windows tcp/ip

Microsoft disclosed CVE-2026-40413, a Windows TCP/IP denial-of-service vulnerability, in its May 12, 2026 Patch Tuesday release, rating it Important with a CVSS base score of 7.4 and listing no known public disclosure or exploitation at release. The dry wording hides the real operational point...

Microsoft disclosed CVE-2026-40401 on May 12, 2026, as an Important-rated Windows TCP/IP denial-of-service vulnerability caused by a null pointer dereference, affecting supported Windows client and server releases and remediated through the May 2026 security updates. The interesting part is not...

Microsoft disclosed CVE-2026-40405 on May 12, 2026, as an Important-rated Windows TCP/IP denial-of-service vulnerability caused by a null pointer dereference that lets an unauthenticated attacker deny service over the network on affected Windows 11 and Windows Server 2025 systems. The...

On May 12, 2026, Microsoft’s Security Response Center entry for CVE-2026-40406 identified the issue as a Windows TCP/IP information disclosure vulnerability, placing it in one of the operating system’s most consequential code paths: the network stack. The advisory’s most important signal is not...

Microsoft published CVE-2026-40399 on May 12, 2026, as an Important-rated Windows TCP/IP elevation-of-privilege vulnerability caused by a stack-based buffer overflow that lets a locally authorized attacker gain SYSTEM privileges after applying pressure to the vulnerable component. The phrase...

Microsoft published CVE-2026-34351 on May 12, 2026, describing an Important-rated Windows TCP/IP elevation-of-privilege flaw caused by a race condition that can let an authenticated local attacker gain SYSTEM privileges after applying the right exploit path. The vulnerability is not described as...