CVE-2026-27923: Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Affected

29 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	windows_10_1607	< 10.0.14393.9060	10.0.14393.9060
microsoft	windows_10_1809	< 10.0.17763.8644	10.0.17763.8644
microsoft	windows_10_21h2	< 10.0.19044.7184	10.0.19044.7184
microsoft	windows_10_22h2	< 10.0.19045.7184	10.0.19045.7184
microsoft	windows_10_version_1607	>= 10.0.14393.0 < 10.0.14393.9060	10.0.14393.9060
microsoft	windows_10_version_1809	>= 10.0.17763.0 < 10.0.17763.8644	10.0.17763.8644
microsoft	windows_10_version_21h2	>= 10.0.19044.0 < 10.0.19044.7184	10.0.19044.7184
microsoft	windows_10_version_22h2	>= 10.0.19045.0 < 10.0.19045.7184	10.0.19045.7184
microsoft	windows_11_23h2	< 10.0.22631.6936	10.0.22631.6936
microsoft	windows_11_24h2	< 10.0.26100.8246	10.0.26100.8246
microsoft	windows_11_25h2	< 10.0.26200.8246	10.0.26200.8246
microsoft	windows_11_26h1	< 10.0.28000.1836	10.0.28000.1836
microsoft	windows_11_version_22h3	>= 10.0.22631.0 < 10.0.22631.6936	10.0.22631.6936
microsoft	windows_11_version_23h2	>= 10.0.22631.0 < 10.0.22631.6936	10.0.22631.6936
microsoft	windows_11_version_24h2	>= 10.0.26100.0 < 10.0.26100.8246	10.0.26100.8246
microsoft	windows_11_version_25h2	>= 10.0.26200.0 < 10.0.26200.8246	10.0.26200.8246
microsoft	windows_11_version_26h1	>= 10.0.28000.0 < 10.0.28000.1836	10.0.28000.1836
microsoft	windows_server_2012	—	—
microsoft	windows_server_2012	>= 6.2.9200.0 < 6.2.9200.26026	6.2.9200.26026
microsoft	windows_server_2012_r2	>= 6.3.9600.0 < 6.3.9600.23132	6.3.9600.23132
microsoft	windows_server_2016	< 10.0.14393.9060	10.0.14393.9060
microsoft	windows_server_2016	>= 10.0.14393.0 < 10.0.14393.9060	10.0.14393.9060
microsoft	windows_server_2019	< 10.0.17763.8644	10.0.17763.8644
microsoft	windows_server_2019	>= 10.0.17763.0 < 10.0.17763.8644	10.0.17763.8644
microsoft	windows_server_2022	< 10.0.20348.5020	10.0.20348.5020