🟠 High | Source: Microsoft Security Response Center
CVE-2026-49167 is a use-after-free vulnerability in the Windows Kernel that allows an attacker who already has local access to a machine to elevate their privileges to a higher level, potentially gaining full system control. Although exploitation requires prior authorised access, this type of flaw is frequently chained with other vulnerabilities to achieve full compromise. It is particularly relevant to cloud environments where Windows-based virtual machines, Azure VMs, or hybrid-joined endpoints are in use.
Security Architect’s Take: Prioritise patching all Windows-based workloads — particularly Azure VMs, Azure Virtual Desktop hosts, and hybrid-connected endpoints — as this class of vulnerability is routinely used as the second stage in ransomware and targeted attack chains. Ensure your VM patch compliance dashboards (e.g. via Microsoft Defender for Cloud or Azure Update Manager) are reflecting the fix once released.
Original advisory: CVE-2026-49167 Windows Kernel Elevation of Privilege Vulnerability