Autor: Peter Leibling

CVE-2026-20924 Windows Management Services Elevation of Privilege Vulnerability

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20962 Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability

Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.

CVE-2026-20834 Windows Spoofing Vulnerability

Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.

CVE-2026-20941 Host Process for Windows Tasks Elevation of Privilege Vulnerability

Improper link resolution before file access (‚link following‘) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

CVE-2026-20829 TPM Trustlet Information Disclosure Vulnerability

Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.

CVE-2026-20927 Windows SMB Server Denial of Service Vulnerability

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows SMB Server allows an authorized attacker to deny service over a network.

CVE-2026-21224 Azure Connected Machine Agent Elevation of Privilege Vulnerability

Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

CVE-2026-20920 Win32k Elevation of Privilege Vulnerability

Use after free in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally.

CVE-2026-20862 Windows Management Services Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.