- Description
- Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Shell Protection Mechanism Failure Vulnerability
- Exploit added on
- Feb 10, 2026
- Exploit action due
- Mar 3, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-693
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E78A20FD-B910-43DF-BE89-E971E2FD0049",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B941280B-97F6-4F60-80A3-40482A74488D",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C09C54DA-6AB0-4696-A2F2-C11CFC292EA9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "369B4E41-3895-4CB7-BD37-D2E4A4D52FB9",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EDB3FD9A-2786-4EC1-8989-2B0D054E0307",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "893DBA65-116B-4AE0-80E1-50458CB5FDAD",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "37E2BFF1-28C0-4FA0-9A6C-020146E4AD54",
"versionEndExcluding": "10.0.19044.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3ABF7E9C-769A-4330-AD97-FE3CD766E577",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F54B0C64-9A1F-470B-9824-322CF362507F",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A5BD3F0C-1E6F-4937-806C-B87CA19C2830",
"versionEndExcluding": "10.0.19045.6937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B273EF5A-3157-4842-AE91-CEC289813902",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CD2513FC-D399-4DBF-921F-13B4D1497127",
"versionEndExcluding": "10.0.22631.6649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B08450A0-0F7E-4A05-8989-900221992766",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9D30B348-DAE7-43EC-85FA-38E1715258A9",
"versionEndExcluding": "10.0.26100.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8F23FFCF-9C69-4D27-AF21-D09A6041AA3A",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D1D93202-BDDB-438F-934E-1FE904B3651B",
"versionEndExcluding": "10.0.26200.7781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E21BC97D-1C11-41FD-9A20-34A2BC535BD9",
"versionEndExcluding": "10.0.14393.8868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3E93E-8160-4BFB-B5CB-85740922CF7E",
"versionEndExcluding": "10.0.17763.8389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19FC4B-C3CC-4924-9A0B-5E4F100280D4",
"versionEndExcluding": "10.0.20348.4711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0EA3C51-C3FE-494A-92D9-D3B1C301CB54",
"versionEndExcluding": "10.0.25398.2149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF95F4-504F-40EF-9F64-5D6F7B40114F",
"versionEndExcluding": "10.0.26100.32313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]