Critical Windows Admin Center Vulnerability Allows Privilege Escalation
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A critical security update addressing a high\u2011severity elevation of privilege vulnerability in\u00a0Windows Admin Center (WAC<\/a>), identified as\u00a0CVE\u20112026\u201126119.<\/p>\n The flaw, rated\u00a0CVSS 8.8 (Critical), stems from\u00a0improper authentication (CWE\u2011287)\u00a0that could allow an authorized attacker to gain elevated network privileges.<\/p>\n According to Microsoft, this vulnerability affects\u00a0Windows Admin Center version 2.6.4, and it was publicly disclosed on\u00a0February 17, 2026.<\/p>\n The issue allows attackers who already have limited privileges on the system to escalate their access without further user interaction.<\/p>\n Although Microsoft has not observed active exploitation in the wild, it warns that exploitation is\u00a0\u201cmore likely\u201d, citing the low attack complexity and network exposure of WAC deployments<\/a>.<\/p>\n When successfully exploited, the attacker could gain the same privileges as the user running the affected application.<\/p>\n Given that Windows Admin Center is often used for centralized system administration, such privilege escalation could enable full control of managed servers, modification of system settings, and access to sensitive data.<\/p>\n Microsoft credits\u00a0Andrea Pierini from Semperis\u00a0for responsibly reporting the vulnerability.<\/p>\n The company has released an\u00a0official fix\u00a0through the latest Windows Admin Center security update and strongly advises administrators to apply the patch immediately.<\/p>\n Users can find the update and release notes through Microsoft\u2019s official channels <\/a>(Release Notes,\u00a0Security Update).<\/p>\n While no proof\u2011of\u2011concept (PoC) code has surfaced, the\u00a0exploitability index\u00a0indicates a higher likelihood of exploit development in the near term.<\/p>\n Given WAC\u2019s exposure across enterprise environments, delaying patch deployment could leave networks vulnerable to lateral movement and privilege misuse attacks.<\/p>\n Administrators are urged to follow Microsoft\u2019s\u00a0security update guidance, review account permissions, and monitor event logs for unusual privilege escalations.<\/p>\n More details on the official CVE are available via\u00a0CVE.org and\u00a0Microsoft\u2019s Security Update Guide.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Critical Windows Admin Center Vulnerability Allows Privilege Escalation<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n