PatchSiren cyber security CVE debrief
CVE-2026-42975 Microsoft CVE debrief
CVE-2026-42975 is a high-severity vulnerability in the Windows Bluetooth Port Driver. The vulnerability is caused by a heap-based buffer overflow, which allows an unauthorized attacker to execute code over an adjacent network. This vulnerability affects multiple versions of Windows 10, Windows 11, and Windows Server. Users of these systems should apply patches or mitigations to prevent exploitation. The vulnerability has a CVSS score of 8 and a severity of HIGH. However, detailed information about the vulnerability, such as its root cause, is limited.
- Vendor
- Microsoft
- Product
- Windows 10 Version 1607
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-16
Who should care
This vulnerability affects multiple versions of Windows 10, Windows 11, and Windows Server. Users of these systems should apply patches or mitigations to prevent exploitation. The vulnerability has a CVSS score of 8 and a severity of HIGH. Operators, platform administrators, vulnerability management teams, and security teams should review and apply patches or updates provided by Microsoft to vulnerable systems.
Technical summary
The vulnerability is caused by a heap-based buffer overflow in the Windows Bluetooth Port Driver. An unauthorized attacker can exploit this vulnerability to execute code over an adjacent network. The vulnerability has a CVSS score of 8 and a severity of HIGH. This vulnerability affects multiple versions of Windows 10, Windows 11, and Windows Server.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by Microsoft to vulnerable systems
- Implement compensating controls, such as network segmentation or access controls, to limit the attack surface
- Monitor systems for suspicious activity and implement incident response plans
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-14T17:16:48.157Z and was last modified on 2026-07-16T17:45:59.843Z. The NVD entry is currently Analyzed. The vulnerability affects multiple versions of Windows 10, Windows 11, and Windows Server. Users of these systems should apply patches or mitigations to prevent exploitation. However, detailed information about the vulnerability, such as its root cause, is limited. Defenders should verify the affected scope and apply patches or updates provided by Microsoft to vulnerable systems.
Official resources
-
CVE-2026-42975 CVE record
CVE.org
-
CVE-2026-42975 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T17:16:48.157Z and has not been modified since then. The NVD entry is currently Analyzed.