Microsoft

Microsoft has a high-severity vulnerability (CVSS 7.0) that requires local access and low-level user privileges to exploit, but once compromised delivers significant impact across confidentiality, integrity, and availability. The attack is not remotely exploitable and does not require user interaction, meaning an authenticated local attacker can directly execute the exploit. Security teams should prioritize patching Microsoft products when the vendor deadline passes in April 2026 and monitor for suspicious local privilege escalation attempts in the interim.