Every Windows 10 and Windows 11 device in your organization is a potential entry point for an attacker to gain complete control of that machine, including access to files, credentials, and connected systems — without any current fix available from Microsoft. If an attacker already has a foothold in your environment through any means (phishing, compromised VPN, malicious USB), this exploit removes the last barrier between them and full system ownership. The combination of public exploit availability, no patch, and independent third-party confirmation elevates this from theoretical risk to an active business continuity and data protection concern.
You Are Affected If
You operate Windows 10 or Windows 11 endpoints in your environment, including those fully patched through June 2026 Patch Tuesday (KB5094126 or KB5093998)
Microsoft Defender is the active endpoint protection solution on those systems (default configuration for most Windows deployments)
Standard or low-privileged user accounts can initiate local interactive sessions on those endpoints
No application allowlisting or process execution controls are in place to restrict cmd.exe or powershell.exe from launching under unexpected parent processes
No Microsoft Security Response Center advisory or patch has been applied because none currently exists
Board Talking Points
A public exploit with no available fix can give an attacker full control of any Windows 10 or Windows 11 computer in our organization.
We recommend immediately restricting local login access on high-value systems and activating enhanced monitoring while we await a Microsoft patch, expected within the current sprint.
Without these compensating controls in place, any attacker who gains initial access to a single Windows device — through email, a compromised account, or physical access — can escalate to full system control undetected.
