You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
untrusted search path
About this tag
The untrusted search path tag covers security vulnerabilities in Microsoft products where an application loads a resource from an unsecured location, allowing an attacker to execute arbitrary code or escalate privileges. Recent discussions include CVE-2026-25190, a high-severity code-execution flaw in Windows GDI rooted in an untrusted search path (CWE-426) that requires local access and vendor updates for mitigation. Another thread covers CVE-2025-60718, an elevation-of-privilege vulnerability in Windows Administrator Protection caused by an untrusted search path, enabling authenticated local attackers to gain administrator rights. A third thread examines CVE-2025-27743, a privilege escalation flaw in Microsoft System Center arising from an untrusted search path, affecting enterprise management environments. These threads emphasize applying vendor patches and reviewing local account exposure.
Microsoft’s March 2026 patch batch includes a newly catalogued Windows Graphics Device Interface (GDI) vulnerability tracked as CVE‑2026‑25190, a high‑severity code‑execution issue that Microsoft and third‑party trackers describe as a GDI “Remote Code Execution” class problem—yet the technical...
Microsoft has published a security advisory for CVE-2025-60718, a high-severity elevation-of-privilege (EoP) vulnerability in the new Windows Administrator Protection elevation model that can let an authenticated local attacker gain administrator-equivalent rights through an untrusted search...
Introduction
In today’s cybersecurity landscape, even the most robust enterprise management frameworks can unexpectedly expose latent vulnerabilities. One such issue is CVE-2025-27743, a privilege escalation flaw affecting Microsoft System Center. This vulnerability arises from an untrusted...