CVE-2026-20875: CWE-476: NULL Pointer Dereference in Microsoft Windows 10 Version 1809
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
AI Analysis
Technical Summary
CVE-2026-20875 is a vulnerability classified under CWE-476 (NULL Pointer Dereference) affecting Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw exists in the Local Security Authority Subsystem Service (LSASS), a core Windows component responsible for enforcing security policies, handling authentication, and managing user logins. The vulnerability allows an unauthenticated attacker to send specially crafted network requests that trigger a null pointer dereference within LSASS, causing the service to crash. This results in a denial of service condition, disrupting authentication services and potentially forcing system reboots or service outages. The CVSS v3.1 base score is 7.5 (high), reflecting the remote attack vector (network), low attack complexity, no privileges or user interaction required, and impact limited to availability (no confidentiality or integrity loss). The vulnerability was reserved in December 2025 and published in January 2026, with no known exploits in the wild or patches released yet. LSASS is critical for Windows security, so its failure can severely impact system stability and availability. This vulnerability is particularly concerning for systems exposed to untrusted networks or internet-facing services that rely on Windows authentication mechanisms.
Potential Impact
For European organizations, this vulnerability poses a significant risk to availability of Windows 10 Version 1809 systems, especially those acting as domain controllers, authentication servers, or providing critical network services dependent on LSASS. Denial of service attacks could disrupt business operations, prevent user logins, and cause downtime in enterprise environments. Sectors such as finance, healthcare, government, and critical infrastructure that rely heavily on Windows authentication services may experience operational disruptions. The lack of confidentiality or integrity impact reduces risks of data breaches but does not mitigate the operational impact of service outages. Organizations with legacy systems still running Windows 10 Version 1809 are particularly vulnerable, as this version is older and may not be widely patched. The absence of known exploits provides a window for proactive mitigation, but the ease of exploitation and no requirement for authentication increase the urgency to address exposure.
Mitigation Recommendations
Until an official patch is released, European organizations should implement specific mitigations to reduce exposure: 1) Restrict network access to LSASS-related services by implementing strict firewall rules and network segmentation to limit incoming traffic to trusted sources only. 2) Disable or restrict unnecessary remote authentication protocols and services that interact with LSASS, such as Remote Desktop or legacy authentication methods, if not required. 3) Monitor network traffic for unusual or malformed packets targeting authentication services to detect potential exploitation attempts. 4) Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to identify attempts to exploit null pointer dereference vulnerabilities. 5) Plan and prioritize upgrading or patching affected Windows 10 Version 1809 systems as soon as a patch becomes available or consider migrating to a supported Windows version with active security updates. 6) Maintain regular backups and incident response plans to quickly recover from potential denial of service incidents. These targeted actions go beyond generic advice by focusing on network-level controls and legacy system management specific to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2026-20875: CWE-476: NULL Pointer Dereference in Microsoft Windows 10 Version 1809
Description
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
AI-Powered Analysis
Technical Analysis
CVE-2026-20875 is a vulnerability classified under CWE-476 (NULL Pointer Dereference) affecting Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw exists in the Local Security Authority Subsystem Service (LSASS), a core Windows component responsible for enforcing security policies, handling authentication, and managing user logins. The vulnerability allows an unauthenticated attacker to send specially crafted network requests that trigger a null pointer dereference within LSASS, causing the service to crash. This results in a denial of service condition, disrupting authentication services and potentially forcing system reboots or service outages. The CVSS v3.1 base score is 7.5 (high), reflecting the remote attack vector (network), low attack complexity, no privileges or user interaction required, and impact limited to availability (no confidentiality or integrity loss). The vulnerability was reserved in December 2025 and published in January 2026, with no known exploits in the wild or patches released yet. LSASS is critical for Windows security, so its failure can severely impact system stability and availability. This vulnerability is particularly concerning for systems exposed to untrusted networks or internet-facing services that rely on Windows authentication mechanisms.
Potential Impact
For European organizations, this vulnerability poses a significant risk to availability of Windows 10 Version 1809 systems, especially those acting as domain controllers, authentication servers, or providing critical network services dependent on LSASS. Denial of service attacks could disrupt business operations, prevent user logins, and cause downtime in enterprise environments. Sectors such as finance, healthcare, government, and critical infrastructure that rely heavily on Windows authentication services may experience operational disruptions. The lack of confidentiality or integrity impact reduces risks of data breaches but does not mitigate the operational impact of service outages. Organizations with legacy systems still running Windows 10 Version 1809 are particularly vulnerable, as this version is older and may not be widely patched. The absence of known exploits provides a window for proactive mitigation, but the ease of exploitation and no requirement for authentication increase the urgency to address exposure.
Mitigation Recommendations
Until an official patch is released, European organizations should implement specific mitigations to reduce exposure: 1) Restrict network access to LSASS-related services by implementing strict firewall rules and network segmentation to limit incoming traffic to trusted sources only. 2) Disable or restrict unnecessary remote authentication protocols and services that interact with LSASS, such as Remote Desktop or legacy authentication methods, if not required. 3) Monitor network traffic for unusual or malformed packets targeting authentication services to detect potential exploitation attempts. 4) Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to identify attempts to exploit null pointer dereference vulnerabilities. 5) Plan and prioritize upgrading or patching affected Windows 10 Version 1809 systems as soon as a patch becomes available or consider migrating to a supported Windows version with active security updates. 6) Maintain regular backups and incident response plans to quickly recover from potential denial of service incidents. These targeted actions go beyond generic advice by focusing on network-level controls and legacy system management specific to this vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- microsoft
- Date Reserved
- 2025-12-03T05:54:20.387Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69668ae1a60475309f9ae172
Added to database: 1/13/2026, 6:11:45 PM
Last enriched: 1/27/2026, 7:24:04 PM
Last updated: 2/3/2026, 5:45:57 PM
Views: 50
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-59902: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in NICE NICE Chat
HighCVE-2025-41065: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Luna Imaging LUNA
MediumCVE-2026-22228: CWE-400 Uncontrolled Resource Consumption in TP-Link Systems Inc. Archer BE230 v1.2
MediumCVE-2026-22220: CWE-20 Improper Input Validation in TP-Link Systems Inc. Archer BE230 v1.2
MediumCVE-2025-66374: n/a
UnknownActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.