wid-sec-w-2026-0661 · Published 2026-03-10 · View on BSI CERT-Bund ↗

Microsoft Windows and Windows Server: Multiple Vulnerabilities

CVSS 8.8 HIGH

Risk Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CVEs (48)

CVE-2026-23656 CVE-2026-23667 CVE-2026-23668 CVE-2026-23669 CVE-2026-23671 CVE-2026-23672 CVE-2026-23673 CVE-2026-23674 CVE-2026-24282 CVE-2026-24283 CVE-2026-24285 CVE-2026-24287 CVE-2026-24288 CVE-2026-24289 CVE-2026-24290 CVE-2026-24291 CVE-2026-24292 CVE-2026-24293 CVE-2026-24294 CVE-2026-24295 CVE-2026-24296 CVE-2026-24297 CVE-2026-25165 CVE-2026-25166 CVE-2026-25167 CVE-2026-25168 CVE-2026-25169 CVE-2026-25170 CVE-2026-25171 CVE-2026-25172 CVE-2026-25173 CVE-2026-25174 CVE-2026-25175 CVE-2026-25176 CVE-2026-25177 CVE-2026-25178 CVE-2026-25179 CVE-2026-25180 CVE-2026-25181 CVE-2026-25185 CVE-2026-25186 CVE-2026-25187 CVE-2026-25188 CVE-2026-25189 CVE-2026-25190 CVE-2026-26111 CVE-2026-26128 CVE-2026-26132

Affected Vendors

Microsoft

Affected Products (10)

Microsoft · Windows App Client for Desktop

Microsoft · Windows 10 Version 1607

Microsoft · Windows 10 Version 1809

Microsoft · Windows 10 Version 21H2

Microsoft · Windows 10 Version 22H2

Microsoft · Windows 11 Version 23H2

Microsoft · Windows 11 Version 24H2

Microsoft · Windows 11 Version 25H2

Microsoft · Windows 11 version 26H1

Microsoft · Windows Server 2022 23H2 Edition

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more