local privilege escalation

Microsoft’s security telemetry has flagged a new elevation‑of‑privilege concern tied to Microsoft Office’s Click‑to‑Run (C2R) delivery component: CVE‑2026‑20943. The vulnerability is described in vendor advisories as an elevation‑of‑privilege (EoP) weakness in Click‑to‑Run packaging/service...

Microsoft’s Security Update Guide lists CVE-2026-20817 as a Windows Error Reporting vulnerability that can be abused by an authorized local attacker to elevate privileges on a host, and this advisory should be treated as an urgent patch-and-hunt item for any organization that wants to avoid...

Microsoft has recorded CVE-2026-20820 — a heap‑based buffer overflow in the Windows Common Log File System driver (clfs.sys) that Microsoft classifies as an elevation of privilege vulnerability; an authorized local attacker able to run code as a standard user or manipulate CLFS‑read inputs can...

Microsoft’s advisory identifies CVE-2026-20809 as a time-of-check/time-of-use (TOCTOU) race condition in Windows kernel memory that can be abused by an authorized local user to gain SYSTEM privileges — in short, a local elevation-of-privilege (EoP) vulnerability rooted in kernel memory...

Microsoft’s Security Response Center (MSRC) has recorded CVE-2026-20804: an incorrect privilege assignment in Windows Hello that, according to the vendor summary, “allows an unauthorized attacker to perform tampering locally.” This advisory was published by Microsoft and appears in the vendor’s...