#Windows Deployment Services

**Are there additional steps I need to take to be protected from this vulnerability?** Admins should take the following steps to be protected from CVE-2026-0386: 1. Audit existing WDS usage and identify hands-free deployments. 2. Opt in for protection by configuring the registry settings described in: Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance. This will provide immediate protection. This security protection will be enabled by default in a future security update release and no additional administrator action will be required. **How is Microsoft addressing this vulnerability?** To address this vulnerability, by default the hands-free deployment feature will not be supported beginning with a security update in a future release in mid-2026. **Why is the WDS Unattended Installation feature being deprecated?** The legacy WDS workflow transmits unattend.xml over unauthenticated RPC, exposing sensitive credentials during PXE boot. This creates a securi...

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** For an attacker to exploit this vulnerability, they would need to have knowledge of a specific operation that triggers a memory allocation failure, specifically a use after free.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

**How can attacker successfully exploit this vulnerability?** An attacker with user permissions could alter specific variables in the CNTCIR Packet of the WDSMA protocol in order to exploit this vulnerability. For more information about CNTCIR Packet see CNTCIR Packet.

**How can attacker successfully exploit this vulnerability?** An attacker with user permissions could alter specific variables in the CNTCIR Packet of the WDSMA protocol in order to exploit this vulnerability. For more information about CNTCIR Packet see CNTCIR Packet.