CVE-2026-42982 – Windows Secure Kernel Mode Elevation of Privilege Vulnerability
“A low-privileged account should never become the starting point for complete system control.”
An improper input validation vulnerability in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. By exploiting insufficient validation of input consistency, an attacker with low privileges can gain SYSTEM privileges, enabling full control of the affected device. Although the attack requires local access, successful exploitation can significantly increase the impact of an initial compromise and provide attackers with unrestricted access to system resources.
CVSS Score: 7.8
SEVERITY: Critical
THREAT:
This vulnerability affects Windows Secure Kernel Mode and is caused by improper validation of consistency within input. An attacker with low privileges who gains local access to a vulnerable system can exploit the flaw to elevate privileges to SYSTEM, allowing them to bypass security controls, execute malicious code with maximum privileges, and take complete control of the operating system.
EXPLOITS:
At the time of publication, the vulnerability was not publicly disclosed and was not being actively exploited. Microsoft assesses exploitation as Less Likely. The CVSS v3.1 temporal metrics indicate Exploit Code Maturity: Unproven, and no confirmed public proof-of-concept exploit code is available.
TECHNICAL SUMMARY:
The vulnerability is caused by improper validation of consistency within input (CWE-1288) in Windows Secure Kernel Mode. Insufficient validation of input allows an authenticated attacker with low privileges to manipulate the kernel into performing unintended operations, resulting in privilege escalation. According to the CVSS v3.1 metrics, exploitation requires a local attack vector, low attack complexity, low privileges, no user interaction, and can result in complete compromise of confidentiality, integrity, and availability. Microsoft states that successful exploitation can grant SYSTEM privileges.
EXPLOITABILITY:
Affected products include Windows 10 versions 1607, 1809, 21H2, and 22H2, Windows 11 versions 23H2, 24H2, 25H2, and 26H1, and Windows Server 2016, 2019, 2022, and 2025, including Server Core installations where listed. Exploitation requires local access and low privileges. No user interaction is required.
BUSINESS IMPACT:
Privilege escalation vulnerabilities are commonly used after attackers obtain an initial foothold on a system. Gaining SYSTEM privileges enables attackers to disable security tools, deploy ransomware, access sensitive information, establish persistence, and move laterally across the network. Even without public exploitation, the potential impact on enterprise environments is significant.
WORKAROUND:
No mitigations or workarounds are available. Organizations should apply the appropriate security updates to affected systems.
URGENCY:
This vulnerability should be addressed promptly because it is rated Critical and allows an attacker with low privileges to obtain SYSTEM privileges. Although Microsoft currently assesses exploitation as less likely, successful exploitation can completely compromise an affected system and facilitate broader attacks across the environment.
Key Details
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-1288