Microsoft Fixes Windows Elevation of Privilege Flaws in Event Tracing and Core Messaging
Microsoft disclosed two Windows elevation of privilege vulnerabilities affecting core operating system components: CVE-2025-47985 in Windows Event Tracing and CVE-2025-21358 in Windows Core Messaging. Both issues were published through Microsoft's Security Update Guide and classified as local privilege escalation flaws, indicating that successful exploitation could allow an attacker with existing access to a system to gain higher privileges.
The vulnerabilities affect separate Windows subsystems but share the same security impact: they could be used to move from limited user access to more powerful execution on a compromised host. Microsoft released advisories for both flaws through its official update channels, underscoring the need for defenders to prioritize Windows patching and review systems where privilege escalation could enable broader compromise, persistence, or lateral movement.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisory for CVE-2025-47985
Microsoft released a Security Update Guide entry for CVE-2025-47985, a Windows Event Tracing Elevation of Privilege vulnerability.
Microsoft publishes advisory for CVE-2025-21358
Microsoft released a Security Update Guide entry for CVE-2025-21358, a Windows Core Messaging Elevation of Privileges vulnerability.
Sources
2 references tracked. Mallory keeps watching after this page renders.
CVE-2025-47985 - Security Update Guide - Microsoft - Windows Event Tracing Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-21358 - Security Update Guide - Microsoft - Windows Core Messaging Elevation of Privileges Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patches Multiple Windows Elevation-of-Privilege Flaws Across Core Services
Microsoft published security updates for a series of Windows elevation-of-privilege vulnerabilities affecting components including **Core Messaging**, **CSC Service**, **Cryptographic Services**, **Win32k**, and the **COM+ Event System Service**. The referenced flaws include `CVE-2025-21378`, `CVE-2025-21184`, `CVE-2025-21414`, `CVE-2025-26634`, `CVE-2025-49727`, `CVE-2025-58725`, and `CVE-2025-62458`, indicating a broad set of local privilege-escalation issues across core Windows subsystems. Among them, Microsoft provided additional detail for `CVE-2026-40377`, an **Important** vulnerability in Microsoft Cryptographic Services caused by a heap-based buffer overflow. Microsoft said a locally authorized attacker with low privileges could exploit the flaw to gain **SYSTEM** privileges without user interaction; the issue received a **CVSS 3.1 score of 7.8**, was assessed as **less likely** to be exploited, and was **not publicly disclosed or exploited** at the time of publication. Microsoft said a fix was available and credited **Bruce Dang of Calif.io** for reporting the bug.
May 25, 2026
Microsoft discloses multiple Windows elevation-of-privilege flaws across kernel and core components
Microsoft published security advisories for a series of **Windows elevation-of-privilege** vulnerabilities affecting the **Windows Kernel**, **File Explorer**, **Windows Management Service**, **Windows UI XAML Phone DatePickerFlyout**, **Windows Graphics Component**, **Windows Storage**, and the **DirectX Graphics Kernel**. The referenced flaws include `CVE-2026-26132`, `CVE-2025-62565`, `CVE-2025-54103`, `CVE-2025-54111`, `CVE-2025-55693`, `CVE-2024-38249`, `CVE-2025-62573`, `CVE-2024-38248`, and `CVE-2025-55678`. The disclosures indicate a broad patching effort spanning core operating system subsystems and user-facing Windows components, with repeated exposure in privileged areas such as the kernel and graphics stack. For defenders, the concentration of elevation-of-privilege issues across these components raises the risk that attackers could chain local access or code execution with privilege escalation to gain **SYSTEM-level** or otherwise expanded rights on affected Windows systems, making prompt validation and deployment of Microsoft updates a priority.
May 25, 2026
Microsoft discloses multiple elevation-of-privilege flaws across Windows and developer tools
Microsoft published security advisories for several **elevation-of-privilege** vulnerabilities affecting Windows components and related software, including **Microsoft PC Manager** (`CVE-2025-21322`), **Windows Installer** (`CVE-2025-21331`, `CVE-2025-21373`), **Visual Studio** (`CVE-2025-49739`), **.NET** (`CVE-2025-55247`), **Windows Health and Optimized Experiences** (`CVE-2025-59241`), and **Host Process for Windows Tasks** (`CVE-2025-60710`). Microsoft also lists an earlier **Windows Storage** privilege-escalation issue, `CVE-2023-36399`, in its security guidance portal. The advisories provide limited public detail beyond product names and vulnerability class, but the grouping indicates broad exposure across both endpoint and developer environments where successful exploitation could allow an attacker to gain higher privileges on a target system. Organizations using affected Microsoft software should review the corresponding Security Update Guide entries, prioritize patch validation for Windows and developer-tooling assets, and assess whether privilege-escalation paths could be chained with other flaws or post-compromise activity.
May 25, 2026