Microsoft discloses multiple elevation-of-privilege flaws across Windows and developer tools
Microsoft published security advisories for several elevation-of-privilege vulnerabilities affecting Windows components and related software, including Microsoft PC Manager (CVE-2025-21322), Windows Installer (CVE-2025-21331, CVE-2025-21373), Visual Studio (CVE-2025-49739), .NET (CVE-2025-55247), Windows Health and Optimized Experiences (CVE-2025-59241), and Host Process for Windows Tasks (CVE-2025-60710). Microsoft also lists an earlier Windows Storage privilege-escalation issue, CVE-2023-36399, in its security guidance portal.
The advisories provide limited public detail beyond product names and vulnerability class, but the grouping indicates broad exposure across both endpoint and developer environments where successful exploitation could allow an attacker to gain higher privileges on a target system. Organizations using affected Microsoft software should review the corresponding Security Update Guide entries, prioritize patch validation for Windows and developer-tooling assets, and assess whether privilege-escalation paths could be chained with other flaws or post-compromise activity.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisory for CVE-2025-60710 in Host Process for Windows Tasks
Microsoft released a Security Update Guide entry for CVE-2025-60710, an elevation of privilege vulnerability in Host Process for Windows Tasks.
Microsoft publishes advisories for CVE-2025-55247 and CVE-2025-59241
Microsoft released Security Update Guide entries for CVE-2025-55247, affecting .NET, and CVE-2025-59241, affecting Windows Health and Optimized Experiences; both are elevation of privilege vulnerabilities.
Microsoft publishes advisories for CVE-2025-21322 and CVE-2025-21373
Microsoft published Security Update Guide entries for two elevation of privilege vulnerabilities: CVE-2025-21322 in Microsoft PC Manager and CVE-2025-21373 in Windows Installer.
Microsoft publishes advisory for CVE-2025-21331 in Windows Installer
Microsoft released a Security Update Guide entry for CVE-2025-21331, an elevation of privilege vulnerability in Windows Installer.
Microsoft publishes advisory for CVE-2023-36399 in Windows Storage
Microsoft released a Security Update Guide entry for CVE-2023-36399, an elevation of privilege vulnerability affecting Windows Storage.
Sources
11 references tracked. Mallory keeps watching after this page renders.
CVE-2025-60710 - Security Update Guide - Microsoft - Host Process for Windows Tasks Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-60710 - Security Update Guide - Microsoft - Host Process for Windows Tasks Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-55247 - Security Update Guide - Microsoft - .NET Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-59241 - Security Update Guide - Microsoft - Windows Health and Optimized Experiences Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-21322 - Security Update Guide - Microsoft - Microsoft PC Manager Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-21331 - Security Update Guide - Microsoft - Windows Installer Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36399 - Security Update Guide - Microsoft - Windows Storage Elevation of Privilege Vulnerability
portal.msrc.microsoft.com
Open sourceCVE-2025-49739 - Security Update Guide - Microsoft - Visual Studio Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft discloses multiple Windows elevation-of-privilege flaws across kernel and core components
Microsoft published security advisories for a series of **Windows elevation-of-privilege** vulnerabilities affecting the **Windows Kernel**, **File Explorer**, **Windows Management Service**, **Windows UI XAML Phone DatePickerFlyout**, **Windows Graphics Component**, **Windows Storage**, and the **DirectX Graphics Kernel**. The referenced flaws include `CVE-2026-26132`, `CVE-2025-62565`, `CVE-2025-54103`, `CVE-2025-54111`, `CVE-2025-55693`, `CVE-2024-38249`, `CVE-2025-62573`, `CVE-2024-38248`, and `CVE-2025-55678`. The disclosures indicate a broad patching effort spanning core operating system subsystems and user-facing Windows components, with repeated exposure in privileged areas such as the kernel and graphics stack. For defenders, the concentration of elevation-of-privilege issues across these components raises the risk that attackers could chain local access or code execution with privilege escalation to gain **SYSTEM-level** or otherwise expanded rights on affected Windows systems, making prompt validation and deployment of Microsoft updates a priority.
May 25, 2026
Microsoft Patches Multiple Windows Elevation of Privilege Flaws
Microsoft disclosed and patched several Windows elevation of privilege vulnerabilities affecting core platform components, including **Windows App Package Installer**, **Windows Installer**, and **Windows Authentication**. The referenced issues are tracked as `CVE-2025-21275`, `CVE-2025-33075`, `CVE-2025-32714`, and `CVE-2025-55701`, indicating that attackers who already have some level of access could potentially exploit weaknesses in trusted Windows services to gain higher privileges on affected systems. The vulnerabilities span software installation and authentication mechanisms that are widely present in enterprise environments, increasing their relevance for defenders managing Windows fleets. Organizations should prioritize applying Microsoft security updates for affected systems and review exposure across endpoints and servers where installer workflows or Windows authentication components are in use, as elevation of privilege flaws can be chained with other compromises to expand attacker control.
May 25, 2026
Microsoft Discloses Windows Elevation of Privilege Vulnerabilities
Microsoft published security advisories for two **Elevation of Privilege** flaws affecting Windows components: `CVE-2026-23660` in **Windows Admin Center in Azure Portal** and `CVE-2025-62472` in **Windows Remote Access Connection Manager**. Both entries were released through Microsoft's Security Update Guide, identifying separate privilege-escalation issues in enterprise-relevant Windows management and connectivity functionality. The disclosures indicate that attackers who successfully exploit the vulnerabilities could gain higher privileges on affected systems, increasing the risk of broader compromise after initial access. Organizations using Windows administrative tooling in Azure environments and systems relying on Remote Access Connection Manager should review Microsoft's advisories, determine exposure to the affected components, and prioritize applicable security updates and mitigation steps.
May 25, 2026