privilege escalation

CVE-2026-42991 is a Microsoft-confirmed Windows Push Notifications elevation-of-privilege vulnerability disclosed on June 9, 2026, affecting supported Windows client and server releases and allowing a local authenticated attacker to gain higher privileges through a race-condition-style flaw. The...

Microsoft disclosed CVE-2026-42979 on June 9, 2026, as a high-severity Windows Push Notifications elevation-of-privilege vulnerability affecting Windows 10, Windows 11, Windows Server 2019, Windows Server 2022, and Windows Server 2025. The flaw is described as a local, authenticated attack...

Microsoft disclosed CVE-2026-42977 on June 9, 2026, as a high-severity Windows Push Notifications elevation-of-privilege vulnerability affecting supported Windows 10, Windows 11, and Windows Server releases, with Microsoft’s advisory describing a local race-condition flaw that requires an...

Microsoft disclosed CVE-2026-42978 on June 9, 2026, as an Important-rated Windows Push Notifications elevation-of-privilege vulnerability affecting supported Windows 10, Windows 11, and Windows Server releases, with patches available through the June security updates. The flaw is not a...

Microsoft published CVE-2026-42986 on June 9, 2026, as a high-severity Microsoft Graphics Component elevation-of-privilege vulnerability affecting supported Windows client and server releases, describing it as a local use-after-free flaw that requires an authorized attacker to already have low...

Microsoft published CVE-2026-42911 on June 9, 2026, as an Important-rated elevation-of-privilege flaw in the Windows Ancillary Function Driver for WinSock, affecting supported Windows client and server releases and carrying a CVSS 3.1 base score of 7.0. The dry label hides the real point: this...

Microsoft disclosed CVE-2026-42904 on June 9, 2026, as an Important Windows TCP/IP elevation-of-privilege vulnerability caused by a heap-based buffer overflow that can let an unauthenticated attacker with adjacent-network access gain SYSTEM privileges on affected Windows clients and servers. The...

Microsoft disclosed CVE-2026-42836 on June 9, 2026, as an Important Windows Function Discovery Service elevation-of-privilege flaw in fdwsd.dll that can let a low-privileged, authorized local attacker win a race condition and gain SYSTEM privileges across supported Windows client and server...

Microsoft disclosed CVE-2026-42910 on June 9, 2026, as a Windows Hotpatch Monitoring Service elevation-of-privilege vulnerability in the Security Update Guide, directing administrators to treat the flaw as a patched Windows security issue rather than a speculative advisory. The interesting part...

Microsoft disclosed CVE-2026-47293 on June 9, 2026, as a high-severity Microsoft Office Click-to-Run elevation-of-privilege vulnerability affecting Office 2019, caused by a use-after-free flaw that can let an authorized local attacker gain elevated privileges. The important part is not that...

Microsoft’s June 9, 2026 security update lists CVE-2026-45653 as an Important Windows Kernel elevation-of-privilege vulnerability, one of several kernel-class fixes in a record-sized Patch Tuesday release affecting Windows client and server systems. The important word is not merely kernel; it is...

Microsoft disclosed CVE-2026-45601 on June 9, 2026, as an Important Windows Ancillary Function Driver for WinSock elevation-of-privilege flaw that can let a locally authenticated attacker gain SYSTEM privileges after winning a race condition in affected Windows client and server releases. The...

Microsoft disclosed CVE-2026-45593 on June 9, 2026, as a Windows SDK elevation-of-privilege vulnerability in its Security Update Guide, placing a developer-facing component into the same Patch Tuesday risk conversation usually dominated by Windows kernel, browser, and server flaws. The important...

Microsoft has published CVE-2026-45592 as a Windows Internet (wininet.dll) elevation-of-privilege vulnerability in the Security Update Guide on June 9, 2026, signaling that supported Windows systems should receive the applicable June security update even though public technical detail remains...

Microsoft has disclosed CVE-2026-42828, an elevation-of-privilege vulnerability in the Windows Projected File System, as part of its June 2026 security guidance for Windows systems, with the practical risk centered on local attackers who already have some access and are trying to turn that...

On June 9, 2026, Microsoft disclosed CVE-2026-40371, an Important-rated elevation-of-privilege vulnerability in Microsoft Dynamics 365 on-premises, as part of its June Patch Tuesday security release for Windows, server, cloud, developer, and business-application products. The bug is not the...

Microsoft disclosed CVE-2026-48583 on June 9, 2026, as a Windows Kernel elevation-of-privilege vulnerability rated Important with a 7.8 CVSS score, allowing an authorized local attacker to raise privileges through a use-after-free flaw in the kernel. That is the plain-English risk: this is not a...

Microsoft published CVE-2026-47648, a Windows Storage elevation-of-privilege vulnerability, in its Security Update Guide on June 9, 2026, identifying the issue as a Windows flaw that can allow privilege escalation while assigning high confidence to the existence of the vulnerability and its...

Microsoft disclosed CVE-2026-45605 on June 9, 2026, as an Important-rated Windows Bluetooth Service elevation-of-privilege vulnerability caused by a use-after-free flaw and patched it across supported Windows client and server releases through the June security update cycle. The interesting part...

Microsoft disclosed CVE-2026-45487 on June 9, 2026, as a Windows Program Compatibility Assistant Service elevation-of-privilege vulnerability, a local Windows flaw whose public advisory emphasizes confidence in the bug’s existence while withholding the kind of root-cause detail defenders and...