PatchSiren cyber security CVE debrief
CVE-2026-40409 Microsoft CVE debrief
CVE-2026-40409 is a HIGH severity Elevation of Privilege vulnerability in the Windows Universal Disk Format File System Driver (UDFS). The vulnerability has a CVSS score of 7.8 and was published on 2026-06-09T17:17:06.417Z. The vulnerability affects multiple versions of Windows 10, Windows 11, and Windows Server.
- Vendor
- Microsoft
- Product
- Windows 10 Version 1607
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
Administrators and users of affected Windows systems should prioritize patching this vulnerability to prevent potential elevation of privilege attacks.
Technical summary
The vulnerability exists in the Windows Universal Disk Format File System Driver (UDFS) and allows an attacker to elevate their privileges on a vulnerable system. The vulnerability has been assigned a CVSS score of 7.8 and a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
High
Recommended defensive actions
- Apply the security patch from Microsoft as soon as possible.
- Ensure that all affected systems are updated with the latest security patches.
- Consider implementing additional security measures, such as monitoring system logs and network activity, to detect potential attacks.
Evidence notes
The vulnerability is described in the CVE-2026-40409 CVE record [cve-org] and detailed in the NVD vulnerability database [nvd]. Microsoft has provided a vendor advisory for this vulnerability [ref-4].
Official resources
-
CVE-2026-40409 CVE record
CVE.org
-
CVE-2026-40409 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-40409 was published on 2026-06-09T17:17:06.417Z and modified on 2026-06-11T17:06:02.030Z.