Today's Top Windows Articles
Articles for the IT Professional. Each day we look at roughly 100 sites for Windows articles and bring them here.
Microsoft confirms old Windows 8 UI elements are being replaced in Windows 11, but it’s not enough yet
Microsoft has acknowledged that Windows 11 still includes legacy UI from Windows 8 and older versions. From login screen elements to Control Panel and system tools, inconsistencies remain. The company...
Windows Latest
Apr 13, 2026 - windowslatest.com
Can AI revive democracy? Former Amazon product manager builds tool to spark civic engagement
A former Amazon product manager is using AI to turn dense city council agendas and meeting minutes into plain-language briefings, with alerts tuned to each user’s interests, aiming to inspire people t...
GeekWire
Apr 13, 2026 - geekwire.com
Folder with RW2 (RAW) files causes Explorer to crash
Edition Windows 10 Home Version 22H2 Installed on 8/15/2020 OS Build 19045.7058 I am dealing with a frustrating issue regarding RW2 files, which are RAW image files from a Panasonic camera....
Windows 10 Help Forums
Apr 13, 2026 - tenforums.com
Your tech support company runs scams. Stop—or disguise with more fraud?
Fake it till you make it.
Ars Technica - All content
Apr 13, 2026 - arstechnica.com
Avoid Entra ID Lockouts: Migrate Legacy MFA Policies
Learn how to migrate legacy MFA and SSPR policies to the unified Entra ID Authentication Methods policy, including audit, NPS extension fixes, and validation.
ATA Learning
Apr 13, 2026 - adamtheautomator.com
How to Survive the 2026 Secure Boot Certificate Expiry
Deploy Windows UEFI CA 2023 before the June 2026 certificate expiry. Inventory devices, update OEM firmware, and trigger enrollment via Intune or PowerShell registry settings.
ATA Learning
Apr 13, 2026 - adamtheautomator.com
Apple TV is about to have three top-tier shows airing all at once
Apple TV has a big summer ahead with the return of Ted Lasso, Dark Matter, and more, but the streamer’s current lineup is compelling too, and will get even more so later this week. more…
9to5Mac
Apr 13, 2026 - 9to5mac.com
Office LTSC 2021 support is ending, and Microsoft wants you to migrate to the cloud
Office LTSC 2021 apps will still run but lose security updates and support, and Microsoft is suggesting an upgrade to Microsoft 365. Read more...
Neowin
Apr 13, 2026 - neowin.net
GrafanaGhost: The AI That Leaked Everything Without Being Hacked
A newly disclosed vulnerability reveals how AI assistants can become invisible channels for data exfiltration — and why security enforcement must shift to the data layer. The post GrafanaGhost: The AI...
TechRepublic
Apr 13, 2026 - techrepublic.com
Adobe Patches Actively Exploited Zero-Day That Lingered for Months
An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months.
darkreading
Apr 13, 2026 - darkreading.com
Why the Iran cyberattack everyone warned about hasn’t really happened yet
When the U.S. began “major combat operations” against Iran in late February, the warnings about an online counterattack from Iran and groups tied to the nation came from every corner. But more than si...
Fast Company - technology
Apr 13, 2026 - fastcompany.com
Google shoehorned Rust into Pixel 10 modem to make legacy code safer
Cellular modems are complex black boxes of legacy code, but Google is making them safer with Rust.
Ars Technica - All content
Apr 13, 2026 - arstechnica.com
Google shoehorned Rust into Pixel 10 modem to make legacy code safer
Cellular modems are complex black boxes of legacy code, but Google is making them safer with Rust.
Ars Technica
Apr 13, 2026 - arstechnica.com
CSA: CISOs Should Prepare for Post-Mythos Exploit Storm
In a new report from the Cloud Security Alliance (CSA), experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claude Mythos.
darkreading
Apr 13, 2026 - darkreading.com
Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
One was patched almost 14 years ago Crooks are exploiting four Microsoft vulnerabilities - one patched 14 years ago and another tied to ransomware activity - according to America's lead cyber-defense ...
The Register
Apr 13, 2026 - go.theregister.com
The FAA’s “Temporary” Flight Restriction For Drones Is A Blatant Attempt To Criminalize Filming ICE
The Trump administration has restricted the First Amendment right to record law enforcement by issuing an unprecedented nationwide flight restriction preventing private drone operators, including prof...
Techdirt
Apr 13, 2026 - techdirt.com
Security Bite Podcast: Atomic Stealer is blurring the line between infostealers and trojans on Mac
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to mana...
9to5Mac
Apr 13, 2026 - 9to5mac.com
Thumbnails Stopped Generating 4 days Ago (Win 10)
I noticed last week that any newly saved images no longer generate a thumbnail image like they used to. So I have only older thumbnails from 5 days ago. Researched the issue and tried clearing the ...
Windows 10 Help Forums
Apr 14, 2026 - tenforums.com
Never lose anything again with these Find My accessories
There’s a robust ecosystem of Find My accessories on the market nowadays, across various different designs and form factors. Here are some of the most popular options. more…
9to5Mac
Apr 14, 2026 - 9to5mac.com
CVE-2026-40386
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-40385
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-40393
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-31416 netfilter: nfnetlink_log: account for netlink header size
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-31423 net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-31424 netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-31417 net/x25: Fix overflow when accumulating packets
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-31422 net/sched: cls_flow: fix NULL pointer dereference on shared blocks
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-31414 netfilter: nf_conntrack_expect: use expect->helper
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-31427 netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-31426 ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-31420 bridge: mrp: reject zero test interval to avoid OOM panic
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-31421 net/sched: cls_fw: fix NULL pointer dereference on shared blocks
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-31428 netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2025-1147 GNU Binutils nm nm.c internal_strlen buffer overflow
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2025-1148 GNU Binutils ld ldelfgen.c link_order_scan memory leak
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2025-11839 GNU Binutils prdbg.c tg_tag_type return value
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2025-69646 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2025-69652 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2025-69645 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2025-69649 GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-3783 token leak with redirect and netrc
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-1965 bad reuse of HTTP Negotiate connection
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-3784 wrong proxy connection reuse with credentials
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2025-69647
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-32776
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-32778
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-32777
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-4647 Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-31418 netfilter: ipset: drop logically empty buckets in mtype_del
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
How to force Libre office to remember the wifi printer I use
HI I have windows 10 and i have a brother hl l 2390 dw. Before my printer was wired. Libre office was remembering to use the printer that pc names PRINTER HLL2390DW and print 2 sided. cool. I kep...
Windows 10 Help Forums
Apr 14, 2026 - tenforums.com
Oh God: RFK Jr. Unveils Plan To Be First Sitting Cabinet Secretary To Host A Podcast
With all that RFK Jr. has done, and failed to do, as the Secretary of HHS, he should be terribly busy cleaning up mess after mess. The measles outbreak that is going to cause America to lose its elimi...
Techdirt
Apr 14, 2026 - techdirt.com
Galaxy Watch 6, 7, 8, and Ultra Users Report Battery Drain Linked to Google Play Services
Users of Samsung Galaxy Watch 6, 7, 8, and Ultra models have been noticing unexpected battery drain over the past several days. Thank you for being a Ghacks reader. The post Galaxy Watch 6, 7, 8, and ...
gHacks
Apr 14, 2026 - ghacks.net
Blackmagic's DaVinci Resolve 21 takes on Adobe Lightroom with a new Photo page
Many creators have already switched from Adobe Premiere to DaVinci Resolve, and now the developer, Blackmagic Design, is going after Lightroom and Photoshop. The Australian company just unveiled DaVin...
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
Apr 14, 2026 - engadget.com
CVE-2026-20930 Windows Management Services Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-25250 MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix
Missing cryptographic step in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-25184 Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-20945 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-23670 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26149 Microsoft Power Apps Security Feature Bypass
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26151 Remote Desktop Spoofing Vulnerability
Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26154 Windows Server Update Service (WSUS) Tampering Vulnerability
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26155 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
Information published.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26160 Remote Desktop Licensing Service Elevation of Privilege Vulnerability
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26161 Windows Sensor Data Service Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26162 Windows OLE Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26165 Windows Shell Elevation of Privilege Vulnerability
Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26166 Windows Shell Elevation of Privilege Vulnerability
Double free in Windows Shell allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26167 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26174 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26175 Windows Boot Manager Security Feature Bypass Vulnerability
Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26179 Windows Kernel Elevation of Privilege Vulnerability
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26180 Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26181 Microsoft Brokering File System Elevation of Privilege Vulnerability
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-26183 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27906 Windows Hello Security Feature Bypass Vulnerability
Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27908 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27915 Windows UPnP Device Host Elevation of Privilege Vulnerability
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27917 Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability
Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27918 Windows Shell Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27919 Windows UPnP Device Host Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27921 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27924 Desktop Window Manager Elevation of Privilege Vulnerability
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27926 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27927 Windows Projected File System Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability
Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-27931 Windows GDI Information Disclosure Vulnerability
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-32071 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-32073 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-32075 Windows UPnP Device Host Elevation of Privilege Vulnerability
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
Apr 14, 2026 - msrc.microsoft.com
CVE-2026-32081 Package Catalog Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.