cve-2026-35417

CVE-2026-35417 is a Windows Win32k elevation-of-privilege vulnerability disclosed by Microsoft on May 12, 2026. Rated Important, it stems from a type confusion issue in the Win32K ICOMP component, affecting supported Windows client and server releases. A local low-privileged attacker can exploit this bug to gain SYSTEM privileges. While not a remote worm or disclosed zero-day, this vulnerability is significant because it can be used post-compromise to escalate privileges. Discussions on WindowsForum.com emphasize the urgency of applying the May 12 patch, as such bugs often matter most after an attacker has already gained a foothold. Users are advised to prioritize this update despite the lower public profile.