{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32224", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-11T01:49:58.662Z", "datePublished": "2026-04-14T16:57:43.822Z", "dateUpdated": "2026-05-12T17:38:39.337Z"}, "containers": {"cna": {"title": "Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*", "versionStartIncluding": "10.0.28000.0", "versionEndExcluding": "10.0.28000.1836"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Windows 11 version 26H1", "platforms": ["ARM64-based Systems", "x64-based Systems"], "versions": [{"version": "10.0.28000.0", "lessThan": "10.0.28000.1836", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-416: Use After Free", "lang": "en-US", "type": "CWE", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:39.337Z"}, "references": [{"name": "Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32224"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32224", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T03:56:15.991608Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T09:13:17.095Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32224", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T03:56:15.991608Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T09:09:04.853Z"}}], "cna": {"title": "Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Windows 11 version 26H1", "versions": [{"status": "affected", "version": "10.0.28000.0", "lessThan": "10.0.28000.1836", "versionType": "custom"}], "platforms": ["ARM64-based Systems", "x64-based Systems"]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32224", "name": "Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*", "vulnerable": true, "versionEndExcluding": "10.0.28000.1836", "versionStartIncluding": "10.0.28000.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-11T16:05:35.836Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32224", "state": "PUBLISHED", "dateUpdated": "2026-05-11T16:05:35.836Z", "dateReserved": "2026-03-11T01:49:58.662Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:57:43.822Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*", "matchCriteriaId": "690E74A8-E72C-47B6-96EB-37C48D69A635", "versionEndExcluding": "10.0.28000.1836", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*", "matchCriteriaId": "13A01FA1-08DC-4E33-9FFC-AB4BCD9634CA", "versionEndExcluding": "10.0.28000.1836", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2026-32224", "lastModified": "2026-04-17T19:35:06.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-14T18:17:30.690", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32224"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["arm64-based_systems", "x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.28000.0,10.0.28000.1836)"}}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "Windows 11 version 26H1", "source": "cna", "vendor": "Microsoft"}, "product": "windows_11_26h1", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-14T20:40:04.143541+00:00", "value": {"mitigation_remediation": ["Apply the Microsoft security update that addresses CVE-2026-32224.", "If the Windows Server Update Service is not required, disable or uninstall the service to reduce the attack surface.", "Limit local user accounts from accessing the WSUS service and review permissions granted to any accounts with elevated rights.", "Monitor system logs for unusual attempts to interact with WSUS processes."], "summary": {"action": "Apply Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Microsoft Windows\u00a011, 26H1 edition, when the Windows Server Update Service component is installed and enabled. Any user with legitimate access to the WSUS service on this build is potentially able to exploit the flaw.", "description_and_impact": "A use\u2011after\u2011free flaw in the Windows Server Update Service allows an attacker who already has authorized access to the service to elevate that attacker\u2019s privileges on the local machine. The vulnerability is identified as CWE\u2011416, indicating a memory corruption error that can be triggered to execute code with higher privileges than originally granted.", "risk_and_exploitability": "The CVSS score of seven reflects a high severity local privilege escalation. Exploitation requires that the attacker first obtain an authorized user context or a valid account that can interact with the WSUS service. Because the EPSS score is not available and the vulnerability is not listed in the KEV catalog, the probability of widespread exploitation is uncertain, yet the impact for affected systems remains significant if attackers gain elevated rights."}}}}, "created": "2026-04-15T15:00:06.175095+00:00", "updated": "2026-04-15T20:45:06.239770+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$windows_11_26h1"]}