CVE-2026-20875 is a vulnerability classified under CWE-476 (NULL Pointer Dereference) affecting the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 10 Version 1809 (build 10.0.17763.0). LSASS is a critical component responsible for enforcing security policies, handling authentication, and managing user logins. The flaw arises when LSASS dereferences a NULL pointer, which leads to an unhandled exception causing the service to crash. Since LSASS is integral to system security and stability, its crash results in a denial of service (DoS) condition, potentially forcing the system to reboot or become unresponsive. The vulnerability can be exploited remotely over the network without requiring any authentication or user interaction, making it accessible to unauthenticated attackers. The CVSS v3.1 base score is 7.5 (high), reflecting the ease of exploitation (low attack complexity), no privileges required, and significant impact on availability, though confidentiality and integrity remain unaffected. No public exploits or patches are currently available, but the vulnerability is officially published and tracked. This issue primarily affects legacy Windows 10 installations, which may still be present in certain enterprise or industrial environments. The lack of patches necessitates proactive mitigation to prevent potential exploitation.

The primary impact of CVE-2026-20875 is a denial of service condition caused by crashing LSASS, which can lead to system instability, forced reboots, or complete unavailability of affected Windows 10 Version 1809 systems. For European organizations, this could disrupt critical business operations, especially in sectors relying on legacy Windows systems such as manufacturing, healthcare, or government agencies. The vulnerability does not expose sensitive data or allow privilege escalation, but the loss of availability can halt services, impact productivity, and cause downtime. Network-exposed systems running this Windows version are particularly vulnerable to remote DoS attacks, which could be leveraged in targeted campaigns or opportunistic attacks. The absence of known exploits reduces immediate risk, but the ease of exploitation and critical nature of LSASS make this a significant threat if weaponized. Organizations with legacy infrastructure or slow patch cycles are at higher risk of operational impact.

1. Upgrade affected systems to a supported and patched version of Windows 10 or later to eliminate the vulnerability. 2. If upgrading is not immediately feasible, implement network segmentation and firewall rules to restrict access to LSASS-related services (such as RPC and other authentication endpoints) from untrusted networks. 3. Employ intrusion detection/prevention systems (IDS/IPS) to monitor and block suspicious traffic targeting LSASS. 4. Regularly audit and inventory systems to identify those still running Windows 10 Version 1809 and prioritize remediation. 5. Apply any Microsoft security advisories or hotfixes promptly once available. 6. Use endpoint protection solutions capable of detecting abnormal LSASS crashes or exploitation attempts. 7. Educate IT staff about the vulnerability to ensure rapid response to any signs of exploitation or system instability. 8. Consider deploying network-level rate limiting or anomaly detection to mitigate potential DoS attempts targeting LSASS.