Description
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
Published: 2026-04-14
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

A use‑after‑free flaw in the Windows Server Update Service allows an attacker who already has authorized access to the service to elevate that attacker’s privileges on the local machine. The vulnerability is identified as CWE‑416, indicating a memory corruption error that can be triggered to execute code with higher privileges than originally granted.

Affected Systems

Microsoft Windows 11, 26H1 edition, when the Windows Server Update Service component is installed and enabled. Any user with legitimate access to the WSUS service on this build is potentially able to exploit the flaw.

Risk and Exploitability

The CVSS score of seven reflects a high severity local privilege escalation. Exploitation requires that the attacker first obtain an authorized user context or a valid account that can interact with the WSUS service. Because the EPSS score is not available and the vulnerability is not listed in the KEV catalog, the probability of widespread exploitation is uncertain, yet the impact for affected systems remains significant if attackers gain elevated rights.

Generated by OpenCVE AI on April 14, 2026 at 20:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update that addresses CVE-2026-32224.
  • If the Windows Server Update Service is not required, disable or uninstall the service to reduce the attack surface.
  • Limit local user accounts from accessing the WSUS service and review permissions granted to any accounts with elevated rights.
  • Monitor system logs for unusual attempts to interact with WSUS processes.

Generated by OpenCVE AI on April 14, 2026 at 20:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*

Wed, 15 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 26h1
Vendors & Products Microsoft windows 11 26h1

Wed, 15 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
Title Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 26h1
Weaknesses CWE-416
CPEs cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*
Vendors & Products Microsoft
Microsoft windows 11 26h1
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 26h1 Windows 11 26h1
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-12T17:38:39.337Z

Reserved: 2026-03-11T01:49:58.662Z

Link: CVE-2026-32224

cve-icon Vulnrichment

Updated: 2026-04-15T09:09:04.853Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T18:17:30.690

Modified: 2026-04-17T19:35:06.320

Link: CVE-2026-32224

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T20:45:06Z

Weaknesses