A security researcher has discovered a flaw in the heart of Windows 11. It allows a malicious program to take full control of a PC, especially from an open web page. Microsoft has released a patch, but some users remain exposed without knowing it.
Researcher Ori Nimron discovered a critical vulnerability in the Windows 11 kernel, the protected area which manages memory, processors, file access, and program rights. In theory, no application can access it, for security reasons.
The flaw uncovered by the researcher allows a program to write data in kernel memory, an area that it has absolutely no right to modify. Even without administrator rights, the program can add data to memory. This operation allows the program toobtain system-level rights. This is the highest level of control available on a Windows PC.
Also read: Windows cyberattacks in progress – 2 Microsoft Defender flaws exploited by hackers
An internal function that goes off the rails
The flaw affects versions 24H2 to 25H2 of Windows 11. The vulnerability arises froma malfunction of an internal Windows functionwhich applications can call to obtain information about the system, through numbered requests. Unfortunately, Microsoft forgot to ensure that the memory address passed by the application actually belongs to user space, and not kernel space.
Twelve bytes of data are then written to the kernel, which is enough to modify the rights of a process and obtain full administrator access to the machine. The attack can start from a web page opened on a browser, such as Chrome or Edge, which further increases the risks.
A fix already deployed
Good news, the flaw has already been corrected by Microsoft. The publisher published a security update on May 12, 2026, in accordance with his habits. The update closes a total of 120 security flaws, including 17 critical ones, in Windows code. If your PC has the May updates installed, you are protected against any attacks on your computer’s kernel.
However, Microsoft itself acknowledged that this update refuses to install on certain machines. On some computers, a lack of space on an internal system partition prevents the update from installing. On these PCs, the update downloads, attempts to install… then uninstalls itself, without the user’s knowledge.
To check if the update has been installed, open Windows Settings, then “Windows Update”, then “Update History”. Look for KB5089549 in the list. If the update is not referenced, Microsoft recommends contacting support or waiting for a secondary fix. In the meantime, avoid suspicious and unknown websites and be wary of links received by email.
👉🏻 Follow tech news in real time: add 01net to your sources on Google, and subscribe to our WhatsApp channel.
