Local Privilege Escalation
The latest Local Privilege Escalation coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2026-27918: Windows Shell Elevation of Privilege Vulnerability Demands Immediate Patching
Microsoft has published CVE-2026-27918 as a Windows Shell Elevation of Privilege vulnerability with a critical confidence rating that demands immediate attention from all Windows administrators. The...
CVE-2026-26165 Windows Shell EoP Vulnerability: Microsoft's High Confidence Rating Demands Immediate Action
Microsoft has assigned CVE-2026-26165 a "High" confidence rating in its Security Update Guide, signaling a Windows Shell elevation of privilege vulnerability that requires immediate attention from...
CVE-2026-27919: Microsoft Patches Critical UPnP Device Host Local Privilege Escalation Vulnerability
Microsoft has disclosed CVE-2026-27919, a local elevation-of-privilege vulnerability in the Windows UPnP Device Host service that could allow attackers to gain SYSTEM-level access on affected...
CVE-2026-26161: Microsoft's Fast Patch Response for Windows Sensor Data Service Vulnerability
Microsoft's CVE-2026-26161 advisory for the Windows Sensor Data Service reveals more than just another local privilege escalation vulnerability—it demonstrates a significant shift in Microsoft's...
CVE-2026-27917: Analyzing Microsoft's WFP NDIS Driver Vulnerability and Security Advisory Confidence
Microsoft has disclosed CVE-2026-27917, a Windows WFP NDIS Lightweight Filter Driver elevation-of-privilege vulnerability affecting the wfplwfs.sys driver. The security advisory includes a confidence...
CVE-2026-27907: Windows Storage Spaces Controller Vulnerability Requires Immediate Patching
Microsoft has disclosed CVE-2026-27907, a critical Windows Storage Spaces Controller elevation of privilege vulnerability that could allow attackers to gain SYSTEM-level access on affected systems....
CVE-2026-26167: The Windows Push Notifications Flaw You Need to Patch Before Attackers Do
Microsoft has released a security update addressing CVE-2026-26167, a local privilege escalation vulnerability in the Windows Push Notifications service. The fix landed with a characteristically...
Microsoft’s April 2026 Patches Block OLE Attack That Gives Hackers System Control — Update Now
Microsoft on April 14, 2026 released a security update fixing a high-severity flaw in Windows OLE that could let a low-privileged attacker seize complete system control. The vulnerability, tracked as...
CVE-2026-26148: Critical Azure AD SSH Login Linux Extension Flaw Gives Local Attackers Root Access
Microsoft's March security updates revealed a critical elevation-of-privilege vulnerability in the Azure AD SSH Login extension for Linux virtual machines. CVE-2026-26148, rated 7.8 on the CVSS...
Microsoft Office integer overflow bug CVE-2026-26134 grants SYSTEM access in March 2026 Patch Tuesday
Microsoft's March 10, 2026 Patch Tuesday security update introduced CVE-2026-26134, a critical local privilege escalation vulnerability affecting Microsoft Office applications. The vulnerability,...
CVE-2026-25187: Critical Winlogon Privilege Escalation Vulnerability Exposes Windows Systems
Microsoft has assigned CVE-2026-25187 to a newly discovered local privilege escalation vulnerability in Winlogon, the Windows component responsible for handling secure desktop sessions and user...
CVE-2026-25179: Critical Windows AFD.sys Local Privilege Escalation Vulnerability Patched
Microsoft has patched a critical local privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys) tracked as CVE-2026-25179. This kernel-level flaw allows...