Windows Kernel Flaw Lets Attackers Modify Memory Counters

A critical Windows kernel vulnerability (CVE-2026-40369) in ExpGetProcessInformation (ntoskrnl.exe) triggered by NtQuerySystemInformation class 253 allows an unprivileged process — including sandboxed browser renderers — to deterministically escalate to NT AUTHORITY\SYSTEM via an arbitrary kernel-address increment primitive; a complete five-stage exploit and public PoC were released, Microsoft issued a patch on May 12, 2026, and affected Windows 11 builds remain at risk until updated.