Skip to main content

Hitachi
Contact UsContact Us

Security information for Hitachi Disk Array Systems

May 27, 2026
Hitachi, Ltd.

Hitachi Disk Array Systems have the following vulnerability.

Security Information ID

hitachi-sec-2026-311

Vulnerability description

CVE-2026-0390
UEFI Secure Boot Security Feature Bypass Vulnerability
CVE-2026-20806
Windows COM Server Information Disclosure Vulnerability
CVE-2026-20928
Windows Recovery Environment Security Feature Bypass Vulnerability
CVE-2026-20930
Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-23666
.NET Framework Denial of Service Vulnerability
CVE-2026-23670
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
CVE-2026-25250
MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix
CVE-2026-26151
Remote Desktop Spoofing Vulnerability
CVE-2026-26152
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVE-2026-26153
Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability
CVE-2026-26155
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2026-26156
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2026-26159
Remote Desktop Licensing Service Elevation of Privilege Vulnerability
CVE-2026-26160
Remote Desktop Licensing Service Elevation of Privilege Vulnerability
CVE-2026-26161
Windows Sensor Data Service Elevation of Privilege Vulnerability
CVE-2026-26162
Windows OLE Elevation of Privilege Vulnerability
CVE-2026-26163
Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-26167
Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-26168
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-26169
Windows Kernel Memory Information Disclosure Vulnerability
CVE-2026-26170
PowerShell Elevation of Privilege Vulnerability
CVE-2026-26172
Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-26173
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-26174
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVE-2026-26175
Windows Boot Manager Security Feature Bypass Vulnerability
CVE-2026-26176
Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability
CVE-2026-26177
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-26178
Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability
CVE-2026-26180
Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-26182
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-26184
Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-27906
Windows Hello Security Feature Bypass Vulnerability
CVE-2026-27908
Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
CVE-2026-27909
Windows Search Service Elevation of Privilege Vulnerability
CVE-2026-27910
Windows Installer Elevation of Privilege Vulnerability
CVE-2026-27911
Windows User Interface Core Elevation of Privilege Vulnerability
CVE-2026-27914
Microsoft Management Console Elevation of Privilege Vulnerability
CVE-2026-27915
Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-27916
Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-27917
Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability
CVE-2026-27918
Windows Shell Elevation of Privilege Vulnerability
CVE-2026-27919
Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-27920
Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-27921
Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
CVE-2026-27922
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-27923
Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-27924
Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-27925
Windows UPnP Device Host Information Disclosure Vulnerability
CVE-2026-27926
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-27927
Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-27929
Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability
CVE-2026-27930
Windows GDI Information Disclosure Vulnerability
CVE-2026-27931
Windows GDI Information Disclosure Vulnerability
CVE-2026-32068
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2026-32069
Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-32070
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-32071
Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVE-2026-32072
Active Directory Spoofing Vulnerability
CVE-2026-32073
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-32074
Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-32075
Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-32077
Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-32078
Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-32079
Web Account Manager Information Disclosure Vulnerability
CVE-2026-32081
Package Catalog Information Disclosure Vulnerability
CVE-2026-32082
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2026-32083
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2026-32084
Windows Print Spooler Information Disclosure Vulnerability
CVE-2026-32085
Remote Procedure Call Information Disclosure Vulnerability
CVE-2026-32086
Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-32087
Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-32088
Windows Biometric Service Security Feature Bypass Vulnerability
CVE-2026-32089
Windows Speech Brokered Api Elevation of Privilege Vulnerability
CVE-2026-32090
Windows Speech Brokered Api Elevation of Privilege Vulnerability
CVE-2026-32091
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2026-32093
Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-32149
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2026-32150
Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-32151
Windows Shell Information Disclosure Vulnerability
CVE-2026-32153
Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2026-32154
Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-32155
Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-32156
Windows UPnP Device Host Remote Code Execution Vulnerability
CVE-2026-32157
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-32158
Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-32159
Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-32160
Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-32162
Windows COM Elevation of Privilege Vulnerability
CVE-2026-32163
Windows User Interface Core Elevation of Privilege Vulnerability
CVE-2026-32164
Windows User Interface Core Elevation of Privilege Vulnerability
CVE-2026-32165
Windows User Interface Core Elevation of Privilege Vulnerability
CVE-2026-32181
Connected User Experiences and Telemetry Service Denial of Service Vulnerability
CVE-2026-32183
Windows Snipping Tool Remote Code Execution Vulnerability
CVE-2026-32202
Windows Shell Spoofing Vulnerability
CVE-2026-32212
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
CVE-2026-32214
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
CVE-2026-32215
Windows Kernel Information Disclosure Vulnerability
CVE-2026-32217
Windows Kernel Information Disclosure Vulnerability
CVE-2026-32218
Windows Kernel Information Disclosure Vulnerability
CVE-2026-32225
Windows Shell Security Feature Bypass Vulnerability
CVE-2026-32226
.NET Framework Denial of Service Vulnerability
CVE-2026-33098
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
CVE-2026-33099
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-33100
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-33104
Win32k Elevation of Privilege Vulnerability
CVE-2026-33116
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2026-33824
Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
CVE-2026-33827
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2026-33829
Windows Snipping Tool Spoofing Vulnerability

Affected products

The following table shows the affected products.

Product
Name		 Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H
Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H
Vulnerability
ID

[Windows 10 for x64-based Systems (Version1809)]

CVE-2026-0390, CVE-2026-20806, CVE-2026-20928, CVE-2026-20930,
CVE-2026-23666, CVE-2026-23670, CVE-2026-25250, CVE-2026-26151,
CVE-2026-26152, CVE-2026-26153, CVE-2026-26155, CVE-2026-26156,
CVE-2026-26159, CVE-2026-26160, CVE-2026-26161, CVE-2026-26162,
CVE-2026-26163, CVE-2026-26167, CVE-2026-26168, CVE-2026-26169,
CVE-2026-26170, CVE-2026-26173, CVE-2026-26174, CVE-2026-26175,
CVE-2026-26176, CVE-2026-26177, CVE-2026-26178, CVE-2026-26180,
CVE-2026-26182, CVE-2026-26184, CVE-2026-27908, CVE-2026-27909,
CVE-2026-27910, CVE-2026-27911, CVE-2026-27914, CVE-2026-27915,
CVE-2026-27916, CVE-2026-27917, CVE-2026-27918, CVE-2026-27919,
CVE-2026-27920, CVE-2026-27921, CVE-2026-27922, CVE-2026-27923,
CVE-2026-27925, CVE-2026-27926, CVE-2026-27927, CVE-2026-27929,
CVE-2026-27930, CVE-2026-32068, CVE-2026-32069, CVE-2026-32070,
CVE-2026-32071, CVE-2026-32072, CVE-2026-32073, CVE-2026-32074,
CVE-2026-32075, CVE-2026-32077, CVE-2026-32078, CVE-2026-32079,
CVE-2026-32081, CVE-2026-32082, CVE-2026-32083, CVE-2026-32084,
CVE-2026-32085, CVE-2026-32086, CVE-2026-32087, CVE-2026-32088,
CVE-2026-32089, CVE-2026-32090, CVE-2026-32091, CVE-2026-32093,
CVE-2026-32149, CVE-2026-32150, CVE-2026-32151, CVE-2026-32153,
CVE-2026-32154, CVE-2026-32156, CVE-2026-32157, CVE-2026-32158,
CVE-2026-32159, CVE-2026-32160, CVE-2026-32162, CVE-2026-32163,
CVE-2026-32164, CVE-2026-32165, CVE-2026-32183, CVE-2026-32202,
CVE-2026-32212, CVE-2026-32214, CVE-2026-32215, CVE-2026-32217,
CVE-2026-32225, CVE-2026-32226, CVE-2026-33098, CVE-2026-33099,
CVE-2026-33100, CVE-2026-33104, CVE-2026-33116, CVE-2026-33824,
CVE-2026-33827, CVE-2026-33829

[Windows 10 for x64-based Systems (Version21H2)]

CVE-2026-0390, CVE-2026-20806, CVE-2026-20928, CVE-2026-20930,
CVE-2026-23666, CVE-2026-23670, CVE-2026-25250, CVE-2026-26151,
CVE-2026-26152, CVE-2026-26153, CVE-2026-26155, CVE-2026-26156,
CVE-2026-26159, CVE-2026-26160, CVE-2026-26161, CVE-2026-26162,
CVE-2026-26163, CVE-2026-26167, CVE-2026-26168, CVE-2026-26169,
CVE-2026-26170, CVE-2026-26172, CVE-2026-26173, CVE-2026-26174,
CVE-2026-26175, CVE-2026-26176, CVE-2026-26177, CVE-2026-26178,
CVE-2026-26180, CVE-2026-26182, CVE-2026-26184, CVE-2026-27906,
CVE-2026-27908, CVE-2026-27909, CVE-2026-27910, CVE-2026-27911,
CVE-2026-27914, CVE-2026-27915, CVE-2026-27916, CVE-2026-27917,
CVE-2026-27918, CVE-2026-27919, CVE-2026-27920, CVE-2026-27921,
CVE-2026-27922, CVE-2026-27923, CVE-2026-27924, CVE-2026-27925,
CVE-2026-27926, CVE-2026-27927, CVE-2026-27929, CVE-2026-27930,
CVE-2026-27931, CVE-2026-32068, CVE-2026-32069, CVE-2026-32070,
CVE-2026-32071, CVE-2026-32072, CVE-2026-32073, CVE-2026-32074,
CVE-2026-32075, CVE-2026-32077, CVE-2026-32078, CVE-2026-32079,
CVE-2026-32081, CVE-2026-32082, CVE-2026-32083, CVE-2026-32084,
CVE-2026-32085, CVE-2026-32086, CVE-2026-32087, CVE-2026-32088,
CVE-2026-32089, CVE-2026-32090, CVE-2026-32091, CVE-2026-32093,
CVE-2026-32149, CVE-2026-32150, CVE-2026-32151, CVE-2026-32153,
CVE-2026-32154, CVE-2026-32155, CVE-2026-32156, CVE-2026-32157,
CVE-2026-32158, CVE-2026-32159, CVE-2026-32160, CVE-2026-32162,
CVE-2026-32163, CVE-2026-32164, CVE-2026-32165, CVE-2026-32181,
CVE-2026-32183, CVE-2026-32202, CVE-2026-32212, CVE-2026-32214,
CVE-2026-32215, CVE-2026-32217, CVE-2026-32218, CVE-2026-32225,
CVE-2026-33098, CVE-2026-33099, CVE-2026-33100, CVE-2026-33104,
CVE-2026-33116, CVE-2026-33824, CVE-2026-33827, CVE-2026-33829

The following products are not affected by the vulnerabilities:

  • Hitachi Virtual Storage Platform E590, E790, E990, E1090, E590H, E790H, E1090H
  • Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
  • Hitachi Virtual Storage Platform F350, F370, F700, F900
  • Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
  • Hitachi Virtual Storage Platform F400, F600, F800
  • Hitachi Virtual Storage Platform N400, N600, N800

Action to be taken

Software update.
Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

Revision history

  • May 27, 2026: This security information page is published.
  • Hitachi, Ltd. (hereinafter referred to as "Hitachi") tries to provide accurate information about security countermeasures. However, since information about security problems constantly changes, the contents of these Web pages are subject to change without prior notice. When referencing information, please confirm that you are referencing the latest information.
  • The Web pages include information about products that are developed by non-Hitachi software developers. Vulnerability information about those products is based on the information provided or disclosed by those developers. Although Hitachi is careful about the accuracy and completeness of this information, the contents of the Web pages may change depending on the changes made by the developers.
  • The Web pages are intended to provide vulnerability information only, and Hitachi shall not have any legal responsibility for the information contained in them. Hitachi shall not be liable for any consequences arising out of or in connection with the security countermeasures or other actions that you will take or have taken (or not taken) by yourself.
  • The links to other web sites are valid at the time of the release of the page. Although Hitachi makes an effort to maintain the links, Hitachi cannot guarantee their permanent availability.