cve-2026-42979

CVE-2026-42979 is a high-severity Windows Push Notifications elevation-of-privilege vulnerability disclosed by Microsoft on June 9, 2026. It involves a race condition that allows a local, authenticated attacker with low privileges to elevate privileges. The flaw affects Windows 10, Windows 11, Windows Server 2019, Windows Server 2022, and Windows Server 2025. Microsoft's advisory provides enough detail for defenders to prioritize patching but does not fully disclose the exploit mechanics. This gap between confirmed existence and limited technical disclosure is the key operational takeaway for IT administrators and security teams managing Windows environments.