Microsoft disclosed CVE-2026-40401, an Important denial-of-service flaw in the Windows TCP/IP stack caused by a NULL pointer dereference and assigned it a CVSS 7.1 score. The company said exploitation requires no privileges or user interaction, has not been publicly disclosed or observed in the wild, and is considered less likely to be exploited. Microsoft has released a security update to address the issue.
The advisory warns that the bug can have broader impact in virtualized environments: a low-privilege Hyper-V guest could cross the guest boundary and trigger denial of service on the Hyper-V host. The disclosure aligns with Microsoft's continued patching of availability issues affecting virtualization components, including prior Windows Hyper-V denial-of-service flaws tracked as CVE-2025-47999 and CVE-2024-43633, as well as a Microsoft Virtual Hard Disk (VHDX) denial-of-service issue, CVE-2024-38264.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
Microsoft disclosed CVE-2026-40401, an Important Windows TCP/IP denial-of-service vulnerability caused by a NULL pointer dereference, and made an official fix available. Microsoft said the flaw was not publicly disclosed or exploited in the wild at publication, and noted a scenario where a low-privilege Hyper-V guest could cause denial of service on the Hyper-V host.
Microsoft added a Security Update Guide entry for CVE-2025-47999, identified as a Windows Hyper-V denial-of-service vulnerability. No additional synopsis details are provided in the reference.
Microsoft published a Security Update Guide entry for CVE-2024-43633, a Windows Hyper-V denial-of-service vulnerability. The reference marks the vulnerability's disclosure on that date.
Microsoft published a Security Update Guide entry for CVE-2024-38264, a Microsoft Virtual Hard Disk (VHDX) denial-of-service vulnerability. The reference indicates public disclosure of the vulnerability on that date.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
msrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.