Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.0
Windows Win32K Privilege Elevation Vulnerability
CVE-2026-24285
Summary
An attacker with permission to run code on a Windows system can use a specific sequence of actions to gain elevated privileges, potentially allowing them to access sensitive areas of the system. This can lead to unauthorized changes or data theft. To mitigate this risk, ensure your Windows systems are fully patched with the latest security updates.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| microsoft | office | <= 16.0.19822.20000 | – |
| microsoft | windows_10_1607 | <= 10.0.14393.8957 | – |
| microsoft | windows_10_1607 | <= 10.0.14393.8957 | – |
| microsoft | windows_10_1809 | <= 10.0.17763.8511 | – |
| microsoft | windows_10_1809 | <= 10.0.17763.8511 | – |
| microsoft | windows_10_21h2 | <= 10.0.19044.7058 | – |
| microsoft | windows_10_21h2 | <= 10.0.19044.7058 | – |
| microsoft | windows_10_21h2 | <= 10.0.19044.7058 | – |
| microsoft | windows_10_22h2 | <= 10.0.19045.7058 | – |
| microsoft | windows_10_22h2 | <= 10.0.19045.7058 | – |
| microsoft | windows_10_22h2 | <= 10.0.19045.7058 | – |
| microsoft | windows_11_23h2 | <= 10.0.22631.6783 | – |
| microsoft | windows_11_23h2 | <= 10.0.22631.6783 | – |
| microsoft | windows_11_24h2 | <= 10.0.26100.7979 | – |
| microsoft | windows_11_24h2 | <= 10.0.26100.7979 | – |
| microsoft | windows_11_25h2 | <= 10.0.26200.7979 | – |
| microsoft | windows_11_25h2 | <= 10.0.26200.7979 | – |
| microsoft | windows_server_2012 | All versions | – |
| microsoft | windows_server_2012 | r2 | – |
| microsoft | windows_server_2016 | <= 10.0.14393.8957 | – |
| microsoft | windows_server_2019 | <= 10.0.17763.8511 | – |
| microsoft | windows_server_2022 | <= 10.0.20348.4830 | – |
| microsoft | windows_server_2022_23h2 | <= 10.0.25398.2207 | – |
| microsoft | windows_server_2025 | <= 10.0.26100.32463 | – |
Original title
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
Original description
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
nvd CVSS3.1
7.0
Vulnerability type
CWE-416
Use After Free
Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026