The remote Windows host is missing security update 5073723. It is, therefore, affected by multiple vulnerabilities

  - Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to     elevate privileges locally. (CVE-2026-20857)

  - An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka     AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL     0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM.
    This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with     high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver)     ransomware campaigns. (CVE-2023-31096)

  - Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability     (CVE-2026-20832)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

KB5073723: Windows 10 version 1809 / Windows Server 2019 Security Update (January 2026)

high Nessus Plugin ID 283470

Version 1.3

Version 1.2

Version 1.3 Jan 16, 2026, 10:12 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202601162212
Version 1.2 Jan 14, 2026, 5:08 AM CISA reference CVSS metrics ("CVSSv2 score" set to 10.0. "CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2026-20857" to "CVE-2026-20868") CVSSv2 severity (based on CVE-2026-20868, severity increased from "Medium" to "High") New Plugin Feed: 202601140508