CVE-2026-57092
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
Description
Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network.
In plain language
AI Act nowCVE-2026-57092 is a serious Windows networking flaw that can let an authorized attacker remotely gain higher system privileges; most small businesses should treat it as urgent if their Windows machines are reachable over a network and an attacker already has some access.
CVE-2026-57092 is a use-after-free elevation of privilege in Microsoft Windows VMSwitch that allows a remotely connected, authorized attacker to elevate privileges without user interaction.
What to do now
- Check whether your Windows device is affected by comparing its current OS build/version to the fixed versions listed by Microsoft for CVE-2026-57092.
- Install the latest available Windows security updates that include the fix for CVE-2026-57092.
- Verify the update applied by confirming the OS build now matches or exceeds the fixed version for your edition (Windows 10/11 or the relevant Windows Server release).
- If you cannot patch right away, restrict network access to the affected host as tightly as possible until the fix is installed.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:LPrivileges RequiredUI:NUser InteractionS:CScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
- В июле Microsoft исправила рекордные 622 уязвимости в своих продуктахru-ru·Хакер (xakep.ru)· Source-only·
- Цунами уязвимостей: июльский Microsoft Patch Tuesdayru-ru·Kaspersky Daily (RU)· Summary only·
- Records Are Made to Be Broken: Patch Tuesday Raises Triage Stakesen·Dark Reading·
- Microsoft and Adobe Patch Tuesday, July 2026 Security Update Reviewen-us·Qualys Security Blog·
- Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilitiesen·Cisco Talos·
- Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attacken·The Hacker News·
- Microsoft Patch Tuesday July 2026 - The AI Acopolypse is Hereen·SANS Internet Storm Center·
- Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Daysen-us·SecurityWeek·
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-daysen-us·BleepingComputer·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-57092 and every CVE in our database. Create a free account — no credit card required.
Create Free Account