Windows Kernel Vulnerability Allows Attackers to Modify Kernel Memory Counters

**Executive Summary:** A critical, deterministic Windows kernel vulnerability (CVE-2026-40369) in ntoskrnl.exe's ExpGetProcessInformation via NtQuerySystemInformation (info class 253) allows unprivileged processes — including sandboxed browser renderers — to bypass ProbeForWrite validation and increment arbitrary kernel memory, enabling reliable SYSTEM privilege escalation, KASLR bypass, and subsequent token manipulation; no official patch had been confirmed at publication, and organizations are advised to monitor NtQuerySystemInformation usage and implement detection rules.