PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-58636 Microsoft CVE debrief

CVE-2026-58636 is a HIGH severity vulnerability in Microsoft's PC Manager, with a CVSS score of 7.8. The vulnerability is caused by improper link resolution before file access, also known as 'link following', which allows an authorized attacker to elevate privileges locally. The vulnerability exists in the PC Manager software, which is developed by Microsoft. This vulnerability has a significant impact on the security of the system, and administrators should take immediate action to mitigate it.

Vendor
Microsoft
Product
Microsoft PC Manager
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-17
Advisory published
2026-07-14
Advisory updated
2026-07-17

Who should care

Administrators and users of Microsoft PC Manager should be aware of this vulnerability and take necessary actions to mitigate it. This includes ensuring that PC Manager is updated to version 3.21.6.0 or later, monitoring system logs for suspicious activity, and implementing compensating controls to limit the attack surface.

Technical summary

The vulnerability exists in the PC Manager software, which is developed by Microsoft. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The weakness associated with this vulnerability is CWE-59. The vulnerability allows an authorized attacker to elevate privileges locally.

Defensive priority

High

Recommended defensive actions

  • Apply the patch provided by Microsoft
  • Ensure that PC Manager is updated to version 3.21.6.0 or later
  • Monitor system logs for suspicious activity
  • Implement compensating controls to limit the attack surface
  • Review compensating controls for exposed systems while remediation is scheduled and verified

Evidence notes

The CVE record was published on 2026-07-14T17:17:13.970Z and was last modified on 2026-07-17T02:35:05.437Z. The NVD entry is currently Analyzed. The vulnerability exists in Microsoft's PC Manager software. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The weakness associated with this vulnerability is CWE-59. Administrators and users of Microsoft PC Manager should be aware of this vulnerability and take necessary actions to mitigate it.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T17:17:13.970Z and has not been modified since then. The NVD entry is currently Analyzed.