Skip to main content

Windows Remote Help CVE-2026-55014

| EUVDEUVD-2026-43763 HIGH
Improper Access Control (CWE-284)
2026-07-14 microsoft GHSA-3x6v-8qxw-j8h4
7.8
CVSS 3.1 · Vendor: microsoft
Temporal: 6.8
Share

Severity by source

Vendor (microsoft) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss
vuln.today AI
7.8 HIGH

Attacker needs an existing low-privileged local session (AV:L, PR:L), no interaction (UI:N), and gains full-privilege control yielding high C/I/A with unchanged scope.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 17:56 vuln.today
CVE Published
Jul 14, 2026 - 17:05 nvd
HIGH 7.8

DescriptionCVE.org

Improper access control in Windows Remote Help Defense allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Microsoft Windows Remote Help allows an authenticated low-privileged user to elevate to higher privileges via improper access control (authorization bypass) in the Remote Help component. Exploitation requires prior local access with limited privileges (PR:L) but no user interaction, yielding full confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local session
Delivery
Invoke Windows Remote Help component
Exploit
Abuse improper access-control check
Execution
Bypass authorization boundary
Impact
Execute actions as elevated privileges

Vulnerability AssessmentAI

Exploitation Exploitation requires that the Microsoft Windows Remote Help application is installed and present on the target host, and that the attacker already holds a low-privileged authenticated local session on that host (PR:L, AV:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H yields a base score of 7.8 (High): local attack vector, low complexity, low privileges required, no user interaction, unchanged scope, and high impact across C/I/A - a classic reliable local privilege-escalation profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already obtained a standard (non-admin) local account on a Windows machine with Remote Help installed invokes the vulnerable component to abuse the improper access-control check and gain elevated (e.g., SYSTEM or administrator) privileges. Because the CVSS vector is AV:L/AC:L/PR:L/UI:N, the exploit is reliable, needs no victim interaction, and requires only an existing low-privileged foothold; no public POC has been identified at time of analysis.
Remediation Apply the Microsoft-released update for CVE-2026-55014 as documented in the MSRC advisory (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55014); patch availability is confirmed by the vendor, though the input does not enumerate the exact fixed version, so pull the specific build from that advisory and, because Remote Help is typically distributed through Microsoft Intune / the Microsoft Store for Business, ensure the deployed app package is updated to the patched release across managed endpoints. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify and inventory all Windows systems with Remote Help installed, prioritizing systems handling sensitive data or running critical business operations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55014 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy