Windows UI Core Privilege Elevation Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Windows UI Core Privilege Elevation Vulnerability

CVE-2026-32164

Summary

An attacker with local access to a Windows system can exploit a flaw in the Windows User Interface Core to potentially gain administrator privileges. This is a security concern because it could allow unauthorized changes to system settings or data. To mitigate this risk, ensure all Windows systems are fully patched and up to date.

Original title

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

Original description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.8

Vulnerability type

CWE-362 Race Condition

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32164

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026