PatchSiren cyber security CVE debrief
CVE-2026-42972 Microsoft CVE debrief
CVE-2026-42972 is a MEDIUM severity vulnerability with a CVSS score of 5.5. It allows an authorized attacker to disclose information locally in Windows Hyper-V. The vulnerability was published on 2026-06-09T17:17:12.810Z and modified on 2026-06-10T19:55:47.920Z.
- Vendor
- Microsoft
- Product
- Windows 10 Version 1607
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Administrators and users of Windows Hyper-V are advised to take action.
Technical summary
The vulnerability is caused by exposure of sensitive information to an unauthorized actor in Windows Hyper-V. An authorized attacker can disclose information locally.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by Microsoft to fix the vulnerability.
- Refer to [ref-4](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42972) for mitigation or vendor reference.
Evidence notes
The vulnerability affects multiple versions of Windows 10, Windows 11, and Windows Server.
Official resources
-
CVE-2026-42972 CVE record
CVE.org
-
CVE-2026-42972 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-42972 was published on 2026-06-09T17:17:12.810Z and modified on 2026-06-10T19:55:47.920Z.