Local Privilege Escalation
The latest Local Privilege Escalation coverage — news, analysis, and updates from the WindowsNews.AI desk.
Windows Defender RoguePlanet Flaw Lets Any Local User Become SYSTEM — No Fix Yet
Microsoft has published a security advisory for a critical Windows Defender vulnerability that allows a standard user account to gain SYSTEM-level access on an unpatched machine. The flaw, catalogued...
Microsoft Patch Tuesday Fixes Windows Kernel Zero-Day Use-After-Free EoP Bug
Microsoft’s June 2026 Patch Tuesday landed with a critical fix for CVE-2026-42984, an Important-rated use-after-free vulnerability in the Windows kernel that enables a local attacker to escalate to...
Microsoft’s June 2026 Patch Fixes Windows Telephony Service Privilege Escalation Bug
Microsoft disclosed CVE-2026-42912 on June 9, 2026, as part of its monthly security update cycle. This elevation-of-privilege vulnerability in the Windows Telephony Service stems from a race...
ProjFS bug CVE-2026-42837 lets local attackers escalate to SYSTEM via kernel buffer over-read
Microsoft's June 2026 security update addresses CVE-2026-42837, a local privilege escalation vulnerability in the Windows Projected File System (ProjFS) filter driver. An attacker who successfully...
Microsoft PC Manager Flaw Lets Local Attackers Gain SYSTEM Privileges
Microsoft has confirmed a high-severity security flaw in its PC Manager utility that could allow a local attacker to seize full control of a Windows system. Tracked as CVE-2026-50512, the...
Microsoft Patch Tuesday Fixes CVE-2026-50511 PC Manager Privilege Escalation Flaw
Microsoft disclosed a new elevation-of-privilege vulnerability in its PC Manager utility on June 9, 2026. Tracked as CVE-2026-50511, the flaw stems from improper link handling before file access,...
Windows Narrator Braille DLL flaw lets attackers gain SYSTEM access
Microsoft has published CVE-2026-48565, an Important-rated elevation-of-privilege vulnerability in Windows Narrator’s Braille support. A local, authenticated attacker who successfully exploits this...
June 2026 Patch Tuesday: Fix This DWM Bug That Turns Low-Level Access Into SYSTEM Control
Microsoft’s June 9, 2026 Patch Tuesday rollout plugged CVE-2026-45637, an Important-rated elevation-of-privilege (EoP) vulnerability inside the Desktop Window Manager (DWM) core library. Assigned a...
Critical AFD.sys Flaw Grants SYSTEM Access—Patch CVE-2026-45603 Now
Microsoft has released a security update to address a critical elevation-of-privilege vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys), tracked as CVE-2026-45603. The...
CVE-2026-45638: Windows WinSock AFD Driver Local Privilege Escalation Flaw Patched
Microsoft patched a critical local privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys) on June 9, 2026, as part of its monthly Patch Tuesday updates....
CVE-2026-45600: Microsoft Patches Important Windows Kernel Privilege Escalation Flaw in June 2026 Patch Tuesday
Microsoft’s June 2026 security update, released on the 9th as part of its regular Patch Tuesday cycle, addresses a local privilege escalation vulnerability tracked as CVE-2026-45600. The flaw,...
Patch CVE-2026-45596 now: Windows AFD bug grants SYSTEM access to all users
Microsoft kicked off its June 2026 Patch Tuesday with a critical fix for CVE-2026-45596, a local elevation of privilege vulnerability lurking in the Windows Ancillary Function Driver for WinSock,...