PatchSiren cyber security CVE debrief
CVE-2026-44810 Microsoft CVE debrief
CVE-2026-44810 is a HIGH-severity vulnerability in Windows Cryptographic Services, with a CVSS score of 8.4. The vulnerability allows an unauthorized attacker to elevate privileges locally due to improper authentication. The CVE was published on 2026-06-09T17:17:17.013Z and last modified on 2026-06-11T17:13:17.257Z.
- Vendor
- Microsoft
- Product
- Windows 11 version 23H2
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
Administrators and users of Microsoft Windows 11 and Windows Server systems should be aware of this vulnerability, as it can allow for local privilege escalation.
Technical summary
The vulnerability is caused by improper authentication in Windows Cryptographic Services. This allows an attacker to elevate their privileges locally. The vulnerability affects various versions of Windows 11 and Windows Server, including Windows 11 23H2, 24H2, 25H2, 26H1, Windows Server 2022, and Windows Server 2025.
Defensive priority
High
Recommended defensive actions
- Apply patches from Microsoft as soon as possible.
- Ensure that Windows systems are up-to-date with the latest security updates.
- Consider implementing additional security measures, such as multi-factor authentication and monitoring for suspicious activity.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Microsoft has provided a vendor advisory for this vulnerability at [ref-4].
Official resources
-
CVE-2026-44810 CVE record
CVE.org
-
CVE-2026-44810 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-44810 was disclosed by Microsoft on 2026-06-09T17:17:17.013Z.