Microsoft disclosed multiple Windows, IIS, and .NET elevation of privilege flaws
Microsoft published security advisories for several elevation of privilege vulnerabilities affecting core enterprise technologies, including Win32k (CVE-2023-36732, CVE-2023-24902), Windows IIS Server (CVE-2023-36434), and .NET (CVE-2026-26131). The issues span both operating system and application server components, indicating potential paths for attackers to gain higher privileges after initial access on Windows-based environments.
The advisories were released through Microsoft's Security Update Guide and portal, signaling that organizations running affected Windows desktops, servers, web infrastructure, or .NET workloads should review product exposure and apply the relevant security updates. For defenders, the concentration of privilege-escalation bugs across Win32k, IIS, and .NET underscores the need to prioritize patching on systems where local access, web server compromise, or application-layer abuse could be leveraged to obtain elevated permissions.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisory for CVE-2026-26131
Microsoft published a Security Update Guide entry for CVE-2026-26131, a .NET Elevation of Privilege vulnerability.
Microsoft publishes advisory for CVE-2023-36731
Microsoft published a Security Update Guide entry for CVE-2023-36731, a Win32k Elevation of Privilege vulnerability.
Microsoft publishes advisory for CVE-2023-36434
Microsoft published a Security Update Guide entry for CVE-2023-36434, a Windows IIS Server Elevation of Privilege vulnerability.
Microsoft publishes advisory for CVE-2023-36732
Microsoft published a Security Update Guide entry for CVE-2023-36732, a Win32k Elevation of Privilege vulnerability.
Microsoft publishes advisory for CVE-2023-24902
Microsoft published a Security Update Guide entry for CVE-2023-24902, a Win32k Elevation of Privilege vulnerability.
Sources
6 references tracked. Mallory keeps watching after this page renders.
CVE-2026-26131 - Security Update Guide - Microsoft - .NET Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36732 - Security Update Guide - Microsoft - Win32k Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36434 - Security Update Guide - Microsoft - Windows IIS Server Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36731 - Security Update Guide - Microsoft - Win32k Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36434 - Security Update Guide - Microsoft - Windows IIS Server Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-24902 - Security Update Guide - Microsoft - Win32k Elevation of Privilege Vulnerability
portal.msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft discloses multiple elevation-of-privilege flaws across Windows and developer tools
Microsoft published security advisories for several **elevation-of-privilege** vulnerabilities affecting Windows components and related software, including **Microsoft PC Manager** (`CVE-2025-21322`), **Windows Installer** (`CVE-2025-21331`, `CVE-2025-21373`), **Visual Studio** (`CVE-2025-49739`), **.NET** (`CVE-2025-55247`), **Windows Health and Optimized Experiences** (`CVE-2025-59241`), and **Host Process for Windows Tasks** (`CVE-2025-60710`). Microsoft also lists an earlier **Windows Storage** privilege-escalation issue, `CVE-2023-36399`, in its security guidance portal. The advisories provide limited public detail beyond product names and vulnerability class, but the grouping indicates broad exposure across both endpoint and developer environments where successful exploitation could allow an attacker to gain higher privileges on a target system. Organizations using affected Microsoft software should review the corresponding Security Update Guide entries, prioritize patch validation for Windows and developer-tooling assets, and assess whether privilege-escalation paths could be chained with other flaws or post-compromise activity.
May 25, 2026
Microsoft Win32k Elevation of Privilege Vulnerabilities Disclosed
Microsoft published security advisories for two **Win32k Elevation of Privilege** flaws, tracked as `CVE-2023-36011` and `CVE-2024-43636`, in its Security Update Guide. Both issues affect the Windows **Win32k** subsystem, a core component involved in graphical and kernel-level operations, and successful exploitation could allow an attacker to gain elevated privileges on a targeted system. The advisories indicate that Microsoft addressed the vulnerabilities through security updates and added them to its official guidance portal for customer remediation. Organizations running affected Windows systems should review the relevant Microsoft advisories, verify patch deployment, and prioritize remediation because privilege-escalation flaws in **Win32k** are commonly valuable for post-compromise activity and local escalation chains.
May 25, 2026
Microsoft Patches Multiple Windows Elevation of Privilege Flaws
Microsoft disclosed and patched several Windows elevation of privilege vulnerabilities affecting core platform components, including **Windows App Package Installer**, **Windows Installer**, and **Windows Authentication**. The referenced issues are tracked as `CVE-2025-21275`, `CVE-2025-33075`, `CVE-2025-32714`, and `CVE-2025-55701`, indicating that attackers who already have some level of access could potentially exploit weaknesses in trusted Windows services to gain higher privileges on affected systems. The vulnerabilities span software installation and authentication mechanisms that are widely present in enterprise environments, increasing their relevance for defenders managing Windows fleets. Organizations should prioritize applying Microsoft security updates for affected systems and review exposure across endpoints and servers where installer workflows or Windows authentication components are in use, as elevation of privilege flaws can be chained with other compromises to expand attacker control.
May 25, 2026