CVE-2026-20875 is a vulnerability classified under CWE-476 (NULL Pointer Dereference) affecting the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 10 Version 1809 (build 10.0.17763.0). LSASS is a critical Windows component responsible for enforcing security policies, handling authentication, and managing user logins. The vulnerability arises when LSASS dereferences a null pointer due to improper input validation or error handling, leading to a system crash. An attacker can exploit this flaw remotely over the network without requiring any authentication or user interaction, causing a denial of service by forcing LSASS to terminate unexpectedly. This results in the loss of authentication services, potentially causing system reboots or service interruptions. The CVSS v3.1 base score is 7.5, indicating high severity, with vector metrics showing network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to availability. No patches or fixes have been published yet, and no known exploits are reported in the wild. The vulnerability's exploitation could disrupt business operations, especially in environments where Windows 10 Version 1809 is still in use and LSASS is exposed to network traffic. Given the critical role of LSASS in system security, this vulnerability poses a significant risk to system availability and operational continuity.

For European organizations, the primary impact of CVE-2026-20875 is the potential for denial of service attacks that disrupt authentication and security services. This can lead to system downtime, loss of access to critical applications, and interruption of business processes dependent on Windows authentication. Sectors such as finance, healthcare, government, and critical infrastructure that rely heavily on Windows-based systems for identity management and access control are particularly vulnerable. The disruption of LSASS can also trigger system reboots or force emergency recovery procedures, increasing operational costs and potentially causing cascading failures in interconnected systems. Since the vulnerability can be exploited remotely without authentication, attackers could target exposed network services to cause widespread outages. The lack of patches increases the risk window, making timely mitigation essential. Additionally, organizations with legacy systems or delayed patch management practices in Europe may face heightened exposure. The impact on confidentiality and integrity is minimal; however, availability degradation can have severe operational and reputational consequences.

1. Immediately restrict network exposure of systems running Windows 10 Version 1809, especially those with LSASS services accessible over the network. Use firewalls and network segmentation to limit access to trusted hosts only. 2. Employ intrusion detection and prevention systems (IDS/IPS) to monitor and block suspicious traffic targeting LSASS or related authentication services. 3. Disable or limit legacy protocols and services that may expose LSASS to unnecessary network access. 4. Prioritize upgrading affected systems to a supported and patched Windows version as soon as patches become available or consider migrating to newer Windows releases with active support. 5. Implement strict access control policies and monitor authentication logs for unusual activity that may indicate exploitation attempts. 6. Use application whitelisting and endpoint protection solutions to detect and prevent exploitation attempts. 7. Develop and test incident response plans focused on rapid recovery from LSASS service disruptions to minimize downtime. 8. Coordinate with network and security teams to ensure rapid deployment of mitigations and continuous monitoring until patches are released.