Winlogon Elevation of Privilege Vulnerability

Description

Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.

Affected Products

Vendor	Product	Versions
microsoft	windows_10_1607	10.0.14393.0, 10.0.17763.0, 10.0.19044.0, 10.0.19045.0, 10.0.22631.0, 10.0.22631.0, 10.0.26100.0, 10.0.26200.0, 10.0.28000.0, 6.2.9200.0, 6.2.9200.0, 6.3.9600.0, 6.3.9600.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.25398.0, 10.0.26100.0, 10.0.26100.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
hitachi	hitachi storage	cert_advisory	90%
microsoft	microsoft windows	cert_advisory	90%
microsoft	windows	cert_advisory	90%
microsoft	microsoft windows server 2012 r2	cert_advisory	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25187(vendor-advisory, patch)

Related News (1 articles)

Tier B

BSI Advisories10h ago

[UPDATE] [hoch] Microsoft Windows und Windows Server: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

10.0.14393.895710.0.17763.851110.0.19044.705810.0.19045.705810.0.22631.678310.0.26100.797910.0.26200.797910.0.28000.171910.0.20348.483010.0.25398.220710.0.26100.32463

CWECWE-59

PublishedMar 10, 2026

Last enriched48d ago

Trending Score97

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack