CVE-2026-21533
Microsoft Windows Improper Privilege Management Vulnerability
CVSS
—
Sin CVSS
EPSS
3.8%
p89
KEV
SÍ
10 feb 2026
Exploit Today
77
0-100
Publicado: — · Última mod.: —
Producto
Microsoft / Windows
Vulnerabilidad
Microsoft Windows Improper Privilege Management Vulnerability
Añadido a KEV
10 feb 2026
Remediar antes de
3 mar 2026
Uso conocido en ransomware
No
Descripción resumida
Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
Acción requerida
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notas
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533