Skip to main content

Microsoft CVE-2026-32165

| EUVDEUVD-2026-22557 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft GHSA-p8vg-rv38-2jxx
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:20 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22557
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.8

DescriptionCVE.org

Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows User Interface Core across Windows 10, 11, and Server 2019-2025 allows low-privileged authenticated attackers to achieve SYSTEM-level access via use-after-free memory corruption. The vulnerability requires high attack complexity and local access but enables container escape (scope change) with full confidentiality, integrity, and availability impact. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the use-after-free primitive is a well-understood exploitation technique.

Technical ContextAI

This vulnerability stems from a use-after-free condition (CWE-416) in the Windows User Interface Core component, a fundamental subsystem responsible for managing graphical user interface elements and window messaging across all Windows versions. Use-after-free vulnerabilities occur when memory is accessed after being deallocated, creating a window where an attacker can manipulate memory layout to redirect program execution. The affected component spans Windows 10 version 1809 through Windows 11 26H1 and Windows Server 2019-2025, indicating the vulnerable code has persisted across multiple Windows generations. The CVSS scope change (S:C) suggests the vulnerability enables escaping security boundaries, potentially breaking out of sandboxed processes or containers to impact resources beyond the vulnerable component's authorization scope. Microsoft reported this vulnerability, suggesting internal discovery rather than external researcher disclosure.

RemediationAI

Apply Microsoft security updates immediately through Windows Update or WSUS to patch the Windows User Interface Core vulnerability. Specific fix versions: Windows 10 1809 update to build 10.0.17763.8644 or later, Windows 10 21H2 to 10.0.19044.7184, Windows 10 22H2 to 10.0.19045.7184, Windows 11 22H3/23H2 to 10.0.22631.6936, Windows 11 24H2 to 10.0.26100.32690, Windows 11 25H2 to 10.0.26200.8246, Windows 11 26H1 to 10.0.28000.1836, Windows Server 2019 to 10.0.17763.8644, Windows Server 2022 to 10.0.20348.5020, Windows Server 2022 23H2 to 10.0.25398.2274, and Windows Server 2025 to 10.0.26100.32690. No workarounds are documented in the Microsoft advisory. Organizations unable to immediately patch should enforce strict user privilege separation, monitor for unusual process elevation activity, and restrict local logon access to trusted accounts. Review Microsoft Security Response Center guidance at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32165 for deployment considerations.

Share

CVE-2026-32165 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy