Skip to main content

Microsoft EUVDEUVD-2026-22610

| CVE-2026-32222 HIGH
Untrusted Pointer Dereference (CWE-822)
2026-04-14 microsoft GHSA-249v-qr3v-pf7r
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:23 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22610
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.8

DescriptionCVE.org

Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows Win32K ICOMP component via untrusted pointer dereference allows low-privileged authenticated users to achieve SYSTEM-level access on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. The vulnerability requires local access and low-privilege credentials (PR:L) but no user interaction, with confirmed patch availability from Microsoft. CVSS 7.8 reflects complete compromise of confidentiality, integrity, and availability. No public exploit identified at tim

Technical ContextAI

This vulnerability exploits CWE-822 (untrusted pointer dereference) in the Windows Win32K kernel subsystem, specifically within the ICOMP (Image Component Object) processing routines. Win32K is the kernel-mode driver responsible for Windows graphics and windowing functions, operating at ring 0 with full system privileges. Untrusted pointer dereference occurs when kernel code uses a pointer supplied from user-mode without proper validation, allowing attackers to redirect execution flow or manipulate kernel memory structures. In this case, a low-privileged process can supply a malicious pointer to Win32K ICOMP functions, causing the kernel to dereference attacker-controlled memory addresses. The affected products span modern Windows platforms: Windows 11 versions 24H2 (10.0.26100.x), 25H2 (10.0.26200.x), and the insider preview 26H1 (10.0.28000.x), plus Windows Server 2025 including Server Core installations. The vulnerability affects core kernel components used by all graphical applications, making it broadly exploitable across affected installations.

RemediationAI

Apply Microsoft security updates immediately to patch this vulnerability. Vendor-released patches fix the issue in Windows 11 Version 24H2 build 10.0.26100.32690 or later, Windows 11 Version 25H2 build 10.0.26200.8246 or later, Windows 11 Version 26H1 build 10.0.28000.1836 or later, and Windows Server 2025 build 10.0.26100.32690 or later (applies to both standard and Server Core installations). Organizations should deploy patches through Windows Update, WSUS, or enterprise patch management solutions. Consult the official Microsoft advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32222 for specific KB article numbers and deployment guidance. No effective workarounds exist for kernel-level vulnerabilities; patching is the only complete remediation. For systems requiring delayed patching, implement compensating controls including restricting local logon permissions to trusted users only, enabling enhanced security monitoring for unusual privilege escalation attempts via Windows Defender ATP or EDR solutions, and applying principle of least privilege to limit accounts with local interactive logon rights. Additional technical details available through ENISA EUVD-2026-22610 at https://nvd.nist.gov/vuln/detail/CVE-2026-32222.

Share

EUVD-2026-22610 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy