Microsoft Patches SQL Server Elevation-of-Privilege Vulnerabilities
Microsoft published security advisories for SQL Server elevation-of-privilege vulnerabilities CVE-2026-26116, CVE-2026-26115, and CVE-2026-21262. The guidance directs customers to update their installed SQL Server version, noting that any applicable driver fixes are included in the SQL Server updates.
The advisories provide update paths across multiple supported SQL Server releases via GDR and/or CU packages, instructing administrators to first identify their exact SQL Server build (referencing KB 321185) and then apply the corresponding security update for their version range. Covered update tracks include SQL Server 2025, 2022, 2019, and 2017; Microsoft notes that instances on versions not listed are out of support and should be upgraded to receive current and future security fixes.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Microsoft discloses three SQL Server elevation of privilege vulnerabilities
Microsoft published Security Update Guide entries for CVE-2026-21262, CVE-2026-26115, and CVE-2026-26116, all described as SQL Server Elevation of Privilege vulnerabilities. The references indicate public disclosure of these CVEs on the same date.
Sources
4 references tracked. Mallory keeps watching after this page renders.
CVE Details - SQL Server Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-26115 - Security Update Guide - Microsoft - SQL Server Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-21262 - Security Update Guide - Microsoft - SQL Server Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-21262 - Security Update Guide - Microsoft - SQL Server Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patched Multiple SQL Server Client and Component Flaws
Microsoft disclosed a broad set of vulnerabilities affecting the SQL Server ecosystem, including **remote code execution**, **elevation of privilege**, and **information disclosure** issues across **SQL Server Native Client**, **Microsoft ODBC Driver for SQL Server**, core **Microsoft SQL Server** components, and `Microsoft.SqlServer.XEvent.Configuration.dll`. The largest group of advisories covered SQL Server Native Client RCE flaws, including `CVE-2024-38255`, `CVE-2024-43459`, `CVE-2024-43462`, `CVE-2024-48993`, `CVE-2024-48995`, `CVE-2024-48996`, `CVE-2024-48997`, `CVE-2024-48998`, `CVE-2024-48999`, `CVE-2024-49000`, `CVE-2024-49004`, `CVE-2024-49005`, and `CVE-2024-49007`. Microsoft also listed `CVE-2024-49043` as an RCE flaw in `Microsoft.SqlServer.XEvent.Configuration.dll` and earlier ODBC driver RCE bugs `CVE-2023-36730` and `CVE-2023-36785`. Additional SQL Server issues included Native Scoring RCE vulnerabilities `CVE-2024-26186` and `CVE-2024-37338`, Native Scoring information disclosure flaws `CVE-2024-37342` and `CVE-2024-37966`, SQL Server elevation of privilege bugs `CVE-2024-37965`, `CVE-2024-37341`, `CVE-2024-37980`, and `CVE-2026-26116`, plus a general SQL Server information disclosure issue tracked as `CVE-2024-43474`. The disclosures show Microsoft addressing repeated attack surface in SQL Server connectivity layers and supporting components, underscoring the need for organizations running SQL Server clients, drivers, and related libraries to prioritize vendor updates across both server-side and workstation-deployed software.
May 25, 2026
Microsoft discloses multiple elevation-of-privilege flaws across Windows and developer tools
Microsoft published security advisories for several **elevation-of-privilege** vulnerabilities affecting Windows components and related software, including **Microsoft PC Manager** (`CVE-2025-21322`), **Windows Installer** (`CVE-2025-21331`, `CVE-2025-21373`), **Visual Studio** (`CVE-2025-49739`), **.NET** (`CVE-2025-55247`), **Windows Health and Optimized Experiences** (`CVE-2025-59241`), and **Host Process for Windows Tasks** (`CVE-2025-60710`). Microsoft also lists an earlier **Windows Storage** privilege-escalation issue, `CVE-2023-36399`, in its security guidance portal. The advisories provide limited public detail beyond product names and vulnerability class, but the grouping indicates broad exposure across both endpoint and developer environments where successful exploitation could allow an attacker to gain higher privileges on a target system. Organizations using affected Microsoft software should review the corresponding Security Update Guide entries, prioritize patch validation for Windows and developer-tooling assets, and assess whether privilege-escalation paths could be chained with other flaws or post-compromise activity.
May 25, 2026
Microsoft Patches Multiple Windows Elevation of Privilege Flaws
Microsoft disclosed and patched several Windows elevation of privilege vulnerabilities affecting core platform components, including **Windows App Package Installer**, **Windows Installer**, and **Windows Authentication**. The referenced issues are tracked as `CVE-2025-21275`, `CVE-2025-33075`, `CVE-2025-32714`, and `CVE-2025-55701`, indicating that attackers who already have some level of access could potentially exploit weaknesses in trusted Windows services to gain higher privileges on affected systems. The vulnerabilities span software installation and authentication mechanisms that are widely present in enterprise environments, increasing their relevance for defenders managing Windows fleets. Organizations should prioritize applying Microsoft security updates for affected systems and review exposure across endpoints and servers where installer workflows or Windows authentication components are in use, as elevation of privilege flaws can be chained with other compromises to expand attacker control.
May 25, 2026