Local Privilege Escalation
The latest Local Privilege Escalation coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2026-32073: Critical AFD.sys Use-After-Free Vulnerability Enables Windows Privilege Escalation
Microsoft's CVE-2026-32073 represents a critical security vulnerability in the Windows Ancillary Function Driver (AFD.sys) that allows local attackers to escalate privileges on affected systems. This...
CVE-2026-32076: Microsoft Storage Spaces Local Privilege Escalation Vulnerability Analysis
Microsoft's CVE-2026-32076 reveals a critical local privilege escalation vulnerability in the Windows Storage Spaces component, with the company's confidence assessment providing the most telling...
CVE-2026-32163: Microsoft's High-Confidence Windows UI Core Vulnerability Demands Immediate Patching
Microsoft has issued a critical security advisory for CVE-2026-32163, a local privilege escalation vulnerability in Windows UI Core that carries the company's highest confidence rating. The...
CVE-2026-32155: Microsoft's DWM Privilege Escalation Vulnerability Demands Immediate Patching
Microsoft's CVE-2026-32155 security advisory reveals a critical elevation of privilege vulnerability in the Desktop Window Manager (DWM) component, affecting multiple Windows versions despite sparse...
CVE-2026-32153: Critical Windows Speech Runtime Privilege Escalation Vulnerability Demands Immediate Patching
Microsoft has disclosed CVE-2026-32153, a Windows Speech Runtime Elevation of Privilege Vulnerability that allows attackers to gain SYSTEM-level privileges on affected systems. This critical security...
CVE-2026-32091: Microsoft Patches Critical Windows Brokering File System LPE Vulnerability
Microsoft has disclosed a new Windows vulnerability designated CVE-2026-32091, classified as a Microsoft Brokering File System Elevation of Privilege Vulnerability. The security flaw represents a...
CVE-2026-32086: Critical Windows fdwsd.dll Race Condition Vulnerability Requires Immediate Patching
Microsoft has confirmed a critical local privilege escalation vulnerability in Windows systems tracked as CVE-2026-32086. The flaw resides in the fdwsd.dll component and involves a race condition...
CVE-2026-32080: Critical Windows WalletService Use-After-Free Vulnerability Requires Immediate Patching
Microsoft has confirmed CVE-2026-32080 as a critical elevation-of-privilege vulnerability in Windows WalletService, requiring immediate attention from security teams. The use-after-free flaw allows...
CVE-2026-32078: Critical Windows ProjFS Vulnerability Requires Immediate Patching
Microsoft has disclosed CVE-2026-32078, a critical elevation of privilege vulnerability in the Windows Projected File System (ProjFS) that allows attackers to gain SYSTEM-level access on affected...
CVE-2026-32077: Microsoft's Exploitability Index Flags Critical Windows UPnP Device Host Vulnerability
Microsoft has assigned an Exploitability Index rating to CVE-2026-32077, signaling high confidence that this Windows UPnP Device Host vulnerability represents a genuine local privilege escalation...
CVE-2026-32069 ProjFS Local Privilege Escalation: Microsoft's Guidance and Windows Security Implications
Microsoft has issued guidance for CVE-2026-32069, a Windows Projected File System elevation-of-privilege vulnerability that follows a concerning pattern in Windows security updates. The vulnerability...
Windows SSDP race condition CVE-2026-32068 gives attackers SYSTEM-level access.
Microsoft has assigned CVE-2026-32068 to a newly discovered race condition vulnerability in the Windows Simple Search and Discovery Protocol (SSDP) service, marking another instance where this...