Microsoft released a security update in January that addresses two serious zero-day vulnerabilities in the NTFS file system.
The vulnerabilities affected more than thirty versions of desktop and server operating systems , including Windows 11 and Windows Server. Before the patches were released, attackers could have exploited these flaws to gain complete control of a computer.
Both vulnerabilities received a CVSS score of 7.8 out of 10 and are classified as heap-based buffer overflows . The first flaw (CVE-2026-20840) related to the insecure handling of virtual hard disks (VHDs). To exploit it, an attacker would have had to gain preemptive access to the system, for example, through pre-installed malware. They could then prepare a specially crafted VHD file and, when the system processed it, write arbitrary data to protected memory areas.
The second vulnerability (CVE-2026-20922) arose due to a lack of validation checks in the NTFS driver code for service tables on the disk partition. This also allowed privilege escalation.
In both cases, successful exploitation allowed the attacker to gain SYSTEM-level privileges, the highest privileges available in the operating system. With these privileges, the attacker could secretly install malware, steal data, and, in a corporate environment, use the compromised computer as a springboard for further infiltration of the local network.
Both vulnerabilities were discovered by Sergey Tarasov, head of the vulnerability analysis team at Positive Technologies.
Such vulnerabilities pose a particular danger because they often become the first link in a chain of targeted attacks on organizations.
Users are advised to install the latest security updates . Those who, for whatever reason, are unable to do so should exercise caution when working with virtual hard drives and avoid opening VHD files from untrusted sources.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
