Detections
Analytics

KB5082142: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (April 2026)

high Nessus Plugin ID 306449

Language:

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 5082142. It is, therefore, affected by multiple vulnerabilities

 - Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
 (CVE-2026-33824)

 - Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. (CVE-2026-32225)

 - Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
 (CVE-2026-32157)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Apply Security Update 5082142

See Also

https://support.microsoft.com/help/5082142

Plugin Details

Severity: High

ID: 306449

File Name: smb_nt_ms26_apr_5082142.nasl

Version: 1.6

Type: Local

Agent: windows

Published: 4/14/2026

Updated: 4/28/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-33824

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2026-26167

Vulnerability Information

CPE: cpe:/o:microsoft:windows_server_2022, cpe:/o:microsoft:azure_stack_hci:22h2

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/14/2026

Vulnerability Publication Date: 4/14/2026

CISA Known Exploited Vulnerability Due Dates: 5/12/2026

Reference Information

CVE: CVE-2026-0390, CVE-2026-20806, CVE-2026-20928, CVE-2026-20930, CVE-2026-23670, CVE-2026-25250, CVE-2026-26151, CVE-2026-26152, CVE-2026-26153, CVE-2026-26154, CVE-2026-26155, CVE-2026-26156, CVE-2026-26159, CVE-2026-26160, CVE-2026-26161, CVE-2026-26162, CVE-2026-26163, CVE-2026-26165, CVE-2026-26166, CVE-2026-26167, CVE-2026-26168, CVE-2026-26169, CVE-2026-26170, CVE-2026-26172, CVE-2026-26173, CVE-2026-26174, CVE-2026-26175, CVE-2026-26176, CVE-2026-26177, CVE-2026-26178, CVE-2026-26180, CVE-2026-26182, CVE-2026-26183, CVE-2026-26184, CVE-2026-27908, CVE-2026-27909, CVE-2026-27910, CVE-2026-27911, CVE-2026-27912, CVE-2026-27913, CVE-2026-27914, CVE-2026-27915, CVE-2026-27916, CVE-2026-27917, CVE-2026-27918, CVE-2026-27919, CVE-2026-27920, CVE-2026-27921, CVE-2026-27922, CVE-2026-27923, CVE-2026-27924, CVE-2026-27925, CVE-2026-27926, CVE-2026-27927, CVE-2026-27928, CVE-2026-27929, CVE-2026-27930, CVE-2026-27931, CVE-2026-32068, CVE-2026-32069, CVE-2026-32070, CVE-2026-32071, CVE-2026-32072, CVE-2026-32073, CVE-2026-32074, CVE-2026-32075, CVE-2026-32077, CVE-2026-32078, CVE-2026-32079, CVE-2026-32080, CVE-2026-32081, CVE-2026-32082, CVE-2026-32083, CVE-2026-32084, CVE-2026-32085, CVE-2026-32086, CVE-2026-32087, CVE-2026-32088, CVE-2026-32089, CVE-2026-32090, CVE-2026-32091, CVE-2026-32093, CVE-2026-32149, CVE-2026-32150, CVE-2026-32151, CVE-2026-32152, CVE-2026-32154, CVE-2026-32155, CVE-2026-32156, CVE-2026-32157, CVE-2026-32158, CVE-2026-32159, CVE-2026-32160, CVE-2026-32162, CVE-2026-32163, CVE-2026-32164, CVE-2026-32165, CVE-2026-32181, CVE-2026-32183, CVE-2026-32202, CVE-2026-32212, CVE-2026-32214, CVE-2026-32215, CVE-2026-32217, CVE-2026-32218, CVE-2026-32225, CVE-2026-33096, CVE-2026-33098, CVE-2026-33099, CVE-2026-33100, CVE-2026-33104, CVE-2026-33824, CVE-2026-33826, CVE-2026-33827, CVE-2026-33829

IAVA: 2026-A-0342, 2026-A-0343

MSFT: MS26-5082142

MSKB: 5082142