PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-42968 Microsoft CVE debrief

CVE-2026-42968 is a MEDIUM severity vulnerability with a CVSS score of 5.5. It was published on 2026-06-09 and modified on 2026-06-11. The vulnerability is an out-of-bounds read in the Windows Telephony Service, which allows an authorized attacker to disclose information locally. The Common Vulnerability Scoring System (CVSS) vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The weakness is classified as CWE-125.

Vendor
Microsoft
Product
Windows 10 Version 1607
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-09
Original CVE updated
2026-06-11
Advisory published
2026-06-09
Advisory updated
2026-06-11

Who should care

Administrators and users of Microsoft Windows 10, Windows 11, and Windows Server systems should be aware of this vulnerability. The affected products include Windows 10 1607, Windows 10 1809, Windows 10 21H2, Windows 10 22H2, Windows 11 23H2, Windows 11 24H2, Windows 11 25H2, Windows 11 26H1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025.

Technical summary

The vulnerability is caused by an out-of-bounds read in the Windows Telephony Service. This allows an authorized attacker to disclose information locally. The vulnerability has a CVSS score of 5.5 and is classified as CWE-125.

Defensive priority

MEDIUM

Recommended defensive actions

  • Apply the patches provided by Microsoft to fix the vulnerability. The patches can be found at [ref-4](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42968).

Evidence notes

The information provided is based on the CVE record and the NVD detail page. The CVE record can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-42968) and the NVD detail page can be found at [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-42968).

Official resources

CVE-2026-42968 was published on 2026-06-09 and modified on 2026-06-11.