Microsoft

Microsoft has a high-severity vulnerability (CVSS 7.5) that requires local access and high-level privileges to exploit, but delivers significant impact across confidentiality, integrity, and availability. The attack cannot be performed remotely and does not require user interaction, making it a concern primarily for privileged insider threats or attackers with system-level access. Security teams should monitor for suspicious activity from high-privileged accounts and prioritize patching once Microsoft releases a fix by the April 8, 2026 deadline.