cve-2026-42912

CVE-2026-42912 is a Microsoft-disclosed elevation-of-privilege vulnerability in the Windows Telephony Service, addressed in the June 2026 security update. The flaw involves improper synchronization around a shared resource, allowing an authorized local attacker to gain higher privileges on affected Windows client and server systems. Microsoft's advisory assigns a confirmed-confidence posture, meaning the vulnerability's existence and technical outline are settled. For administrators, the focus is on applying the update rather than the legacy telephony feature itself. Discussions on WindowsForum cover the advisory details, affected systems, and mitigation steps for enterprise IT environments.