Microsoft Patched Multiple Windows Elevation of Privilege Flaws Across Core Components
Microsoft published security updates for several Windows elevation of privilege vulnerabilities affecting core components including Win32k (CVE-2024-30082, CVE-2023-36743), Microsoft COM for Windows (CVE-2025-21281), the Microsoft Graphics Component (CVE-2025-49708), and the Windows Search Service (CVE-2026-27909). The advisories indicate that successful exploitation could allow an attacker to gain higher privileges on a targeted Windows system, increasing the risk of broader compromise after initial access.
The affected components span user interface, inter-process communication, graphics, and search functionality, showing continued exposure in widely deployed parts of the Windows platform. Microsoft issued entries for each CVE through its Security Update Guide, including both vulnerability and advisory records for CVE-2025-21281, and organizations should prioritize patching these flaws as part of routine Windows security maintenance because privilege escalation bugs are commonly chained with other exploits to obtain SYSTEM-level or administrative control.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Microsoft discloses CVE-2026-27909 Windows Search Service flaw
Microsoft published a Security Update Guide entry for CVE-2026-27909, identifying it as a Windows Search Service Elevation of Privilege vulnerability.
Microsoft discloses CVE-2025-49708 Graphics Component privilege escalation flaw
Microsoft published a Security Update Guide entry for CVE-2025-49708, identifying it as a Microsoft Graphics Component Elevation of Privilege vulnerability.
Microsoft discloses CVE-2025-21281 COM for Windows privilege escalation flaw
Microsoft published Security Update Guide entries for CVE-2025-21281, describing it as a Microsoft COM for Windows Elevation of Privilege vulnerability. The advisory and vulnerability pages refer to the same disclosure event.
Microsoft discloses CVE-2024-30082 Win32k elevation of privilege flaw
Microsoft published a Security Update Guide entry for CVE-2024-30082, identifying it as a Win32k Elevation of Privilege vulnerability.
Microsoft discloses CVE-2023-36743 Win32k elevation of privilege flaw
Microsoft published a Security Update Guide entry for CVE-2023-36743, identifying it as a Win32k Elevation of Privilege vulnerability.
Sources
6 references tracked. Mallory keeps watching after this page renders.
CVE-2026-27909 - Security Update Guide - Microsoft - Windows Search Service Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-49708 - Security Update Guide - Microsoft - Microsoft Graphics Component Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-21281 - Security Update Guide - Microsoft - Microsoft COM for Windows Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-21281 - Security Update Guide - Microsoft - Microsoft COM for Windows Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2024-30082 - Security Update Guide - Microsoft - Win32k Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36743 - Security Update Guide - Microsoft - Win32k Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patched Windows Elevation-of-Privilege Flaws in Kernel and Graphics Components
Microsoft disclosed and patched multiple Windows elevation-of-privilege vulnerabilities affecting core system components, including the **Windows Kernel** (`CVE-2023-36403`) and the **Windows Graphics Component** (`CVE-2023-38159`, `CVE-2023-24899`). The flaws could allow an attacker who already has access to a target system to gain higher privileges, increasing the risk of full system compromise and broader post-exploitation activity. The advisories show a recurring pattern of privilege-escalation risk in foundational Windows components that are widely present across enterprise environments. Organizations running affected Windows systems should prioritize applying Microsoft security updates for the listed CVEs and review endpoint detections for signs of local privilege-escalation attempts tied to kernel- or graphics-related processes.
May 25, 2026
Microsoft discloses multiple Windows elevation-of-privilege flaws across kernel and core components
Microsoft published security advisories for a series of **Windows elevation-of-privilege** vulnerabilities affecting the **Windows Kernel**, **File Explorer**, **Windows Management Service**, **Windows UI XAML Phone DatePickerFlyout**, **Windows Graphics Component**, **Windows Storage**, and the **DirectX Graphics Kernel**. The referenced flaws include `CVE-2026-26132`, `CVE-2025-62565`, `CVE-2025-54103`, `CVE-2025-54111`, `CVE-2025-55693`, `CVE-2024-38249`, `CVE-2025-62573`, `CVE-2024-38248`, and `CVE-2025-55678`. The disclosures indicate a broad patching effort spanning core operating system subsystems and user-facing Windows components, with repeated exposure in privileged areas such as the kernel and graphics stack. For defenders, the concentration of elevation-of-privilege issues across these components raises the risk that attackers could chain local access or code execution with privilege escalation to gain **SYSTEM-level** or otherwise expanded rights on affected Windows systems, making prompt validation and deployment of Microsoft updates a priority.
May 25, 2026
Microsoft patched multiple Windows elevation-of-privilege flaws in kernel components
Microsoft disclosed and patched several Windows elevation-of-privilege vulnerabilities affecting core operating system components, including **Windows Secure Kernel Mode**, the **Windows kernel**, and **NTFS**. The issues were tracked as `CVE-2024-43646`, `CVE-2025-21325`, `CVE-2025-49678`, and `CVE-2025-59207`, and were published through the Microsoft Security Response Center's Security Update Guide. The vulnerabilities span privileged parts of Windows that, if exploited, could allow an attacker to gain higher permissions on a compromised system. The affected areas include secure kernel functionality, general kernel operations, and the NTFS file system, underscoring continued risk from local privilege-escalation bugs in foundational Windows components and the importance of applying Microsoft security updates promptly.
May 25, 2026