CVE-2026-40401 - Windows TCP/IP Null Pointer Dereference Denial of Service

CVE-2026-40401 is a vulnerability affecting Windows TCP/IP, stemming from a null pointer dereference. This flaw allows an unauthorized, local attacker to trigger a denial-of-service (DoS) condition on the targeted system. The vulnerability was published by Microsoft and assigned a CVSS v3.1 base score of 7.1. An attacker leveraging this vulnerability could potentially disrupt network services and impact the availability of the system. The vulnerability requires local access and does not need user interaction to trigger the denial of service.

Attack Chain

1. The attacker gains local access to the targeted Windows system.
2. The attacker crafts a specific TCP/IP packet or network request.
3. The crafted packet triggers a null pointer dereference within the Windows TCP/IP stack.
4. The null pointer dereference causes the TCP/IP service to crash.
5. The crash disrupts network connectivity and related services.
6. The system experiences a denial-of-service condition, impacting availability.

Impact

Successful exploitation of CVE-2026-40401 can lead to a denial-of-service condition on the targeted Windows system. This disruption impacts network services, potentially affecting other applications and users relying on network connectivity. The impact is limited to local denial of service.

Recommendation

• Apply the security update provided by Microsoft to patch CVE-2026-40401 as soon as possible (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40401).
• Monitor systems for unexpected TCP/IP service crashes using the provided Sigma rules.