Win32k Elevation of Privilege Vulnerability

Plan PatchCVSS 7CVE-2026-33839May 12, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

Win32k graphics kernel vulnerability (CVE-2026-33839) allows an authorized local user to escalate privileges through a race condition in shared resource synchronization. The vulnerability affects Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 23H2, 24H2, 25H2, 26H1), and Windows Server 2019, 2022, and 2025. An attacker with local user credentials could exploit improper synchronization in Win32K graphics handlers to gain SYSTEM-level permissions. Microsoft has released patches for all affected Windows versions; exploitation is currently assessed as unlikely.

What this means

What could happen

A user logged into a Windows 10, Windows 11, or Windows Server system could run code with elevated system privileges, potentially allowing them to modify industrial applications, change device configurations, or disable security controls.

Who's at risk

Organizations operating Windows 10, Windows 11, or Windows Server 2019, 2022, and 2025 systems should prioritize patching, especially any systems used for engineering workstations, HMI (Human-Machine Interface) servers, historian systems, or data acquisition that require local user access. This affects utilities using Windows-based SCADA clients, industrial PCs running Windows, or any critical Windows system where standard users have accounts.

How it could be exploited

An attacker with a local user account on a vulnerable Windows system could exploit a race condition in Win32k graphics handling to escalate their permissions from standard user to SYSTEM level without any additional user interaction.

Prerequisites

Local user account on the affected Windows system
User must be logged in or able to log in to the system

Local execution requiredLow complexity attackAffects Windows across multiple versionsPrivilege escalation from user to SYSTEM level

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (23)

23 with fix

ProductAffected VersionsFix Status

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8755

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8755

Windows Server 2019All versionsBuild 10.0.17763.8755

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8755

Windows Server 2022All versionsBuild 10.0.20348.5139

Remediation & Mitigation

0/13

Schedule — requires maintenance window

0/12

Patching may require device reboot — plan for process interruption

Long-term hardening

0/1

HARDENINGRestrict local system access and logon privileges to trusted personnel only

CVEs (1)

CVE-2026-33839

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2fa0dcef-7551-4aa9-a9aa-8a45e82e4618

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.