Microsoft Fixes Multiple Windows Elevation of Privilege Flaws
Microsoft published security updates for several Windows elevation of privilege vulnerabilities affecting core components, including Windows Storage Spaces Controller, Windows SMB Client, and Windows Speech Runtime. The issues were tracked as CVE-2026-27907, CVE-2025-32718, and CVE-2025-58715, respectively, and all could allow attackers to gain higher privileges on affected systems after initial access.
Among the disclosed flaws, Microsoft provided the most detail for CVE-2026-27907, describing it as an integer underflow issue (CWE-191) in Windows Storage Spaces Controller that could let a locally authenticated low-privileged attacker elevate privileges to SYSTEM without user interaction. Microsoft rated that vulnerability Important with a CVSS 3.1 score of 7.8, said it was not publicly disclosed or exploited at publication, assessed exploitation as less likely, and released an official fix as part of its security guidance.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Microsoft discloses and patches CVE-2026-27907
Microsoft disclosed CVE-2026-27907, an Important Windows Storage Spaces Controller elevation of privilege flaw caused by an integer underflow that could let a locally authenticated low-privilege attacker gain SYSTEM privileges without user interaction. Microsoft said the vulnerability was neither publicly disclosed nor exploited at publication and that a fix was available.
Microsoft releases fix for CVE-2025-58715 in Windows Speech Runtime
Microsoft published a Security Update Guide entry for CVE-2025-58715, an elevation of privilege vulnerability affecting Windows Speech Runtime, indicating the issue was formally disclosed through its update guidance.
Microsoft releases fix for CVE-2025-32718 in Windows SMB Client
Microsoft published a Security Update Guide entry for CVE-2025-32718, an elevation of privilege vulnerability affecting the Windows SMB Client, indicating an official security update was available.
Sources
3 references tracked. Mallory keeps watching after this page renders.
CVE-2026-27907 - Security Update Guide - Microsoft - Windows Storage Spaces Controller Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-58715 - Security Update Guide - Microsoft - Windows Speech Runtime Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-32718 - Security Update Guide - Microsoft - Windows SMB Client Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patches Multiple Windows Use-After-Free Privilege Escalation Flaws
Microsoft released fixes for several **Windows elevation-of-privilege vulnerabilities** affecting **Win32k**, **Windows Telephony Service**, **Desktop Window Manager**, and the **Windows Cloud Files Mini Filter Driver**. The disclosed flaws include `CVE-2026-34347`, `CVE-2026-42825`, `CVE-2026-27923`, and `CVE-2026-35418`, and are all tied to **use-after-free** conditions, with some cases also involving race conditions such as time-of-check time-of-use behavior. Microsoft said successful exploitation could let a locally authenticated attacker with low privileges gain **SYSTEM** access without user interaction. The vulnerabilities were rated **Important** with **CVSS 3.1 scores ranging from 7.0 to 7.8**, and Microsoft assessed exploitation as **less likely or unlikely** because several attacks require winning a race condition. At the time of disclosure, Microsoft reported **no public disclosure and no evidence of active exploitation** for the documented 2026 flaws, and stated that official security updates were available. Additional Microsoft advisories also reference related Windows and Microsoft Brokering File System elevation-of-privilege issues, including `CVE-2026-24285`, `CVE-2025-32712`, `CVE-2025-21372`, `CVE-2025-21315`, and `CVE-2025-59189`, though public technical details for those entries were limited.
May 25, 2026
Microsoft Patches Multiple Windows Elevation-of-Privilege Flaws Across Core Services
Microsoft published security updates for a series of Windows elevation-of-privilege vulnerabilities affecting components including **Core Messaging**, **CSC Service**, **Cryptographic Services**, **Win32k**, and the **COM+ Event System Service**. The referenced flaws include `CVE-2025-21378`, `CVE-2025-21184`, `CVE-2025-21414`, `CVE-2025-26634`, `CVE-2025-49727`, `CVE-2025-58725`, and `CVE-2025-62458`, indicating a broad set of local privilege-escalation issues across core Windows subsystems. Among them, Microsoft provided additional detail for `CVE-2026-40377`, an **Important** vulnerability in Microsoft Cryptographic Services caused by a heap-based buffer overflow. Microsoft said a locally authorized attacker with low privileges could exploit the flaw to gain **SYSTEM** privileges without user interaction; the issue received a **CVSS 3.1 score of 7.8**, was assessed as **less likely** to be exploited, and was **not publicly disclosed or exploited** at the time of publication. Microsoft said a fix was available and credited **Bruce Dang of Calif.io** for reporting the bug.
May 25, 2026
Microsoft Fixes Windows Shell, UI Core, and File Explorer Privilege Escalation Flaws
Microsoft published security updates for multiple Windows elevation-of-privilege vulnerabilities affecting **Windows Shell**, **Windows User Interface Core**, and **Windows File Explorer**, including `CVE-2026-27918`, `CVE-2026-27911`, `CVE-2025-64661`, and `CVE-2025-64658`. The issues could allow attackers to gain higher privileges on a vulnerable system after obtaining local access, extending a pattern of privilege-escalation risk across core Windows components. Microsoft provided the most detail for **`CVE-2026-27911`**, which it rated **Important** with a **CVSS 3.1 score of 7.8**. The flaw stems from a **race condition** and **use-after-free** weakness in Windows User Interface Core and can be exploited by a low-privileged local attacker without user interaction. Successful exploitation could let an attacker escape a contained environment such as an **AppContainer**, raising privileges from **Low Integrity Level** to **Medium Integrity Level**. Microsoft said exploitation requires winning a race condition, assessed exploitation as unlikely at publication, and reported that the vulnerability had neither been publicly disclosed nor exploited before fixes were released.
May 25, 2026