Cyber Posture

CVE-2026-24293

High

Published: 10 March 2026

Published
10 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 8.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24293 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of the specific null pointer dereference flaw in the Windows Ancillary Function Driver for WinSock via patching as guided by MSRC.

SI-16 Memory Protection good match
prevent

Implements memory protections such as DEP and ASLR to prevent exploitation of null pointer dereferences for privilege escalation in kernel drivers.

AC-6 Least Privilege partial match
prevent

Enforces least privilege to limit the scope and impact of local privilege escalation resulting from the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Null pointer dereference in kernel driver directly enables local privilege escalation from low-privileged user context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Deeper analysisAI

CVE-2026-24293 is a null pointer dereference vulnerability (CWE-476) in the Windows Ancillary Function Driver for WinSock. This flaw affects Windows systems and was published on 2026-03-10T18:18:20.317, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation enables privilege escalation, resulting in high impacts to confidentiality, integrity, and availability.

The Microsoft Security Response Center provides an update guide with mitigation details at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24293.

Details

CWE(s)
CWE-476

Affected Products

microsoft
windows 10 21h2
≤ 10.0.19044.7058 · ≤ 10.0.19044.7058 · ≤ 10.0.19044.7058
microsoft
windows 10 22h2
≤ 10.0.19045.7058 · ≤ 10.0.19045.7058 · ≤ 10.0.19045.7058
microsoft
windows 11 23h2
≤ 10.0.22631.6783 · ≤ 10.0.22631.6783
microsoft
windows 11 24h2
≤ 10.0.26100.7979 · ≤ 10.0.26100.7979
microsoft
windows 11 25h2
≤ 10.0.26200.7979 · ≤ 10.0.26200.7979
microsoft
windows 11 26h1
≤ 10.0.28000.1719 · ≤ 10.0.28000.1719
microsoft
windows server 2022
≤ 10.0.20348.4830
microsoft
windows server 2022 23h2
≤ 10.0.25398.2207
microsoft
windows server 2025
≤ 10.0.26100.32463

CVEs Like This One

CVE-2026-25165Same product: Microsoft Windows 10 21H2
CVE-2026-26172Same product: Microsoft Windows 10 21H2
CVE-2026-26132Same product: Microsoft Windows 10 21H2
CVE-2026-32155Same product: Microsoft Windows 10 21H2
CVE-2026-20871Same product: Microsoft Windows 10 21H2
CVE-2026-20817Same product: Microsoft Windows 10 21H2
CVE-2026-32162Same product: Microsoft Windows 10 21H2
CVE-2026-27927Same product: Microsoft Windows 10 21H2
CVE-2026-32074Same product: Microsoft Windows 10 21H2
CVE-2026-32078Same product: Microsoft Windows 10 21H2

References