Microsoft LSASS Information Disclosure Vulnerability Tracked as CVE-2026-26155
Microsoft disclosed CVE-2026-26155, an information disclosure flaw in the Local Security Authority Subsystem Service (LSASS), and published guidance through its Security Update Guide. LSASS is a core Windows security component responsible for enforcing security policy and handling authentication-related functions, making flaws in the service significant for enterprise defenders even when they do not enable direct code execution.
Microsoft’s advisory links the issue to a previously documented LSASS information disclosure case, CVE-2023-36428, indicating a recurring vulnerability pattern affecting the same Windows security subsystem. Organizations should review Microsoft’s update guidance, identify affected Windows assets, and prioritize remediation and monitoring around systems where exposure of sensitive security information from LSASS could increase follow-on attack risk.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisory for CVE-2026-26155
Microsoft published a Security Update Guide advisory for CVE-2026-26155, another Local Security Authority Subsystem Service information disclosure vulnerability.
Microsoft publishes advisory for CVE-2023-36428
Microsoft published a Security Update Guide advisory for CVE-2023-36428, a Local Security Authority Subsystem Service information disclosure vulnerability.
Sources
2 references tracked. Mallory keeps watching after this page renders.
CVE-2026-26155 - Security Update Guide - Microsoft - Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36428 - Security Update Guide - Microsoft - Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
portal.msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patches LSASS Elevation of Privilege Vulnerabilities
Microsoft released security updates for two **Local Security Authority Subsystem Service (LSASS)** elevation of privilege flaws, tracked as **`CVE-2022-21884`** and **`CVE-2022-30166`**. Both advisories identify weaknesses in the Windows component responsible for enforcing security policy and handling authentication, creating a path for attackers to gain higher privileges on affected systems. The vulnerabilities were published through Microsoft's Security Update Guide and security advisory portal, indicating that organizations running impacted Windows environments should prioritize the relevant patches. Because **LSASS** operates with highly sensitive privileges, successful exploitation could allow an attacker with existing access to elevate permissions and strengthen control over a compromised host.
Jun 23, 2026
Microsoft Discloses Multiple Windows Information Disclosure Vulnerabilities
Microsoft published security advisories for several Windows **information disclosure** flaws affecting core services and components, including the **Windows CSC Service** (`CVE-2025-21374`), **WLAN AutoConfig Service** (`CVE-2025-21257`), **Storage Management Provider** (`CVE-2025-33055`, `CVE-2025-33062`, `CVE-2025-55325`), and **Cryptographic Services** (`CVE-2025-58720`). The advisories indicate that sensitive information could be exposed through weaknesses in widely deployed Windows functionality spanning storage, networking, and cryptographic operations. The disclosures also align with Microsoft's earlier reporting on a similar **Windows iSCSI Target Service Information Disclosure Vulnerability** tracked as `CVE-2023-24945`, underscoring a recurring class of exposure issues across Windows services. While the referenced entries provide limited public technical detail, the breadth of affected components suggests defenders should prioritize Microsoft security updates and review systems that rely on these services for potential exposure to unintended data leakage.
May 25, 2026
Microsoft Patches Multiple Windows CLFS Driver Privilege Escalation Flaws
Microsoft disclosed and patched multiple **elevation-of-privilege vulnerabilities** in the **Windows Common Log File System (CLFS) Driver**, including `CVE-2026-40407`, `CVE-2025-62470`, and `CVE-2025-32713`. The most detailed advisory, for `CVE-2026-40407`, describes a **heap-based buffer overflow** (`CWE-122`) that allows a locally authenticated low-privilege attacker to escalate to **SYSTEM** without user interaction. Microsoft rated `CVE-2026-40407` as **Important** with a **CVSS 3.1 score of 7.8**, citing **high** impact to confidentiality, integrity, and availability. The company said the flaw had **not** been publicly disclosed and was **not** being exploited in the wild at the time of publication, assessed exploitation as unlikely, and released an official security update to remediate the issue; the related CLFS advisories indicate a continuing pattern of privilege-escalation risk in this Windows component.
May 25, 2026