Windows Kernel Bug Exploits Browser Sandboxes

Microsoft patched a Windows Kernel local elevation-of-privilege vulnerability (CVE-2026-40369) that allows untrusted pointer dereference in nt!ExpGetProcessInformation via NtQuerySystemInformation leading to arbitrary kernel writes and sandbox escapes (affecting Windows 11 24H2–25H2). Public technical details and proof-of-concept exploit code have been published on a researcher’s blog and GitHub, increasing the risk of local automated attacks; organizations are advised to apply Microsoft’s May patch and monitor for unusual kernel-mode writes.