Microsoft discloses multiple Windows elevation-of-privilege flaws across kernel and core components
Microsoft published security advisories for a series of Windows elevation-of-privilege vulnerabilities affecting the Windows Kernel, File Explorer, Windows Management Service, Windows UI XAML Phone DatePickerFlyout, Windows Graphics Component, Windows Storage, and the DirectX Graphics Kernel. The referenced flaws include CVE-2026-26132, CVE-2025-62565, CVE-2025-54103, CVE-2025-54111, CVE-2025-55693, CVE-2024-38249, CVE-2025-62573, CVE-2024-38248, and CVE-2025-55678.
The disclosures indicate a broad patching effort spanning core operating system subsystems and user-facing Windows components, with repeated exposure in privileged areas such as the kernel and graphics stack. For defenders, the concentration of elevation-of-privilege issues across these components raises the risk that attackers could chain local access or code execution with privilege escalation to gain SYSTEM-level or otherwise expanded rights on affected Windows systems, making prompt validation and deployment of Microsoft updates a priority.
How this story unfolded
16 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes CVE-2026-26165 Windows Shell EoP advisory
Microsoft published CVE-2026-26165 in its Security Update Guide as a Windows Shell Elevation of Privilege vulnerability. The listing marks Microsoft's public disclosure of the flaw and associated security update information.
Microsoft publishes CVE-2026-27916 UPnP Device Host EoP advisory
Microsoft disclosed CVE-2026-27916 in the Security Update Guide as a Windows Universal Plug and Play (UPnP) Device Host elevation of privilege vulnerability caused by a use-after-free issue. The advisory indicates an official fix is available and that no public exploitation or prior public disclosure was reported at publication.
Microsoft publishes CVE-2026-26132 Windows Kernel EoP advisory
Microsoft published CVE-2026-26132 as a Windows Kernel Elevation of Privilege vulnerability in its Security Update Guide. This is the public advisory date visible in the provided reference.
Microsoft publishes CVE-2025-62573 DirectX Graphics Kernel EoP advisory
Microsoft disclosed CVE-2025-62573 as a DirectX Graphics Kernel Elevation of Privilege vulnerability in the Security Update Guide. The publication marks Microsoft's public documentation of the flaw.
Microsoft publishes CVE-2025-62565 File Explorer EoP advisory
Microsoft published CVE-2025-62565 in the Security Update Guide as a Windows File Explorer Elevation of Privilege vulnerability. The entry indicates formal disclosure of the issue by Microsoft.
Microsoft publishes CVE-2025-58728 Windows Bluetooth Service EoP advisory
Microsoft published CVE-2025-58728 in the Security Update Guide as a Windows Bluetooth Service Elevation of Privilege vulnerability. The listing marks Microsoft's public disclosure of the flaw and associated security update information.
Microsoft publishes CVE-2025-55693 Windows Kernel EoP advisory
Microsoft added CVE-2025-55693 to the Security Update Guide as a Windows Kernel Elevation of Privilege vulnerability. This represents Microsoft's public advisory for the flaw.
Microsoft publishes CVE-2025-55678 DirectX Graphics Kernel EoP advisory
Microsoft published CVE-2025-55678 as a DirectX Graphics Kernel Elevation of Privilege vulnerability. The Security Update Guide entry marks the vulnerability's public release by Microsoft.
Microsoft publishes CVE-2025-59215 Windows Graphics Component EoP advisory
Microsoft published CVE-2025-59215 in its Security Update Guide as a Windows Graphics Component Elevation of Privilege vulnerability. The listing marks Microsoft's public disclosure of the flaw and associated security update information.
Microsoft publishes CVE-2025-54111 UI XAML Phone DatePickerFlyout EoP advisory
Microsoft disclosed CVE-2025-54111 in the Security Update Guide as a Windows UI XAML Phone DatePickerFlyout Elevation of Privilege vulnerability. The listing indicates the issue was formally documented by Microsoft.
Microsoft publishes CVE-2025-54103 Windows Management Service EoP advisory
Microsoft published CVE-2025-54103 as a Windows Management Service Elevation of Privilege vulnerability in the Security Update Guide. The entry reflects public disclosure and associated security update availability.
Microsoft publishes CVE-2025-49726 Windows Notification EoP advisory
Microsoft published CVE-2025-49726 in its Security Update Guide as a Windows Notification Elevation of Privilege vulnerability. The listing marks Microsoft's public disclosure of the flaw and associated security update information.
Microsoft publishes CVE-2025-24983 Win32 Kernel Subsystem EoP advisory
Microsoft disclosed CVE-2025-24983 as a Windows Win32 Kernel Subsystem elevation-of-privilege vulnerability caused by a use-after-free flaw. The advisory states the bug was exploited in the wild, functional exploit code is available, and an official fix was released.
Microsoft publishes CVE-2024-49074 Windows Kernel-Mode Driver EoP advisory
Microsoft published CVE-2024-49074 in its Security Update Guide as a Windows Kernel-Mode Driver Elevation of Privilege vulnerability. The listing marks Microsoft's public disclosure of the flaw and associated security update information.
Microsoft publishes CVE-2024-38249 Windows Graphics Component EoP advisory
Microsoft published CVE-2024-38249 in its Security Update Guide as a Windows Graphics Component Elevation of Privilege vulnerability. This marks public disclosure of the vulnerability through Microsoft's advisory channel.
Microsoft publishes CVE-2024-38248 Windows Storage EoP advisory
Microsoft added CVE-2024-38248 to its Security Update Guide as a Windows Storage Elevation of Privilege vulnerability. The publication indicates a security update or advisory was released for the issue.
Sources
16 references tracked. Mallory keeps watching after this page renders.
CVE-2026-27916 - Security Update Guide - Microsoft - Windows UPnP Device Host Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-26165 - Security Update Guide - Microsoft - Windows Shell Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-26132 - Security Update Guide - Microsoft - Windows Kernel Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-62565 - Security Update Guide - Microsoft - Windows File Explorer Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-24983 - Security Update Guide - Microsoft - Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2024-49074 - Security Update Guide - Microsoft - Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2024-38249 - Security Update Guide - Microsoft - Windows Graphics Component Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2024-38248 - Security Update Guide - Microsoft - Windows Storage Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft discloses multiple elevation-of-privilege flaws across Windows and developer tools
Microsoft published security advisories for several **elevation-of-privilege** vulnerabilities affecting Windows components and related software, including **Microsoft PC Manager** (`CVE-2025-21322`), **Windows Installer** (`CVE-2025-21331`, `CVE-2025-21373`), **Visual Studio** (`CVE-2025-49739`), **.NET** (`CVE-2025-55247`), **Windows Health and Optimized Experiences** (`CVE-2025-59241`), and **Host Process for Windows Tasks** (`CVE-2025-60710`). Microsoft also lists an earlier **Windows Storage** privilege-escalation issue, `CVE-2023-36399`, in its security guidance portal. The advisories provide limited public detail beyond product names and vulnerability class, but the grouping indicates broad exposure across both endpoint and developer environments where successful exploitation could allow an attacker to gain higher privileges on a target system. Organizations using affected Microsoft software should review the corresponding Security Update Guide entries, prioritize patch validation for Windows and developer-tooling assets, and assess whether privilege-escalation paths could be chained with other flaws or post-compromise activity.
May 25, 2026
Microsoft patched multiple Windows elevation-of-privilege flaws in kernel components
Microsoft disclosed and patched several Windows elevation-of-privilege vulnerabilities affecting core operating system components, including **Windows Secure Kernel Mode**, the **Windows kernel**, and **NTFS**. The issues were tracked as `CVE-2024-43646`, `CVE-2025-21325`, `CVE-2025-49678`, and `CVE-2025-59207`, and were published through the Microsoft Security Response Center's Security Update Guide. The vulnerabilities span privileged parts of Windows that, if exploited, could allow an attacker to gain higher permissions on a compromised system. The affected areas include secure kernel functionality, general kernel operations, and the NTFS file system, underscoring continued risk from local privilege-escalation bugs in foundational Windows components and the importance of applying Microsoft security updates promptly.
May 25, 2026
Microsoft Patched Windows Elevation-of-Privilege Flaws in Kernel and Graphics Components
Microsoft disclosed and patched multiple Windows elevation-of-privilege vulnerabilities affecting core system components, including the **Windows Kernel** (`CVE-2023-36403`) and the **Windows Graphics Component** (`CVE-2023-38159`, `CVE-2023-24899`). The flaws could allow an attacker who already has access to a target system to gain higher privileges, increasing the risk of full system compromise and broader post-exploitation activity. The advisories show a recurring pattern of privilege-escalation risk in foundational Windows components that are widely present across enterprise environments. Organizations running affected Windows systems should prioritize applying Microsoft security updates for the listed CVEs and review endpoint detections for signs of local privilege-escalation attempts tied to kernel- or graphics-related processes.
May 25, 2026