Skip to main content

Microsoft EUVDEUVD-2026-22612

| CVE-2026-32224 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft GHSA-3hp2-fjxj-6wj4
7.0
CVSS 3.1 · NVD
Temporal: 6.1
Share

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.1 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:23 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22612
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.0

DescriptionCVE.org

Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows Server Update Service (WSUS) on Windows 11 version 26H1 allows low-privileged authenticated users to gain SYSTEM-level access via use-after-free memory corruption. Exploitation requires local access and high attack complexity (CVSS AC:H), indicating timing-dependent or race condition triggers. Microsoft has released patch version 10.0.28000.1836 to address this vulnerability. No public exploit code or active exploitation confirmed at time of analysis.

Technical ContextAI

This vulnerability stems from a use-after-free (CWE-416) condition in the Windows Server Update Service component. Use-after-free vulnerabilities occur when code attempts to access memory after it has been freed, potentially allowing an attacker to manipulate memory allocation to execute arbitrary code or escalate privileges. The affected product per CPE data is Windows 11 version 26H1 (microsoft:windows_11_version_26h1), specifically builds prior to 10.0.28000.1836. WSUS is a critical Windows component responsible for managing and distributing operating system updates across enterprise networks. The high attack complexity (AC:H) in the CVSS vector suggests the exploit requires precise timing or winning a race condition, making reliable exploitation more difficult than standard memory corruption issues. The local attack vector (AV:L) restricts exploitation to users with existing system access.

RemediationAI

Apply Microsoft's security update to upgrade Windows 11 version 26H1 to build 10.0.28000.1836 or later, which addresses the use-after-free vulnerability in WSUS. The patch is available through standard Windows Update channels and Microsoft Update Catalog. Organizations should prioritize patching systems where multiple users have local access or where account compromise risk is elevated. Download the update directly from Microsoft Security Response Center at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32224. No workarounds are documented in available advisories; patching is the definitive remediation. Verify patch deployment by checking system build number (winver.exe) confirms version 10.0.28000.1836 or higher. In environments where immediate patching is not feasible, implement compensating controls including enhanced monitoring of privilege escalation attempts, restricted local logon permissions, and application control policies to limit execution of unsigned binaries.

Share

EUVD-2026-22612 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy