{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/microsoft-corporation/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-40369"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Windows Kernel"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","windows-kernel","cve"],"_cs_type":"advisory","_cs_vendors":["Microsoft Corporation"],"content_html":"\u003cp\u003eCVE-2026-40369 is a privilege escalation vulnerability affecting the Windows Kernel. Disclosed on May 12, 2026, this vulnerability stems from an untrusted pointer dereference, potentially allowing an attacker with local access and authorized privileges to execute code with elevated permissions. This could lead to a complete compromise of the affected system. Successful exploitation would require an attacker to already have some level of access to the system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial access to the system with standard user privileges.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious program to trigger the untrusted pointer dereference in the Windows Kernel.\u003c/li\u003e\n\u003cli\u003eThe malicious program exploits CVE-2026-40369 to overwrite kernel memory.\u003c/li\u003e\n\u003cli\u003eThe kernel attempts to dereference the attacker-controlled pointer.\u003c/li\u003e\n\u003cli\u003eDue to the untrusted nature of the pointer, the dereference operation accesses an arbitrary memory location.\u003c/li\u003e\n\u003cli\u003eAttacker redirects code execution to a shellcode injected into a memory region.\u003c/li\u003e\n\u003cli\u003eThe shellcode elevates the attacker\u0026rsquo;s privileges to SYSTEM.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40369 allows a local attacker to escalate their privileges to SYSTEM. This would give the attacker complete control over the compromised system, allowing them to install malware, steal sensitive data, or disrupt critical services. The vulnerability has a CVSS v3.1 score of 7.8, indicating a high severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch released by Microsoft to remediate CVE-2026-40369 as soon as possible. Reference: \u003ca href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40369\"\u003ehttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Potential CVE-2026-40369 Exploitation Attempt\u0026rdquo; to identify suspicious process creation events indicative of exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor for unusual system calls or API calls that could be indicative of kernel-level exploitation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T18:43:51Z","date_published":"2026-05-12T18:43:51Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-40369/","summary":"CVE-2026-40369 is an untrusted pointer dereference vulnerability in the Windows Kernel that allows a locally authorized attacker to escalate privileges.","title":"CVE-2026-40369 - Windows Kernel Untrusted Pointer Dereference Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-40369/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-35415"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Windows Storage Spaces Controller"],"_cs_severities":["high"],"_cs_tags":["cve","vulnerability","privilege-escalation","windows"],"_cs_type":"threat","_cs_vendors":["Microsoft Corporation"],"content_html":"\u003cp\u003eCVE-2026-35415 is an integer overflow vulnerability affecting the Windows Storage Spaces Controller. This vulnerability allows an attacker with local access to the system and valid credentials to elevate their privileges. The vulnerability stems from an integer overflow or wraparound condition within the Storage Spaces Controller, potentially leading to memory corruption or other exploitable conditions. Successful exploitation of this flaw would allow an attacker to gain higher-level permissions on the compromised system, potentially leading to full system control. As of the publication of this brief, there are no known reports of active exploitation in the wild.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial local access to a Windows system with valid credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker interacts with the Windows Storage Spaces Controller.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts specific input that triggers an integer overflow within the Storage Spaces Controller.\u003c/li\u003e\n\u003cli\u003eThe integer overflow leads to a memory corruption condition.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the memory corruption to overwrite critical system data structures.\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates their user privileges within the system.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully elevates their privileges to SYSTEM or another high-privileged account.\u003c/li\u003e\n\u003cli\u003eThe attacker performs privileged actions on the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-35415 allows a local attacker to elevate privileges on a Windows system. This could lead to a complete compromise of the affected system, allowing the attacker to install malware, steal sensitive data, or perform other malicious activities. The vulnerability affects any system where the Storage Spaces Controller is enabled. The number of potential victims is wide, since Windows is the most popular OS.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Microsoft to patch CVE-2026-35415 as soon as possible, referencing the Microsoft advisory URL in the references section.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided to detect potential exploitation attempts of CVE-2026-35415 by monitoring for suspicious Storage Spaces Controller activity.\u003c/li\u003e\n\u003cli\u003eMonitor for unauthorized privilege escalation attempts following potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T18:30:20Z","date_published":"2026-05-12T18:30:20Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-35415/","summary":"CVE-2026-35415 is an integer overflow vulnerability in the Windows Storage Spaces Controller that allows a locally authorized attacker to elevate privileges.","title":"CVE-2026-35415: Windows Storage Spaces Controller Integer Overflow Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-35415/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-33841"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Windows Kernel"],"_cs_severities":["high"],"_cs_tags":["cve-2026-33841","privilege-escalation","windows"],"_cs_type":"advisory","_cs_vendors":["Microsoft Corporation"],"content_html":"\u003cp\u003eCVE-2026-33841 is a heap-based buffer overflow vulnerability affecting the Windows Kernel. This vulnerability allows an attacker who already has local access to a system to elevate their privileges. Successful exploitation could allow the attacker to gain higher-level access to the system, potentially leading to complete control. Microsoft has released a security update to address this vulnerability. This vulnerability was published on May 12, 2026, and defenders should prioritize patching systems to prevent potential exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial local access to the target system through legitimate means or exploiting another vulnerability.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious input designed to trigger the heap-based buffer overflow in the Windows Kernel.\u003c/li\u003e\n\u003cli\u003eThe attacker executes a program or script that sends the malicious input to the vulnerable kernel function.\u003c/li\u003e\n\u003cli\u003eThe Windows Kernel attempts to process the input, leading to a buffer overflow on the heap.\u003c/li\u003e\n\u003cli\u003eThe overflow overwrites adjacent memory regions on the heap, potentially corrupting critical kernel data structures.\u003c/li\u003e\n\u003cli\u003eThe corrupted data structures are manipulated to redirect program execution flow within the kernel.\u003c/li\u003e\n\u003cli\u003eThe attacker redirects execution to attacker-controlled code within kernel space.\u003c/li\u003e\n\u003cli\u003eThe attacker-controlled code executes with elevated privileges, granting the attacker system-level access.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-33841 allows an attacker to elevate their privileges from a standard user account to system-level privileges. This could allow the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Given the nature of the Windows Kernel, the entire system is at risk if this vulnerability is exploited.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update released by Microsoft to patch CVE-2026-33841 as referenced in the advisory URL.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided below to your SIEM to detect potential exploitation attempts of CVE-2026-33841.\u003c/li\u003e\n\u003cli\u003eMonitor for suspicious process creation events that may indicate unauthorized privilege escalation.\u003c/li\u003e\n\u003cli\u003eEnable process creation logging with command line arguments to help identify potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T18:21:01Z","date_published":"2026-05-12T18:21:01Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-33841-windows-kernel-privesc/","summary":"CVE-2026-33841 is a heap-based buffer overflow vulnerability in the Windows Kernel that allows a locally authorized attacker to elevate privileges.","title":"CVE-2026-33841 Heap-Based Buffer Overflow in Windows Kernel Allows Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-33841-windows-kernel-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — Microsoft Corporation","version":"https://jsonfeed.org/version/1.1"}