CVE-2026-41092: Microsoft Kinect Elevation of Privilege Vulnerability
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 6.2.9200.26132
- Affected Products
- 20
HarborGuard Analysis
Synopsis
An improper access control vulnerability in the Microsoft Kinect driver component allows a local attacker to elevate privileges on affected Windows systems. The attacker must already have a low-privilege account on the target machine and does not need any network access or victim interaction to trigger it. Successful exploitation gives the attacker full control over the affected system, including reading, modifying, and disrupting any data or processes. Patched-image rebuilds at the fix versions are available on HarborGuard for environments running an affected version of Windows.
HarborGuard Coverage
Detection for CVE-2026-41092 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of publication using feeds from Microsoft and upstream advisory sources. Coverage extends to custom-built images that include any of the affected Windows base layers, not just official images pulled from public registries.
AvailableHarborGuard is capable of scoring this CVE at CVSS 7.8 (HIGH) and weighting that score against each customer organization's compliance policy to determine urgency and routing. Triage results are available for delivery to the appropriate team inbox within each customer org based on their configured escalation rules.
AvailableA patched-image rebuild targeting the applicable fix versions (6.2.9200.26132, 6.3.9600.23228, 10.0.14393.9234, 10.0.17763.8880, 10.0.19044.7417) is available on HarborGuard for any environment running an affected Windows version. For customers who opt into auto-remediation, HarborGuard can perform the rebuild, run a regression test suite, and open a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network path to the target is required.
- AuthenticationRequired
Any low-privilege local account is sufficient; the attacker does not need administrator or system-level credentials to begin the attack.
- Victim interactionNot required
No user action or social engineering is needed; the attacker can trigger the vulnerability entirely on their own.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, memory layout, or other variable environmental factors.
Blast Radius
- Reads any file or secret on the system, including credentials, session tokens, and application data belonging to higher-privileged processes.
- Modifies system files, registry entries, or application data across the host, including security policy configuration.
- Terminates or disrupts any running process or service on the machine, including security tooling and monitoring agents.
- Installs persistent backdoors or alters kernel-level components, giving the attacker durable control over the host.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-41092 is active across all connected registries and CI pipelines, with images matched against the affected Windows version ranges the moment the CVE entered the ingestion feed. Where compliance policy permits, patched-image rebuilds at the corrected Windows 10 and Windows 11 patch levels are available for generation without manual intervention. For customers with auto-remediation enabled, HarborGuard can rebuild the affected base image, execute a regression run, and open a pull request against workloads referencing the vulnerable layer; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in those environments. For environments where auto-remediation is not enabled, the triage report is available for manual review and includes the specific fix version required per Windows release channel.
Fix available
- Microsoft / Windows 10 Version 1607< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows 10 Version 1809< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows 10 Version 21H2< 10.0.19044.7417 (from 10.0.19044.0)
- Microsoft / Windows 10 Version 22H2< 10.0.19045.7417 (from 10.0.19045.0)
- Microsoft / Windows 11 version 23H2< 10.0.22631.7219 (from 10.0.22631.0)
- Microsoft / Windows 11 Version 23H2< 10.0.22631.7219 (from 10.0.22631.0)
- Microsoft / Windows 11 Version 24H2< 10.0.26100.8655 (from 10.0.26100.0)
- Microsoft / Windows 11 Version 25H2< 10.0.26200.8655 (from 10.0.26200.0)
- Microsoft / Windows 11 version 26H1< 10.0.28000.2269 (from 10.0.28000.0)
- Microsoft / Windows Server 2012< 6.2.9200.26132 (from 6.2.9200.0)
- Microsoft / Windows Server 2012 (Server Core installation)< 6.2.9200.26132 (from 6.2.9200.0)
- Microsoft / Windows Server 2012 R2< 6.3.9600.23228 (from 6.3.9600.0)
- Microsoft / Windows Server 2012 R2 (Server Core installation)< 6.3.9600.23228 (from 6.3.9600.0)
- Microsoft / Windows Server 2016< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows Server 2016 (Server Core installation)< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows Server 2019< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows Server 2019 (Server Core installation)< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows Server 2022< 10.0.20348.5256 (from 10.0.20348.0)
- Microsoft / Windows Server 2025< 10.0.26100.32995 (from 10.0.26100.0)
- Microsoft / Windows Server 2025 (Server Core installation)< 10.0.26100.32995 (from 10.0.26100.0)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C