Local Privilege Escalation
The latest Local Privilege Escalation coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2026-27922: Microsoft's High-Confidence AFD.sys Vulnerability Demands Immediate Patching
Microsoft's CVE-2026-27922 represents a critical local privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys) that has earned the company's highest...
CVE-2026-27920: Critical Windows UPnP Device Host Vulnerability Requires Immediate Patching
Microsoft's April 14, 2026 security update addresses CVE-2026-27920, a local privilege escalation vulnerability in the Windows UPnP Device Host service. This flaw allows authenticated attackers with...
CVE-2026-27914: Microsoft Patches Critical MMC Local Privilege Escalation Vulnerability
Microsoft has assigned CVE-2026-27914 to a Microsoft Management Console (MMC) elevation-of-privilege vulnerability that requires immediate attention from Windows administrators. The Common...
CVE-2026-27912 Kerberos EoP Vulnerability: Microsoft's Confidence Metric and Enterprise Security Implications
Microsoft's CVE-2026-27912 reveals a critical Kerberos elevation of privilege vulnerability that could allow attackers to gain domain administrator privileges without requiring user interaction. The...
CVE-2026-27909: Windows Search Service Elevation of Privilege Vulnerability Analysis and Patch Guidance
Microsoft's CVE-2026-27909 reveals a critical elevation of privilege vulnerability in the Windows Search Service that requires immediate attention despite its unassuming appearance in security...
CVE-2026-26177: Microsoft's High Confidence AFD.sys Vulnerability Requires Immediate Patching
Microsoft has assigned a 7.8 CVSS score and "High" confidence rating to CVE-2026-26177, an elevation-of-privilege vulnerability in the Ancillary Function Driver for WinSock (AFD.sys) affecting...
CVE-2026-26152: Microsoft's Confidence Signal Reveals Critical Crypto EoP Risk for Windows Systems
Microsoft's security advisory for CVE-2026-26152 reveals more than just another cryptographic services elevation of privilege vulnerability—it introduces a critical new dimension to how defenders...
CVE-2026-32159: Microsoft's High-Confidence Windows Push Notifications Vulnerability Analysis
Microsoft's CVE-2026-32159 advisory for the Windows Push Notifications Elevation of Privilege Vulnerability reveals a critical security flaw with unusual transparency about exploit confidence. The...
CVE-2026-32089 flaw lets attackers hijack Windows Speech API for SYSTEM access
Microsoft has assigned CVE-2026-32089 to a Windows Speech Brokered API elevation-of-privilege vulnerability, marking another critical local privilege escalation flaw in a Windows component that...
CVE-2026-32082: Windows SSDP Service Local Privilege Escalation Vulnerability Analysis
Microsoft's CVE-2026-32082 reveals a critical local privilege escalation vulnerability in the Windows Simple Service Discovery Protocol (SSDP) service that allows attackers to gain SYSTEM-level...
CVE-2026-27929: Windows LUA File Virtualization Driver Vulnerability Exposes Systems to Local Privilege Escalation
Microsoft has disclosed CVE-2026-27929, a critical elevation-of-privilege vulnerability in the Windows LUA File Virtualization Filter Driver. The security advisory indicates a local attacker could...
CVE-2026-27927: Microsoft Patches Critical ProjFS Local Privilege Escalation Vulnerability
Microsoft has quietly patched a critical local privilege escalation vulnerability in Windows Projected File System (ProjFS) tracked as CVE-2026-27927. The vulnerability, which affects multiple...