Windows Device Association Service Privilege Elevation Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.0

Windows Device Association Service Privilege Elevation Risk

CVE-2026-24295

Summary

A vulnerability in the Windows Device Association Service can allow an authorized user to gain higher-level access to a Windows system. This could potentially allow them to make changes or access data they shouldn't. To mitigate this risk, consider applying the latest security updates or taking steps to limit user privileges.

Original title

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.

Original description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.0

Vulnerability type

CWE-362 Race Condition

CWE-416 Use After Free

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24295

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026