Description
Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A type‑confusion flaw in certain Windows kernel‑mode drivers allows a component to treat a memory buffer as a different object type. An attacker who can supply crafted input to the driver can cause the kernel to execute unintended operations, enabling the attacker to run code with elevated system privileges.

Affected Systems

This flaw affects Microsoft Windows 11 24H2, 25H2, 26H1 (both ARM64 and x64) and Windows Server 2025, including Server Core installations. The vulnerability is exploitable by a locally authenticated user with write access to the affected driver.

Risk and Exploitability

The CVSS score of 7.8 classifies this vulnerability as high severity. EPSS data is not available, and the flaw is not listed in CISA’s KEV catalog, indicating that no widespread, publicly known exploits have been observed. Nevertheless, the attack requires local, authorized access and leads to full kernel‑privilege escalation, making it a significant risk for organizations that have not applied the Microsoft update.

Generated by OpenCVE AI on June 9, 2026 at 20:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update that addresses CVE‑2026‑45600 as soon as it is released.
  • Ensure all relevant cumulative updates for Windows 11 24H2/25H2/26H1 and Windows Server 2025 are installed.
  • Implement least‑privilege policies and limit local administrator rights, disable unnecessary services, and monitor for anomalous kernel activity.

Generated by OpenCVE AI on June 9, 2026 at 20:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025 (server Core Installation)
Vendors & Products Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025 (server Core Installation)

Tue, 09 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
Title Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025
Weaknesses CWE-843
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows 11 26h1 Windows 11 26h1 Windows Server 2025 Windows Server 2025 (server Core Installation)
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-10T03:56:01.724Z

Reserved: 2026-05-12T19:55:45.730Z

Link: CVE-2026-45600

cve-icon Vulnrichment

Updated: 2026-06-09T17:50:45.968Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:28.407

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-45600

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T11:00:14Z

Weaknesses