Microsoft

Microsoft has a high-severity local privilege escalation vulnerability (CVSS 7.8) that requires local access and low-level user privileges to exploit, but delivers significant impact across confidentiality, integrity, and availability once successful. The attack is difficult to execute and doesn't require user interaction, making it a targeted threat primarily relevant to systems with untrusted local users. Security teams should monitor for patches expected by June 30, 2026, and prioritize this for systems handling sensitive data or in multi-tenant environments.