use, stop and disable the WDSServer service (Windows Deployment Services role) - a zero-side-effect mitigation for sites that no longer rely on WDS-based imaging. Additional advisory context is available at https://vuldb.com/vuln/369633.

Share

EUVD-2026-35757 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy