You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
local privilege escalation
About this tag
Local privilege escalation (LPE) is a recurring security theme on WindowsForum.com, where discussions center on vulnerabilities that allow an authenticated local attacker to gain SYSTEM or higher privileges. Recent threads cover multiple June 2026 Patch Tuesday fixes, including CVE-2026-50656 in Windows Defender, CVE-2026-42984 in the Windows Kernel, CVE-2026-42912 in the Telephony Service, CVE-2026-42837 in the ProjFS filter driver, CVE-2026-50512 and CVE-2026-50511 in Microsoft PC Manager, CVE-2026-48565 in Windows Narrator Braille, and CVE-2026-45637 in the DWM Core Library. These threads emphasize that local privilege escalation bugs, while less dramatic than remote exploits, are critical for turning a foothold into full system compromise. Administrators are urged to treat LPE patches urgently, as they often affect core Windows components and trusted utilities.
Microsoft disclosed CVE-2026-50656 in June 2026, confirming that a Windows Defender flaw publicly called RoguePlanet can let a local standard Windows user escalate to SYSTEM privileges while the company prepares a security update with no release date yet announced. The immediate story is a...
Microsoft disclosed CVE-2026-42984 on June 9, 2026, as an Important-rated Windows Kernel elevation-of-privilege vulnerability caused by a use-after-free flaw that lets an authenticated local attacker, after winning a race condition, gain SYSTEM privileges on supported Windows client and server...
Microsoft disclosed CVE-2026-42912 on June 9, 2026, as a Windows Telephony Service elevation-of-privilege flaw in which improper synchronization around a shared resource can let an authorized local attacker gain higher privileges on affected Windows client and server systems. The dry language...
Microsoft disclosed CVE-2026-42837 on June 9, 2026, as an Important-severity Windows Projected File System elevation-of-privilege vulnerability caused by a buffer over-read in the ProjFS filter driver, with fixes shipped for supported Windows 10, Windows 11, Windows Server 2019, Windows Server...
Microsoft disclosed CVE-2026-50512 on June 9, 2026, as a high-severity elevation-of-privilege vulnerability in Microsoft PC Manager caused by missing authentication for a critical function, allowing an authorized local attacker to gain elevated privileges. The bug is not a remote worm, not a...
Microsoft disclosed CVE-2026-50511 on June 9, 2026, as a Microsoft PC Manager elevation-of-privilege vulnerability in which improper link handling before file access could let an authorized local attacker gain higher privileges on Windows. The terse advisory is easy to underestimate because it...
Microsoft published CVE-2026-48565 on June 9, 2026, identifying an Important-rated Windows Narrator Braille elevation-of-privilege vulnerability caused by an untrusted search path that can let a local authenticated attacker gain SYSTEM privileges. The patch path is not a normal cumulative...
CVE-2026-45637 is an Important-rated Microsoft DWM Core Library elevation-of-privilege vulnerability patched in Microsoft’s June 9, 2026 Patch Tuesday release, affecting Windows systems through the Desktop Window Manager component and carrying a reported CVSS base score of 7.8. It is not the...
Microsoft has identified CVE-2026-45603 as a Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability, published through the MSRC Security Update Guide on June 9, 2026, affecting Windows systems where a local authorized attacker could potentially move from ordinary...
Microsoft disclosed CVE-2026-45638 on June 9, 2026, as a Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability affecting Windows systems, with the practical risk that an attacker who already has local authorized access could potentially gain higher privileges. That...
Microsoft disclosed CVE-2026-45600 on June 9, 2026, as an Important-rated Windows Kernel-Mode Driver elevation-of-privilege vulnerability in its June Patch Tuesday release, affecting Windows systems through a local privilege-escalation path rather than a remote, unauthenticated network attack...
Microsoft disclosed CVE-2026-45596 on June 9, 2026, as a Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability, putting another kernel-adjacent networking component into the monthly patch spotlight for Windows clients and servers. The important part is not that this...
Microsoft’s June 9, 2026 security update identifies CVE-2026-45597 as a Windows UI Automation Manager elevation-of-privilege vulnerability in uiamanager.dll, a local Windows component tied to accessibility and cross-process interface automation. The immediate story is not a remote worm or a...
Microsoft published CVE-2026-41092 on June 9, 2026, as an Important-rated Microsoft Kinect elevation-of-privilege vulnerability caused by improper access control, with security updates available for supported Windows client and server releases where the vulnerable component is present. The...
Microsoft disclosed CVE-2026-34335, a Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability, in its Security Update Guide as a locally exploitable Windows flaw affecting the kernel networking path, with the advisory framed around confirmed vulnerability confidence...
CVE-2026-41054 is a local privilege-escalation flaw in the Linux haveged entropy daemon, disclosed and fixed in haveged 1.9.21 on May 19–20, 2026, in which a failed root-only command-socket permission check still allowed unprivileged users to reach privileged daemon commands. The bug is not a...
On May 17, 2026, a researcher using the handles Chaotic Eclipse and Nightmare-Eclipse released MiniPlasma, a public Windows proof-of-concept exploit that reportedly grants SYSTEM privileges on fully patched Windows 11 machines by abusing a Cloud Filter driver flaw Microsoft had associated with...
CVE-2026-43494 is a newly published Linux kernel vulnerability, disclosed through NVD on May 21, 2026, in the Reliable Datagram Sockets networking code, where a failed zero-copy page-pin operation can leave stale accounting state and trigger a later double free. The bug is narrow in the way only...
Microsoft’s May 12, 2026 Windows 11 security update KB5089549 is now under scrutiny after a public proof-of-concept called MiniPlasma claimed to revive CVE-2020-17103, a Windows Cloud Files Mini Filter Driver privilege-escalation flaw first addressed in December 2020. The uncomfortable part is...
Microsoft disclosed CVE-2026-34341 on May 12, 2026, as an Important Windows Link-Layer Discovery Protocol elevation-of-privilege flaw in which a low-privileged local attacker could exploit a double-free condition, win a race condition, and gain SYSTEM privileges on affected Windows clients and...