Windows Privilege Escalation
The latest Windows Privilege Escalation coverage — news, analysis, and updates from the WindowsNews.AI desk.
Google Patches Chrome for Windows After Chromoting Bug Grants Attackers Local Admin Rights
Google shipped an emergency fix for Chrome on Windows on June 30, 2026, closing a local privilege escalation flaw in Chromoting that could hand an attacker full control of a PC. The patch, delivered...
Microsoft Patches Critical CTFMON Bug CVE-2026-45586 in June Update
Microsoft disclosed CVE-2026-45586 on June 9, 2026, a critical elevation-of-privilege vulnerability in the Windows Collaborative Translation Framework (CTFMON). The security flaw allows attackers...
CVE-2026-42902 PowerToys: Patch Now for SYSTEM-Level Exploit Risk
Microsoft dropped CVE-2026-42902 into the June 2026 Patch Tuesday cycle on June 9, 2026, flagging an elevation-of-privilege vulnerability in Microsoft PowerToys. The advisory moves a utility adored...
YellowKey & GreenPlasma: New BitLocker Bypass and Privilege Escalation Exploits Exposed
Security researchers have publicly disclosed two new offensive tools—YellowKey and GreenPlasma—that together dismantle the last line of defense for millions of Windows devices. YellowKey is a...
Install May 2026 Patch Tuesday Now: Fix Critical AFD.sys Zero-Day EoP
Microsoft’s May 12, 2026 security bulletin pulled back the curtain on CVE-2026-35416, an elevation-of-privilege vulnerability lodged deep inside the Windows Ancillary Function Driver (AFD.sys). The...
CVE-2026-21661 DLL hijack in CEM AC2000 v10.6–12.0 raises privilege to SYSTEM on Windows.
CISA republished a security advisory on May 5, 2026, amplifying a warning from Johnson Controls about a high-severity DLL hijacking vulnerability in its CEM AC2000 access control system. Tracked as...
CVE-2026-27916: Windows UPnP Device Host Use-After-Free Vulnerability Exposes Privilege Escalation Risk
Microsoft's April 2026 Patch Tuesday security update addresses a critical local privilege escalation vulnerability in the Windows UPnP Device Host service. CVE-2026-27916, rated as an...
CVE-2026-32219: Windows BFS Double Free Vulnerability Enables Privilege Escalation
Microsoft has patched a critical privilege escalation vulnerability in Windows that allows authenticated low-privilege attackers to gain SYSTEM-level access. CVE-2026-32219, a double free flaw in the...
CVE-2026-32165: Microsoft's Confidence Signals Windows UI Privilege Escalation Vulnerability
Microsoft's CVE-2026-32165 advisory reveals a Windows User Interface Core privilege escalation vulnerability that has security researchers paying closer attention to Microsoft's confidence metrics...
CVE-2026-32087: Windows Function Discovery Vulnerability Exposes Local Privilege Escalation Risk
Microsoft's CVE-2026-32087 reveals a high-confidence local privilege escalation vulnerability in the Windows Function Discovery Service, specifically within the fdwsd.dll component. This security...