privilege escalation

Microsoft has recorded CVE-2026-20920 as a kernel-level elevation-of-privilege vulnerability in the Windows Win32K component: a use‑after‑free in the ICOMP surface that an authorized local attacker can trigger to escalate privileges to SYSTEM. Evidence in vendor advisories and community trackers...

A newly recorded elevation‑of‑privilege vulnerability, tracked as CVE‑2026‑20864, affects the Windows Connected Devices Platform Service (Cdpsvc) and was included in Microsoft’s January 2026 security rollup; administrators should treat this as a high‑priority local privilege escalation risk and...

Microsoft has recorded a new elevation-of-privilege entry tied to the Windows Cloud Files Mini Filter Driver — CVE-2026-20857 — and enterprise defenders must treat this class of kernel-mode bug as high priority: the Cloud Files mini-filter (cldflt.sys) sits at the privileged user→kernel boundary...

Microsoft’s security tracker now lists CVE-2026-20858 as an Elevation of Privilege (EoP) vulnerability in Windows Management Services, and administrators should treat every host that runs Windows management or administration components as a priority for triage, testing, and patching until the...

Microsoft’s Security Update Guide records a recently assigned identifier, CVE-2026-20844, described as a Windows Clipboard Server Elevation of Privilege vulnerability — an advisory that demands immediate attention from Windows administrators, security operators, and IT teams responsible for...

Microsoft has published an advisory for CVE-2026-20822: a use‑after‑free vulnerability in the Microsoft Graphics Component that can be triggered by an authenticated local user to elevate privileges on affected Windows hosts. Background The Microsoft Graphics Component (commonly referenced as...

A time‑of‑check/time‑of‑use (TOCTOU) race condition in the Windows Installer service has been cataloged as CVE‑2026‑20816 and is being treated as a high‑priority local elevation‑of‑privilege (EoP) vulnerability that can allow an authorized local account to escalate to administrative or SYSTEM...

Microsoft has assigned CVE‑2026‑20814 to a recently disclosed vulnerability in the DirectX Graphics Kernel (dxgkrnl.sys) that Microsoft classifies as an elevation of privilege issue; the vendor’s Security Update Guide lists the entry and maps it to updates administrators must apply to remediate...

Microsoft's security advisory for CVE-2026-20808 confirms a race-condition vulnerability in Windows File Explorer’s printer-related code — the Printer Association Object — that can allow an authorized local user or local malware to escalate privileges on an affected system, and administrators...

Microsoft’s Security Update Guide lists CVE-2026-20810 as a vulnerability in the Windows Ancillary Function Driver for WinSock (afd.sys) where the driver “frees memory not on the heap,” allowing an authorized local attacker to elevate privileges on an affected system—an escalation that can turn...

A newly disclosed elevation‑of‑privilege issue affecting Windows Admin Center (WAC) stems from improper verification and handling of trusted artifacts and allows a local, authorized attacker to escalate privileges on a host running WAC; operators should treat affected management hosts as...

Microsoft’s Partner Center has again been flagged for an improper authorization flaw that can allow an attacker to escalate privileges across a networked environment — an advisory for CVE-2025-65041 was posted to Microsoft’s Security Update Guide, but public technical detail is sparse and the...

Inductive Automation’s Ignition platform is the subject of a fresh, high‑impact advisory that warns an authenticated administrator can upload a malicious project containing Python scripts (Jython) which the Ignition Gateway executes with the Gateway service account privileges — and on Windows...

Microsoft shipped a November patch that it said fixed a privilege‑escalation defect in Windows 11’s new Administrator Protection feature — but independent researchers say the remedy was incomplete, and public records show the exchange between Google’s Project Zero and Microsoft has not produced...

Security researchers have uncovered a two-stage threat targeting the Windows Remote Access Connection Manager (RasMan) that turns a patched but difficult-to-exploit elevation-of-privilege flaw into a practical, abuse-ready local code-execution vector — and a third-party vendor has already issued...

A high‑severity privilege‑escalation flaw in Panoramic Dental Imaging software (tracked as CVE‑2024‑22774) allows a local standard user to gain NT AUTHORITY\SYSTEM privileges through DLL hijacking in an unmanaged SDK component, forcing dental clinics and hospital imaging teams to treat every...

Microsoft’s security index added a new entry today: CVE-2025-64669, an Elevation of Privilege (EoP) vulnerability affecting Windows Admin Center that Microsoft classifies as improper access control and assigns a CVSS v3.1 base score of 7.8 (High). Background / Overview Windows Admin Center (WAC)...

CISA’s decision to add two recently disclosed flaws — a WinRAR path‑traversal bug (CVE-2025-6218) and a Windows Cloud Files mini‑filter use‑after‑free (CVE-2025-62221) — to the Known Exploited Vulnerabilities (KEV) Catalog crystallizes a simple reality for defenders: time-to-fix is shrinking and...

CVE-2025-64679 — Windows DWM Core Library: what we know, why it matters, and what to do now Summary — in one line CVE-2025-64679 is a vendor‑recorded heap‑based buffer‑overflow in the Windows Desktop Window Manager (DWM) core library that can be abused by a local, authorized actor to escalate...

Microsoft’s security index added CVE-2025-64680 on December 9, 2025 — a high‑impact elevation‑of‑privilege flaw in the Windows Desktop Window Manager (DWM) Core Library that vendors and multiple public trackers classify as a heap‑based buffer overflow with a CVSS v3.1 base score of 7.8 (High)...