Microsoft fixes Windows privilege escalation flaws in Kernel and Remote Desktop Services
Microsoft published security advisories for multiple Windows elevation-of-privilege vulnerabilities, including CVE-2026-40398 in Windows Remote Desktop Services and CVE-2026-35420 and CVE-2026-26180 in the Windows Kernel. The flaws were listed in the Microsoft Security Update Guide as privilege escalation issues affecting core Windows components, expanding the set of local escalation risks defenders need to track across both kernel-level and remote desktop-related attack surfaces.
The advisories provide official Microsoft tracking for the vulnerabilities but do not include public synopsis details in the referenced entries. For security teams, the immediate takeaway is to review Microsoft updates covering Remote Desktop Services and Windows Kernel components, prioritize patch deployment for systems where local access could be leveraged into higher privileges, and validate exposure across managed Windows endpoints and servers.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisory for CVE-2026-40398
Microsoft published CVE-2026-40398 in its Security Update Guide as a Windows Remote Desktop Services Elevation of Privilege vulnerability. Duplicate references point to the same advisory publication on 2026-05-12.
Microsoft publishes advisory for CVE-2026-35420
Microsoft published CVE-2026-35420 in its Security Update Guide, identifying it as a Windows Kernel Elevation of Privilege vulnerability. The entry appeared on 2026-05-12.
Microsoft publishes advisory for CVE-2026-26180
Microsoft added CVE-2026-26180 to its Security Update Guide as a Windows Kernel Elevation of Privilege vulnerability. The advisory was published on 2026-04-14.
Sources
4 references tracked. Mallory keeps watching after this page renders.
CVE-2026-40398 - Security Update Guide - Microsoft - Windows Remote Desktop Services Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-35420 - Security Update Guide - Microsoft - Windows Kernel Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-40398 - Security Update Guide - Microsoft - Windows Remote Desktop Services Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-26180 - Security Update Guide - Microsoft - Windows Kernel Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Discloses Windows Elevation of Privilege Vulnerabilities
Microsoft published security advisories for two **Elevation of Privilege** flaws affecting Windows components: `CVE-2026-23660` in **Windows Admin Center in Azure Portal** and `CVE-2025-62472` in **Windows Remote Access Connection Manager**. Both entries were released through Microsoft's Security Update Guide, identifying separate privilege-escalation issues in enterprise-relevant Windows management and connectivity functionality. The disclosures indicate that attackers who successfully exploit the vulnerabilities could gain higher privileges on affected systems, increasing the risk of broader compromise after initial access. Organizations using Windows administrative tooling in Azure environments and systems relying on Remote Access Connection Manager should review Microsoft's advisories, determine exposure to the affected components, and prioritize applicable security updates and mitigation steps.
May 25, 2026
Microsoft discloses multiple Windows elevation-of-privilege flaws across kernel and core components
Microsoft published security advisories for a series of **Windows elevation-of-privilege** vulnerabilities affecting the **Windows Kernel**, **File Explorer**, **Windows Management Service**, **Windows UI XAML Phone DatePickerFlyout**, **Windows Graphics Component**, **Windows Storage**, and the **DirectX Graphics Kernel**. The referenced flaws include `CVE-2026-26132`, `CVE-2025-62565`, `CVE-2025-54103`, `CVE-2025-54111`, `CVE-2025-55693`, `CVE-2024-38249`, `CVE-2025-62573`, `CVE-2024-38248`, and `CVE-2025-55678`. The disclosures indicate a broad patching effort spanning core operating system subsystems and user-facing Windows components, with repeated exposure in privileged areas such as the kernel and graphics stack. For defenders, the concentration of elevation-of-privilege issues across these components raises the risk that attackers could chain local access or code execution with privilege escalation to gain **SYSTEM-level** or otherwise expanded rights on affected Windows systems, making prompt validation and deployment of Microsoft updates a priority.
May 25, 2026
Microsoft Win32k Elevation of Privilege Vulnerabilities Disclosed
Microsoft published security advisories for two **Win32k Elevation of Privilege** flaws, tracked as `CVE-2023-36011` and `CVE-2024-43636`, in its Security Update Guide. Both issues affect the Windows **Win32k** subsystem, a core component involved in graphical and kernel-level operations, and successful exploitation could allow an attacker to gain elevated privileges on a targeted system. The advisories indicate that Microsoft addressed the vulnerabilities through security updates and added them to its official guidance portal for customer remediation. Organizations running affected Windows systems should review the relevant Microsoft advisories, verify patch deployment, and prioritize remediation because privilege-escalation flaws in **Win32k** are commonly valuable for post-compromise activity and local escalation chains.
May 25, 2026