Microsoft

Microsoft has disclosed a high-severity vulnerability (CVSS 7.8) that requires local access and low-level user privileges to exploit, but delivers significant impact across confidentiality, integrity, and availability once executed. The attack is difficult to execute (high complexity) and does not require user interaction, making it a serious concern for systems where attackers have already obtained a foothold. Security teams should prioritize patching this vulnerability before the May 2026 deadline and monitor for exploitation attempts targeting local privilege escalation scenarios.