Windows Kernel Elevation of Privilege Vulnerability (CVE-2026-26132)
Microsoft published details for CVE-2026-26132, an Important severity Windows Kernel elevation of privilege vulnerability caused by CWE-416 (use-after-free). The issue is scored CVSS 3.1: 7.8 with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating exploitation requires local access and low complexity, with low privileges required and no user interaction, and could result in high impact to confidentiality, integrity, and availability.
Microsoft’s Security Update Guide entry provides standard machine-consumable references (e.g., PowerShell, API, and CSAF links) for tracking and patch management. No additional exploitation details, in-the-wild exploitation confirmation, or public proof-of-concept information is included in the provided material beyond the vulnerability classification and scoring.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisory for CVE-2026-26132 Windows Kernel EoP flaw
Microsoft published CVE-2026-26132 in its Security Update Guide as a Windows Kernel Elevation of Privilege vulnerability. Two references point to the same Microsoft advisory and represent a single disclosure event.
Microsoft publishes advisory for CVE-2026-25187 Winlogon EoP flaw
Microsoft added CVE-2026-25187 to its Security Update Guide as a Winlogon Elevation of Privilege vulnerability. The reference indicates public disclosure on Microsoft's March 10, 2026 update cycle.
Sources
3 references tracked. Mallory keeps watching after this page renders.
CVE-2026-26132 - Security Update Guide - Microsoft - Windows Kernel Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-26132 - Security Update Guide - Microsoft - Windows Kernel Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-25187 - Security Update Guide - Microsoft - Winlogon Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Windows Kernel Elevation of Privilege Vulnerability (CVE-2026-24289)
Microsoft published guidance for **CVE-2026-24289**, an **Important** severity **Windows Kernel elevation of privilege** vulnerability caused by **CWE-416 (use-after-free)**. Microsoft scored the issue with **CVSS 3.1: 7.8** (vector `AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`), indicating exploitation requires **local** access with **low** attack complexity and **low privileges**, and could result in high impact to confidentiality, integrity, and availability if successfully exploited. The Security Update Guide entry provides standard Microsoft consumption options (e.g., *PowerShell*, API, CSAF) for tracking and integrating the advisory into vulnerability management workflows. The two provided references are effectively duplicate MSRC pages for the same CVE (one localized under `/en-US/`) and do not add distinct technical details beyond the vulnerability classification and scoring.
Mar 21, 2026
Active Exploitation of Windows Kernel Privilege Escalation Vulnerability CVE-2025-62215
Microsoft has disclosed a critical elevation-of-privilege vulnerability in the Windows Kernel, tracked as CVE-2025-62215, which is being actively exploited in the wild. The flaw arises from a race condition and improper memory management, specifically a double-free scenario, allowing local attackers to escalate privileges to SYSTEM level. Exploitation requires an attacker to already have access to the system, but no user interaction is needed, and the attack can be automated. Microsoft has rated the vulnerability as Important, with a CVSS score of 7.0, and notes that all supported Windows 10 editions are affected, including those under Extended Security Updates (ESU). No workaround is available other than applying the official update, and immediate patching is strongly recommended. The vulnerability is classified under CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization) and CWE-415 (Double Free), making it a classic post-compromise privilege escalation vector. Attackers can exploit the timing-sensitive memory corruption path in the kernel to gain elevated access, disable security defenses, and move laterally within networks. The attack surface is particularly concerning in enterprise environments where multiple users share access, as any authenticated user can potentially trigger the exploit. Security experts warn that both targeted threat actors and ransomware operators may leverage this flaw to deepen their foothold after initial access, emphasizing the urgency of deploying the security update across all affected systems.
Mar 21, 2026
Microsoft Win32k Elevation of Privilege Vulnerabilities Disclosed
Microsoft published security advisories for two **Win32k Elevation of Privilege** flaws, tracked as `CVE-2023-36011` and `CVE-2024-43636`, in its Security Update Guide. Both issues affect the Windows **Win32k** subsystem, a core component involved in graphical and kernel-level operations, and successful exploitation could allow an attacker to gain elevated privileges on a targeted system. The advisories indicate that Microsoft addressed the vulnerabilities through security updates and added them to its official guidance portal for customer remediation. Organizations running affected Windows systems should review the relevant Microsoft advisories, verify patch deployment, and prioritize remediation because privilege-escalation flaws in **Win32k** are commonly valuable for post-compromise activity and local escalation chains.
May 25, 2026