Microsoft has issued an emergency security advisory for a critical zero-day vulnerability in the Windows kernel that is being actively exploited by threat actors. The flaw, tracked as CVE-2026-2847, allows attackers to escalate privileges to SYSTEM level from a standard user account.
Security researchers at CrowdStrike first detected exploitation in targeted attacks against government and defense sector organizations. The vulnerability affects all supported versions of Windows 10, Windows 11, and Windows Server.
Microsoft says an out-of-band patch is expected within 48 hours. In the meantime, the company recommends enabling Attack Surface Reduction rules and monitoring for suspicious kernel-mode driver activity as temporary mitigations.
