Windows Kernel Bug Exploits Browser Sandboxes

Microsoft recently addressed a significant security issue in its core operating system components. Specifically, researchers discovered a dangerous Windows Kernel EoP vulnerability tracked as CVE-2026-40369. This flaw allows an authorized attacker to elevate local privileges. Consequently, local users can gain limited SYSTEM privileges on affected machines.

Sandbox Escape Mechanics

The security breakdown resides inside the nt!ExpGetProcessInformation component. Furthermore, an untrusted pointer dereference triggers when a program invokes the NtQuerySystemInformation function. If the request length equals zero, the kernel performs memory writes without checking the destination address safely. Therefore, any writable kernel virtual address can become a target. This means threat actors can completely escape Chrome, Edge, or Firefox browser sandboxes. As a result, unprivileged applications can modify critical kernel structures dynamically.

Public Exploit Code Released

Additionally, security researcher Ori Nimron published comprehensive technical details on his blog. Crucially, the full proof-of-concept exploit code is now publicly available on GitHub for anyone to download. Because the exploit details are fully public, the risk of widespread malicious adoption increases significantly. In fact, attackers can easily chain this write primitive with other public utilities like the prefetch tool to bypass KASLR. Similarly, threat actors can modify this code to launch automated local attacks.

Affected Versions and Fixes

This Windows Kernel EoP vulnerability impacts multiple modern configurations. Specifically, Windows 11 versions 24H2 through 25H2 are vulnerable. However, Microsoft deployed an official fix during its Patch Tuesday May edition. To secure your enterprise endpoints, you must install these latest security updates immediately. Furthermore, security teams should continuously monitor unusual kernel-mode write activities. Ultimately, proactive patch management remains the best defense against local elevation attacks.