Microsoft Patches Multiple Windows Elevation-of-Privilege Flaws Across Core Services
Microsoft published security updates for a series of Windows elevation-of-privilege vulnerabilities affecting components including Core Messaging, CSC Service, Cryptographic Services, Win32k, and the COM+ Event System Service. The referenced flaws include CVE-2025-21378, CVE-2025-21184, CVE-2025-21414, CVE-2025-26634, CVE-2025-49727, CVE-2025-58725, and CVE-2025-62458, indicating a broad set of local privilege-escalation issues across core Windows subsystems.
Among them, Microsoft provided additional detail for CVE-2026-40377, an Important vulnerability in Microsoft Cryptographic Services caused by a heap-based buffer overflow. Microsoft said a locally authorized attacker with low privileges could exploit the flaw to gain SYSTEM privileges without user interaction; the issue received a CVSS 3.1 score of 7.8, was assessed as less likely to be exploited, and was not publicly disclosed or exploited at the time of publication. Microsoft said a fix was available and credited Bruce Dang of Calif.io for reporting the bug.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Microsoft discloses CVE-2026-40377 in Cryptographic Services
Microsoft disclosed CVE-2026-40377, an Important heap-based buffer overflow in Microsoft Cryptographic Services that could let a locally authorized low-privilege attacker gain SYSTEM privileges without user interaction. Microsoft said a fix was available, exploitation was considered less likely, and there was no evidence of public disclosure or in-the-wild exploitation at release.
Microsoft publishes Win32k EoP advisory for CVE-2025-62458
Microsoft released security guidance for CVE-2025-62458, a Win32k elevation-of-privilege vulnerability. The publication indicates the issue was addressed in Microsoft's December 2025 security updates.
Microsoft publishes CVE-2025-58725 advisory for COM+ Event System Service
Microsoft published security update guidance for CVE-2025-58725, an elevation-of-privilege vulnerability in the Windows COM+ Event System Service. The listing indicates a fix was issued in the October 2025 Patch Tuesday release.
Microsoft publishes Win32k EoP advisory for CVE-2025-49727
Microsoft released security guidance for CVE-2025-49727, a Win32k elevation-of-privilege vulnerability. The advisory's publication indicates the flaw was addressed in Microsoft's July 2025 security updates.
Microsoft publishes fix for CVE-2025-26634 in Windows Core Messaging
Microsoft disclosed CVE-2025-26634, another Windows Core Messaging elevation-of-privilege vulnerability, through its March 2025 Security Update Guide. The publication marks the availability of Microsoft's security update for the flaw.
Microsoft discloses Windows Core Messaging EoP flaws CVE-2025-21184 and CVE-2025-21414
Microsoft published security update guidance for CVE-2025-21184 and CVE-2025-21414, both elevation-of-privilege vulnerabilities affecting Windows Core Messaging. Their publication indicates fixes were made available in the February 2025 Patch Tuesday release.
Microsoft releases fix for CVE-2025-21378 in Windows CSC Service
Microsoft published security guidance for CVE-2025-21378, an elevation-of-privilege vulnerability in the Windows CSC Service. The advisory indicates the issue was addressed as part of Microsoft's January 2025 security updates.
Sources
10 references tracked. Mallory keeps watching after this page renders.
CVE-2026-40377 - Security Update Guide - Microsoft - Microsoft Cryptographic Services Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-62458 - Security Update Guide - Microsoft - Win32k Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-58725 - Security Update Guide - Microsoft - Windows COM+ Event System Service Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-49727 - Security Update Guide - Microsoft - Win32k Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE Details - Windows Core Messaging Elevation of Privileges Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-21414 - Security Update Guide - Microsoft - Windows Core Messaging Elevation of Privileges Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-21378 - Security Update Guide - Microsoft - Windows CSC Service Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-21378 - Security Update Guide - Microsoft - Windows CSC Service Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patched Multiple Windows Elevation of Privilege Flaws Across Core Components
Microsoft published security updates for several **Windows elevation of privilege** vulnerabilities affecting core components including **Win32k** (`CVE-2024-30082`, `CVE-2023-36743`), **Microsoft COM for Windows** (`CVE-2025-21281`), the **Microsoft Graphics Component** (`CVE-2025-49708`), and the **Windows Search Service** (`CVE-2026-27909`). The advisories indicate that successful exploitation could allow an attacker to gain higher privileges on a targeted Windows system, increasing the risk of broader compromise after initial access. The affected components span user interface, inter-process communication, graphics, and search functionality, showing continued exposure in widely deployed parts of the Windows platform. Microsoft issued entries for each CVE through its Security Update Guide, including both vulnerability and advisory records for `CVE-2025-21281`, and organizations should prioritize patching these flaws as part of routine Windows security maintenance because privilege escalation bugs are commonly chained with other exploits to obtain **SYSTEM**-level or administrative control.
May 25, 2026
Microsoft Fixes Windows Elevation of Privilege Flaws in Event Tracing and Core Messaging
Microsoft disclosed two Windows elevation of privilege vulnerabilities affecting core operating system components: **CVE-2025-47985** in **Windows Event Tracing** and **CVE-2025-21358** in **Windows Core Messaging**. Both issues were published through Microsoft's Security Update Guide and classified as local privilege escalation flaws, indicating that successful exploitation could allow an attacker with existing access to a system to gain higher privileges. The vulnerabilities affect separate Windows subsystems but share the same security impact: they could be used to move from limited user access to more powerful execution on a compromised host. Microsoft released advisories for both flaws through its official update channels, underscoring the need for defenders to prioritize Windows patching and review systems where privilege escalation could enable broader compromise, persistence, or lateral movement.
May 25, 2026
Microsoft Patches Multiple Windows Use-After-Free Privilege Escalation Flaws
Microsoft released fixes for several **Windows elevation-of-privilege vulnerabilities** affecting **Win32k**, **Windows Telephony Service**, **Desktop Window Manager**, and the **Windows Cloud Files Mini Filter Driver**. The disclosed flaws include `CVE-2026-34347`, `CVE-2026-42825`, `CVE-2026-27923`, and `CVE-2026-35418`, and are all tied to **use-after-free** conditions, with some cases also involving race conditions such as time-of-check time-of-use behavior. Microsoft said successful exploitation could let a locally authenticated attacker with low privileges gain **SYSTEM** access without user interaction. The vulnerabilities were rated **Important** with **CVSS 3.1 scores ranging from 7.0 to 7.8**, and Microsoft assessed exploitation as **less likely or unlikely** because several attacks require winning a race condition. At the time of disclosure, Microsoft reported **no public disclosure and no evidence of active exploitation** for the documented 2026 flaws, and stated that official security updates were available. Additional Microsoft advisories also reference related Windows and Microsoft Brokering File System elevation-of-privilege issues, including `CVE-2026-24285`, `CVE-2025-32712`, `CVE-2025-21372`, `CVE-2025-21315`, and `CVE-2025-59189`, though public technical details for those entries were limited.
May 25, 2026