Microsoft

Microsoft has a high-severity local privilege escalation vulnerability (CVSS 7.8) that requires local access and low-level user privileges to exploit, but causes significant damage across confidentiality, integrity, and availability once successful. The attack cannot be executed remotely and does not require user interaction, making it particularly dangerous in multi-user systems or environments where attackers have initial local access. Security teams should monitor for exploitation attempts targeting Windows systems and prioritize patching once Microsoft releases a fix by the June 2026 deadline.