Windows Kernel Vulnerability Lets Attackers Modify Kernel Memory Counters

CVE-2026-40369 is a Windows 11 (24H2–25H2) kernel vulnerability in ExpGetProcessInformation reachable via NtQuerySystemInformation class 253 that permits an attacker-controlled 12-byte kernel increment primitive, enabling reliable local privilege escalation from unprivileged or sandboxed processes (including browser renderers); public exploits are available and Microsoft patched the flaw in May 2026, with guidance to deploy updates and monitor for post-exploitation behavior.