Microsoft Patched Multiple Windows Information Disclosure Flaws Across Kernel and Storage Components
Microsoft published security updates for a broad set of information disclosure vulnerabilities affecting Windows components including the Windows Kernel, Secure Kernel Mode, Storage Port Driver, Kerberos, File Explorer, Push Notification, and Storage Spaces features. The referenced advisories identify numerous CVEs, including CVE-2025-21319, CVE-2025-21323, CVE-2025-21242, CVE-2025-32722, CVE-2025-49684, CVE-2025-48808, CVE-2025-48809, CVE-2025-48810, CVE-2025-26636, CVE-2025-55683, CVE-2025-59184, CVE-2025-59209, CVE-2026-32217, and CVE-2026-32218, along with earlier related issues such as CVE-2024-49082 and CVE-2022-21877.
The disclosures show a recurring pattern of sensitive data exposure risks in core Windows subsystems, with repeated findings in kernel and storage-related code paths. While the individual entries provide limited public detail, the breadth of affected components indicates that enterprises should prioritize Microsoft security updates for systems running Windows workloads that rely on low-level kernel, storage, authentication, and user-interface services, as these flaws could allow attackers to obtain information that may aid further compromise.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
11 events from the most recent confirmed update back to the earliest known activity.
Microsoft discloses CVE-2026-32215
Microsoft published a Security Update Guide entry for CVE-2026-32215, a Windows Kernel information disclosure vulnerability caused by insertion of sensitive information into a log file. The advisory said a low-privileged local attacker could disclose kernel memory contents, and Microsoft stated a fix was available with no evidence of public disclosure or in-the-wild exploitation.
Microsoft discloses CVE-2026-32217 and CVE-2026-32218
Microsoft published Security Update Guide entries for CVE-2026-32217 and CVE-2026-32218, both described as Windows Kernel information disclosure vulnerabilities.
Microsoft discloses CVE-2025-59186
Microsoft published a Security Update Guide entry for CVE-2025-59186, a Windows Kernel information disclosure vulnerability. The advisory was released as part of Microsoft's October 2025 security updates.
Microsoft publishes October 2025 information disclosure advisories
Microsoft released Security Update Guide entries for CVE-2025-55683, CVE-2025-59184, and CVE-2025-59209, affecting the Windows Kernel, Storage Spaces Direct, and Windows Push Notification components.
Microsoft publishes July 2025 information disclosure advisories
Microsoft released Security Update Guide entries for CVE-2025-49684, CVE-2025-48809, CVE-2025-26636, CVE-2025-48810, and CVE-2025-48808, covering Windows Storage Port Driver, Secure Kernel Mode, and Windows Kernel information disclosure flaws.
Microsoft discloses CVE-2025-32722
Microsoft published Security Update Guide entry CVE-2025-32722 for a Windows Storage Port Driver information disclosure vulnerability.
Microsoft discloses CVE-2025-21321
Microsoft published a Security Update Guide entry for CVE-2025-21321, a Windows Kernel Memory information disclosure vulnerability. The advisory was released as part of Microsoft's January 2025 security updates.
Microsoft discloses CVE-2025-21316
Microsoft published a Security Update Guide entry for CVE-2025-21316, a Windows Kernel Memory information disclosure vulnerability. The advisory was released as part of Microsoft's January 2025 security updates.
Microsoft publishes January 2025 information disclosure advisories
Microsoft released Security Update Guide entries for CVE-2025-21319, CVE-2025-21323, and CVE-2025-21242, affecting Windows Kernel Memory and Windows Kerberos.
Microsoft discloses CVE-2024-49082
Microsoft published Security Update Guide entry CVE-2024-49082 covering a Windows File Explorer information disclosure vulnerability.
Microsoft publishes advisory for CVE-2022-21877
Microsoft released Security Update Guide entry CVE-2022-21877 for a Storage Spaces Controller information disclosure vulnerability.
Sources
21 references tracked. Mallory keeps watching after this page renders.
CVE-2026-32217 - Security Update Guide - Microsoft - Windows Kernel Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-32215 - Security Update Guide - Microsoft - Windows Kernel Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-32218 - Security Update Guide - Microsoft - Windows Kernel Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-59186 - Security Update Guide - Microsoft - Windows Kernel Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-21242 - Security Update Guide - Microsoft - Windows Kerberos Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-21316 - Security Update Guide - Microsoft - Windows Kernel Memory Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2024-49082 - Security Update Guide - Microsoft - Windows File Explorer Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2022-21877 - Security Update Guide - Microsoft - Storage Spaces Controller Information Disclosure Vulnerability
portal.msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Discloses Multiple Windows Information Disclosure Vulnerabilities
Microsoft published security advisories for several Windows **information disclosure** flaws affecting core services and components, including the **Windows CSC Service** (`CVE-2025-21374`), **WLAN AutoConfig Service** (`CVE-2025-21257`), **Storage Management Provider** (`CVE-2025-33055`, `CVE-2025-33062`, `CVE-2025-55325`), and **Cryptographic Services** (`CVE-2025-58720`). The advisories indicate that sensitive information could be exposed through weaknesses in widely deployed Windows functionality spanning storage, networking, and cryptographic operations. The disclosures also align with Microsoft's earlier reporting on a similar **Windows iSCSI Target Service Information Disclosure Vulnerability** tracked as `CVE-2023-24945`, underscoring a recurring class of exposure issues across Windows services. While the referenced entries provide limited public technical detail, the breadth of affected components suggests defenders should prioritize Microsoft security updates and review systems that rely on these services for potential exposure to unintended data leakage.
May 25, 2026
Microsoft discloses multiple Windows elevation-of-privilege flaws across kernel and core components
Microsoft published security advisories for a series of **Windows elevation-of-privilege** vulnerabilities affecting the **Windows Kernel**, **File Explorer**, **Windows Management Service**, **Windows UI XAML Phone DatePickerFlyout**, **Windows Graphics Component**, **Windows Storage**, and the **DirectX Graphics Kernel**. The referenced flaws include `CVE-2026-26132`, `CVE-2025-62565`, `CVE-2025-54103`, `CVE-2025-54111`, `CVE-2025-55693`, `CVE-2024-38249`, `CVE-2025-62573`, `CVE-2024-38248`, and `CVE-2025-55678`. The disclosures indicate a broad patching effort spanning core operating system subsystems and user-facing Windows components, with repeated exposure in privileged areas such as the kernel and graphics stack. For defenders, the concentration of elevation-of-privilege issues across these components raises the risk that attackers could chain local access or code execution with privilege escalation to gain **SYSTEM-level** or otherwise expanded rights on affected Windows systems, making prompt validation and deployment of Microsoft updates a priority.
May 25, 2026
Microsoft Patched Multiple Windows Information Disclosure Flaws Across Core Components
Microsoft published security advisories for several **Windows information disclosure vulnerabilities** affecting components including the **COM Server**, **DWM Core Library**, **Windows Management Services**, **Windows Imaging Component**, and **DHCP Server Service**. The issues were tracked as `CVE-2026-20806`, `CVE-2025-33052`, `CVE-2025-59204`, `CVE-2025-53799`, `CVE-2025-21272`, and `CVE-2023-36012`, showing a broad spread of disclosure risks across both client and server-side Windows functionality. Among the disclosed flaws, Microsoft provided the most detail for `CVE-2026-20806`, describing it as a **type confusion** bug in the Windows COM Server that could let a local attacker with **low privileges** read sensitive data, including potentially **User Mode Service Memory**, without user interaction. Microsoft rated that issue **Important** with a **CVSS 3.1 score of 5.5**, said exploitation was considered unlikely, reported no public disclosure or observed exploitation at publication, and stated that an official fix was available; the remaining advisories were listed as information disclosure vulnerabilities with limited public technical detail.
May 25, 2026