#auth

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally.

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.

Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.

**Are there additional steps I need to take to be protected from this vulnerability?** Admins should take the following steps to be protected from CVE-2026-0386: 1. Audit existing WDS usage and identify hands-free deployments. 2. Opt in for protection by configuring the registry settings described in: Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance. This will provide immediate protection. This security protection will be enabled by default in a future security update release and no additional administrator action will be required. **How is Microsoft addressing this vulnerability?** To address this vulnerability, by default the hands-free deployment feature will not be supported beginning with a security update in a future release in mid-2026. **Why is the WDS Unattended Installation feature being deprecated?** The legacy WDS workflow transmits unattend.xml over unauthenticated RPC, exposing sensitive credentials during PXE boot. This creates a securi...

Exposure of sensitive information to an unauthorized actor in Windows Win32K - ICOMP allows an authorized attacker to disclose information locally.

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally.