CVE-2026-20875 is a vulnerability classified under CWE-476 (NULL Pointer Dereference) affecting Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw exists in the Local Security Authority Subsystem Service (LSASS), a core Windows component responsible for enforcing security policies, handling authentication, and managing user logins. The vulnerability allows an unauthenticated attacker to send specially crafted network requests that trigger a null pointer dereference within LSASS, causing the service to crash. This results in a denial of service condition, disrupting authentication services and potentially forcing system reboots or service outages. The CVSS v3.1 base score is 7.5 (high), reflecting the remote attack vector (network), low attack complexity, no privileges or user interaction required, and impact limited to availability (no confidentiality or integrity loss). The vulnerability was reserved in December 2025 and published in January 2026, with no known exploits in the wild or patches released yet. LSASS is critical for Windows security, so its failure can severely impact system stability and availability. This vulnerability is particularly concerning for systems exposed to untrusted networks or internet-facing services that rely on Windows authentication mechanisms.

For European organizations, this vulnerability poses a significant risk to availability of Windows 10 Version 1809 systems, especially those acting as domain controllers, authentication servers, or providing critical network services dependent on LSASS. Denial of service attacks could disrupt business operations, prevent user logins, and cause downtime in enterprise environments. Sectors such as finance, healthcare, government, and critical infrastructure that rely heavily on Windows authentication services may experience operational disruptions. The lack of confidentiality or integrity impact reduces risks of data breaches but does not mitigate the operational impact of service outages. Organizations with legacy systems still running Windows 10 Version 1809 are particularly vulnerable, as this version is older and may not be widely patched. The absence of known exploits provides a window for proactive mitigation, but the ease of exploitation and no requirement for authentication increase the urgency to address exposure.

Until an official patch is released, European organizations should implement specific mitigations to reduce exposure: 1) Restrict network access to LSASS-related services by implementing strict firewall rules and network segmentation to limit incoming traffic to trusted sources only. 2) Disable or restrict unnecessary remote authentication protocols and services that interact with LSASS, such as Remote Desktop or legacy authentication methods, if not required. 3) Monitor network traffic for unusual or malformed packets targeting authentication services to detect potential exploitation attempts. 4) Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to identify attempts to exploit null pointer dereference vulnerabilities. 5) Plan and prioritize upgrading or patching affected Windows 10 Version 1809 systems as soon as a patch becomes available or consider migrating to a supported Windows version with active security updates. 6) Maintain regular backups and incident response plans to quickly recover from potential denial of service incidents. These targeted actions go beyond generic advice by focusing on network-level controls and legacy system management specific to this vulnerability.