Microsoft Discloses Windows Elevation of Privilege Vulnerabilities
Microsoft published security advisories for two Elevation of Privilege flaws affecting Windows components: CVE-2026-23660 in Windows Admin Center in Azure Portal and CVE-2025-62472 in Windows Remote Access Connection Manager. Both entries were released through Microsoft's Security Update Guide, identifying separate privilege-escalation issues in enterprise-relevant Windows management and connectivity functionality.
The disclosures indicate that attackers who successfully exploit the vulnerabilities could gain higher privileges on affected systems, increasing the risk of broader compromise after initial access. Organizations using Windows administrative tooling in Azure environments and systems relying on Remote Access Connection Manager should review Microsoft's advisories, determine exposure to the affected components, and prioritize applicable security updates and mitigation steps.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisory for CVE-2026-23660
Microsoft published CVE-2026-23660 in its Security Update Guide, describing an elevation of privilege vulnerability affecting Windows Admin Center in Azure Portal.
Microsoft publishes advisory for CVE-2025-62472
Microsoft added CVE-2025-62472 to its Security Update Guide, identifying an elevation of privilege vulnerability in Windows Remote Access Connection Manager.
Sources
2 references tracked. Mallory keeps watching after this page renders.
CVE-2026-23660 - Security Update Guide - Microsoft - Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-62472 - Security Update Guide - Microsoft - Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft discloses multiple elevation-of-privilege flaws across Windows and developer tools
Microsoft published security advisories for several **elevation-of-privilege** vulnerabilities affecting Windows components and related software, including **Microsoft PC Manager** (`CVE-2025-21322`), **Windows Installer** (`CVE-2025-21331`, `CVE-2025-21373`), **Visual Studio** (`CVE-2025-49739`), **.NET** (`CVE-2025-55247`), **Windows Health and Optimized Experiences** (`CVE-2025-59241`), and **Host Process for Windows Tasks** (`CVE-2025-60710`). Microsoft also lists an earlier **Windows Storage** privilege-escalation issue, `CVE-2023-36399`, in its security guidance portal. The advisories provide limited public detail beyond product names and vulnerability class, but the grouping indicates broad exposure across both endpoint and developer environments where successful exploitation could allow an attacker to gain higher privileges on a target system. Organizations using affected Microsoft software should review the corresponding Security Update Guide entries, prioritize patch validation for Windows and developer-tooling assets, and assess whether privilege-escalation paths could be chained with other flaws or post-compromise activity.
May 25, 2026
Microsoft Discloses Elevation of Privilege Flaws in MMC, Partner Center, and Microsoft 365 Copilot
Microsoft published security advisories for three **elevation of privilege** vulnerabilities affecting **Microsoft Management Console**, **Microsoft Partner Center**, and **Microsoft 365 Copilot**. The issues are tracked as `CVE-2026-27914`, `CVE-2026-24303`, and `CVE-2026-33102`, respectively, and were added to the Microsoft Security Update Guide as separate product-specific flaws. The disclosures indicate that both on-premises administrative tooling and cloud-connected Microsoft services are affected by privilege-escalation weaknesses. While Microsoft did not provide public synopses in the referenced advisories, the listings identify the impacted products and classify each issue as an elevation of privilege vulnerability, signaling potential risk to administrators, partners, and enterprise users relying on those platforms.
Apr 23, 2026
Microsoft Discloses Windows File Explorer and NTFS Elevation of Privilege Flaws
Microsoft published security advisories for two Windows **elevation of privilege** vulnerabilities affecting core operating system components: **Windows File Explorer** (`CVE-2025-62565`) and **Windows NTFS** (`CVE-2025-55335`). The flaws were listed in the Microsoft Security Update Guide as separate issues impacting widely deployed Windows functionality tied to file browsing and the NTFS file system. The advisories provide limited public technical detail, but both issues could allow an attacker with existing access to a vulnerable system to gain higher privileges. Because the affected components are integral to Windows operations, organizations should review Microsoft’s update guidance for the relevant CVEs, prioritize patch deployment across supported Windows assets, and monitor for follow-on research or exploit activity that could increase operational risk.
Jun 23, 2026