Latest News

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.

Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.

**Are there additional steps I need to take to be protected from this vulnerability?** Admins should take the following steps to be protected from CVE-2026-0386: 1. Audit existing WDS usage and identify hands-free deployments. 2. Opt in for protection by configuring the registry settings described in: Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance. This will provide immediate protection. This security protection will be enabled by default in a future security update release and no additional administrator action will be required. **How is Microsoft addressing this vulnerability?** To address this vulnerability, by default the hands-free deployment feature will not be supported beginning with a security update in a future release in mid-2026. **Why is the WDS Unattended Installation feature being deprecated?** The legacy WDS workflow transmits unattend.xml over unauthenticated RPC, exposing sensitive credentials during PXE boot. This creates a securi...

Exposure of sensitive information to an unauthorized actor in Windows Win32K - ICOMP allows an authorized attacker to disclose information locally.

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.