CVE-2026-20870
published 2026-01-13CVE-2026-20870: Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
PriorityP347high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.45%
35.6th percentile
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_24h2 | < 10.0.26100.7623 | 10.0.26100.7623 |
| microsoft | windows_11_25h2 | < 10.0.26200.7623 | 10.0.26200.7623 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.7623 | 10.0.26100.7623 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.7623 | 10.0.26200.7623 |
| microsoft | windows_server_2025 | < 10.0.26100.32230 | 10.0.26100.32230 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.32230 | 10.0.26100.32230 |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_x64-based_systems | — | — |
| msrc | windows_server_2025 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
vendor_msrc·2026-01-13·CVSS 7.8
CVE-2026-20870 [HIGH] CWE-416 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Description: Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows Win32K - ICOMP: Windows Win32K - ICOMP
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5073379
Reference: https://support.microsoft.com/en-us/topic/a6021fd2-b3b7-45a7-b68e-35c28a2a77da
Reference: https://su
GHSA
GHSA-5m23-p78p-xgrg: Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally
ghsa_unreviewed·2026-01-13
CVE-2026-20870 [HIGH] CWE-416 GHSA-5m23-p78p-xgrg: Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
No detection rules found.
No public exploits indexed.
Qualys
Microsoft and Adobe Patch Tuesday, January 2026 Security Update Review
blogs_qualys·2026-01-13
Microsoft and Adobe Patch Tuesday, January 2026 Security Update Review
## Table of Contents
Microsoft Patch Tuesday forJanuary2026
Adobe Patches for January 2026
Zero-day Vulnerabilities Patched inJanuaryPatch Tuesday Edition
Critical Severity Vulnerabilities Patched inJanuaryPatch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response with TruRisk Eliminate
EVALUATE Vendor-Suggested Mitigation withPolicy Audit(PA)
Qualys Monthly Webinar Series
Starting the year on a security-first note, Microsoft’s January 2026 Patch Tuesday resolves several vulnerabilities that could impact enterprise environments. Here’s a quick breakdown of what you need to know.
## Microsoft Patch Tuesday for January 2026
This month’s rel
Bleepingcomputer
Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
blogs_bleepingcomputer·2026-01-13·CVSS 5.5
[MEDIUM] Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
## Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
## Lawrence Abrams
57 Elevation of Privilege vulnerabilities
3 Security Feature Bypass vulnerabilities
22 Remote Code Execution vulnerabilities
22 Information Disclosure vulnerabilities
2 Denial of Service vulnerabilities
5 Spoofing vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include Microsoft Edge (1 flaw) and Mariner vulnerabilities fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5074109 & KB5073455 cumulative updates and Windows 10 KB5073724 extended security update .
## 3 zero-days, one ex
Qualys
Microsoft and Adobe Patch Tuesday, January 2026 Security Update Review | Qualys
blogs_qualys·2026-01-13
Microsoft and Adobe Patch Tuesday, January 2026 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday forJanuary2026
- Adobe Patches for January 2026
- Zero-day Vulnerabilities Patched inJanuaryPatch Tuesday Edition
- Critical Severity Vulnerabilities Patched inJanuaryPatch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response with TruRisk Eliminate
- EVALUATE Vendor-Suggested Mitigation withPolicy Audit(PA)
- Qualys Monthly Webinar Series
Starting the year on a security-first note, Microsoft’s January 2026 Patch Tuesday resolves several vulnerabilities that could impact enterprise environments. Here’s a quick breakdown of what you need to know.
## Microsoft Patch Tuesday for January 2026
Thi
Wiz
CVE-2026-20870 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-20870 [HIGH] CVE-2026-20870 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20870 :
vulnerability analysis and mitigation
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Source : NVD
## 7.8
Score
Published January 13, 2026
Severity HIGH
CNA Score 7.8
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.1
Exploitation Probability (EPSS) N/A
Sources
NVD
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
Free Vulnerability Assessment
## Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
#
2026-01-13
Published