Microsoft Patches LSASS Elevation of Privilege Vulnerabilities
Microsoft released security updates for two Local Security Authority Subsystem Service (LSASS) elevation of privilege flaws, tracked as CVE-2022-21884 and CVE-2022-30166. Both advisories identify weaknesses in the Windows component responsible for enforcing security policy and handling authentication, creating a path for attackers to gain higher privileges on affected systems.
The vulnerabilities were published through Microsoft's Security Update Guide and security advisory portal, indicating that organizations running impacted Windows environments should prioritize the relevant patches. Because LSASS operates with highly sensitive privileges, successful exploitation could allow an attacker with existing access to elevate permissions and strengthen control over a compromised host.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisory for CVE-2022-30166
Microsoft released security guidance for CVE-2022-30166, another Local Security Authority Subsystem Service elevation of privilege vulnerability. The update appeared in Microsoft's Security Update Guide.
Microsoft publishes advisory for CVE-2022-21884
Microsoft released security guidance for CVE-2022-21884, a Local Security Authority Subsystem Service elevation of privilege vulnerability. The advisory was published through the Microsoft Security Response Center portal.
Sources
2 references tracked. Mallory keeps watching after this page renders.
CVE-2022-30166 - Security Update Guide - Microsoft - Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2022-21884 - Security Update Guide - Microsoft - Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
portal.msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patches Windows Privilege Escalation Flaws in CLFS Driver and Winlogon
Microsoft published security updates for multiple Windows local privilege escalation vulnerabilities, including **CVE-2024-49138** in the **Windows Common Log File System (CLFS) Driver** and **CVE-2024-30066** in **Winlogon**. Both issues could allow an attacker who already has access to a target system to elevate privileges, increasing the risk of full system compromise and follow-on activity such as credential theft, defense evasion, or lateral movement. The advisories were released through Microsoft's Security Update Guide and identify the affected components as core parts of Windows used for logging and authentication workflows. Organizations running Windows systems should prioritize applying the relevant Microsoft patches, validate remediation across endpoints and servers, and monitor for signs of post-compromise privilege escalation involving `clfs.sys`, Winlogon, or other abnormal attempts to obtain elevated execution on patched and unpatched hosts.
May 25, 2026
Microsoft LSASS Information Disclosure Vulnerability Tracked as CVE-2026-26155
Microsoft disclosed **CVE-2026-26155**, an **information disclosure** flaw in the **Local Security Authority Subsystem Service (LSASS)**, and published guidance through its Security Update Guide. LSASS is a core Windows security component responsible for enforcing security policy and handling authentication-related functions, making flaws in the service significant for enterprise defenders even when they do not enable direct code execution. Microsoft’s advisory links the issue to a previously documented LSASS information disclosure case, **CVE-2023-36428**, indicating a recurring vulnerability pattern affecting the same Windows security subsystem. Organizations should review Microsoft’s update guidance, identify affected Windows assets, and prioritize remediation and monitoring around systems where exposure of sensitive security information from LSASS could increase follow-on attack risk.
Jun 23, 2026
Windows CLFS Elevation-of-Privilege Flaws Patched by Microsoft
Microsoft published security advisories for two **Windows Common Log File System (CLFS) Driver** elevation-of-privilege vulnerabilities, tracked as **`CVE-2022-37969`** and **`CVE-2023-36424`**. Both issues affect the CLFS component in Windows and could allow an attacker to gain higher privileges on a targeted system after successful exploitation. The advisories were released through Microsoft's Security Update Guide and indicate that the flaws were addressed in separate security updates. The repeated appearance of privilege-escalation bugs in the **CLFS driver** highlights a sensitive Windows kernel-area component that defenders should prioritize for patching and monitoring, especially on endpoints where local code execution could be chained into **SYSTEM-level** access.
Jun 23, 2026