Microsoft Patches Windows Elevation-of-Privilege Flaws in SMB Server and Projected File System
Microsoft published Security Update Guide advisories for multiple Windows elevation-of-privilege (EoP) vulnerabilities, including two affecting Windows SMB Server (CVE-2026-24294 and CVE-2026-26128) and one affecting Windows Projected File System (ProjFS) (CVE-2026-24290). The SMB Server issues are associated with CWE-287 (Improper Authentication), while the ProjFS issue is associated with CWE-284 (Improper Access Control); all are rated Important with Microsoft-provided CVSS v3.1 vectors indicating local exploitation conditions (e.g., AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Across the advisories, Microsoft’s scoring indicates an attacker would need existing local access and low privileges (PR:L) to exploit the flaws, with potential for high impact to confidentiality, integrity, and availability (C:H/I:H/A:H) if successfully leveraged for privilege escalation. One entry for CVE-2026-24294 appears twice (a duplicate URL variant), but it describes the same SMB Server EoP vulnerability and does not add distinct technical details beyond the core advisory metadata (severity, weakness class, and CVSS vector).
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisory for CVE-2026-26128
Microsoft added CVE-2026-26128 to its Security Update Guide as a Windows SMB Server Elevation of Privilege vulnerability. The advisory publication date in the reference is 2026-03-10.
Microsoft publishes advisory for CVE-2026-24294
Microsoft published CVE-2026-24294 in its Security Update Guide as a Windows SMB Server Elevation of Privilege vulnerability. Duplicate references point to the same advisory publication on 2026-03-10.
Microsoft publishes advisory for CVE-2026-24290
Microsoft added CVE-2026-24290 to its Security Update Guide as a Windows Projected File System Elevation of Privilege vulnerability. The reference indicates the advisory was published on 2026-03-10.
Sources
4 references tracked. Mallory keeps watching after this page renders.
CVE-2026-24294 - Security Update Guide - Microsoft - Windows SMB Server Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-24290 - Security Update Guide - Microsoft - Windows Projected File System Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-26128 - Security Update Guide - Microsoft - Windows SMB Server Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-24294 - Security Update Guide - Microsoft - Windows SMB Server Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patches Multiple Windows Elevation-of-Privilege Flaws in Networking Components
Microsoft disclosed and patched several Windows elevation-of-privilege vulnerabilities affecting networking-related components, including **Windows Remote Access Connection Manager**, **Windows SMB Server**, and **Network Connection Status Indicator (NCSI)**. The issues tracked as `CVE-2025-62474`, `CVE-2025-62472`, `CVE-2025-47955`, `CVE-2025-59201`, and `CVE-2025-58726` could allow attackers with limited access to gain higher privileges on targeted systems, extending a pattern of privilege-escalation risk previously seen in the same Remote Access Connection Manager component with `CVE-2022-21914`. Among the disclosed flaws, Microsoft provided additional detail for **`CVE-2025-58726`**, describing an **Important** improper access control issue in **Windows SMB Server** that can let an authorized low-privilege attacker elevate to **SYSTEM** over the network by coercing a victim machine to authenticate to an attacker-controlled SMB server using a specially crafted script. Microsoft assigned the bug **CWE-284** and a **CVSS v3.1 score of 7.5**, said exploitation required specific conditions involving an unused or nonexistent Service Principal Name on the target, and stated that the vulnerability was neither publicly disclosed nor exploited in the wild at publication and that a security fix was available.
May 25, 2026
Microsoft Patches Multiple Windows Use-After-Free Privilege Escalation Flaws
Microsoft released fixes for several **Windows elevation-of-privilege vulnerabilities** affecting **Win32k**, **Windows Telephony Service**, **Desktop Window Manager**, and the **Windows Cloud Files Mini Filter Driver**. The disclosed flaws include `CVE-2026-34347`, `CVE-2026-42825`, `CVE-2026-27923`, and `CVE-2026-35418`, and are all tied to **use-after-free** conditions, with some cases also involving race conditions such as time-of-check time-of-use behavior. Microsoft said successful exploitation could let a locally authenticated attacker with low privileges gain **SYSTEM** access without user interaction. The vulnerabilities were rated **Important** with **CVSS 3.1 scores ranging from 7.0 to 7.8**, and Microsoft assessed exploitation as **less likely or unlikely** because several attacks require winning a race condition. At the time of disclosure, Microsoft reported **no public disclosure and no evidence of active exploitation** for the documented 2026 flaws, and stated that official security updates were available. Additional Microsoft advisories also reference related Windows and Microsoft Brokering File System elevation-of-privilege issues, including `CVE-2026-24285`, `CVE-2025-32712`, `CVE-2025-21372`, `CVE-2025-21315`, and `CVE-2025-59189`, though public technical details for those entries were limited.
May 25, 2026
Microsoft discloses multiple elevation-of-privilege flaws across Windows and developer tools
Microsoft published security advisories for several **elevation-of-privilege** vulnerabilities affecting Windows components and related software, including **Microsoft PC Manager** (`CVE-2025-21322`), **Windows Installer** (`CVE-2025-21331`, `CVE-2025-21373`), **Visual Studio** (`CVE-2025-49739`), **.NET** (`CVE-2025-55247`), **Windows Health and Optimized Experiences** (`CVE-2025-59241`), and **Host Process for Windows Tasks** (`CVE-2025-60710`). Microsoft also lists an earlier **Windows Storage** privilege-escalation issue, `CVE-2023-36399`, in its security guidance portal. The advisories provide limited public detail beyond product names and vulnerability class, but the grouping indicates broad exposure across both endpoint and developer environments where successful exploitation could allow an attacker to gain higher privileges on a target system. Organizations using affected Microsoft software should review the corresponding Security Update Guide entries, prioritize patch validation for Windows and developer-tooling assets, and assess whether privilege-escalation paths could be chained with other flaws or post-compromise activity.
May 25, 2026