CVE-2022-26904 Microsoft CVE debrief

Who should care

Windows administrators, endpoint security teams, patch management teams, and defenders responsible for systems where users can log on locally or remotely should prioritize this issue. Security teams should also pay attention because CISA has identified it as known exploited.

Technical summary

The supplied sources identify CVE-2022-26904 as a privilege escalation vulnerability in Microsoft Windows User Profile Service. Beyond that classification, the provided corpus does not include additional technical details, exploit mechanics, or affected-version specifics. CISA’s KEV entry indicates the vulnerability was considered actively relevant enough to require remediation per vendor guidance.

Defensive priority

High. CISA’s Known Exploited Vulnerabilities listing is a strong signal that this issue should be remediated quickly, especially on internet-connected, user-facing, or broadly deployed Windows endpoints and servers.

Recommended defensive actions

• Apply Microsoft updates per vendor instructions as soon as possible.
• Use the CISA KEV catalog to confirm remediation status and due-date pressure.
• Inventory Windows systems that rely on the User Profile Service and verify patch coverage.
• Prioritize high-value, remote-access, and widely deployed endpoints for validation.
• Monitor for anomalous privilege changes or unexpected administrative access on affected systems.

Evidence notes

Evidence is limited to the supplied CISA KEV metadata and official links. The source data shows: CVE ID CVE-2022-26904; vendor Microsoft; product Windows; vulnerability name 'Microsoft Windows User Profile Service Privilege Escalation Vulnerability'; dateAdded 2022-04-25; dueDate 2022-05-16; knownRansomwareCampaignUse Unknown; and requiredAction 'Apply updates per vendor instructions.' No CVSS score or deeper technical exploit details were provided in the corpus.

Official resources