Peter Leibling – Seite 234

CVE-2026-20940 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-20934 Windows SMB Server Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-20843 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability

Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.

CVE-2026-20935 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.

CVE-2026-20854 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.

CVE-2026-20874 Windows Management Services Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20870 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Use after free in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally.

CVE-2026-20823 Windows File Explorer Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-20867 Windows Management Services Elevation of Privilege Vulnerability