SB20260113122 - Multiple vulnerabilities in Microsoft Windows Management Services

Security Bulletin ID SB20260113122

Severity

Low

Patch available

YES

Number of vulnerabilities 12

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.

1) Race condition (CVE-ID: CVE-2026-20866)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in Windows Management Services. A local user can exploit the race and escalate privileges on the system.

2) Race condition (CVE-ID: CVE-2026-20873)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in Windows Management Services. A local user can exploit the race and escalate privileges on the system.

3) Race condition (CVE-ID: CVE-2026-20874)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in Windows Management Services. A local user can exploit the race and escalate privileges on the system.

4) Use-after-free (CVE-ID: CVE-2026-20924)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Windows Management Services. A local user can win a race condition and gain elevated privileges on the target system.

5) Race condition (CVE-ID: CVE-2026-20867)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in Windows Management Services. A local user can exploit the race and escalate privileges on the system.

6) Race condition (CVE-ID: CVE-2026-20861)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in Windows Management Services. A local user can exploit the race and escalate privileges on the system.

7) Information disclosure (CVE-ID: CVE-2026-20862)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Management Services. A local user can gain unauthorized access to sensitive information on the system.

8) Use-after-free (CVE-ID: CVE-2026-20923)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Windows Management Services. A local user can win a race condition and gain elevated privileges on the target system.

9) Use-after-free (CVE-ID: CVE-2026-20858)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Windows Management Services. A local user can win a race condition and gain elevated privileges on the target system.

10) Race condition (CVE-ID: CVE-2026-20918)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in Windows Management Services. A local user can exploit the race and escalate privileges on the system.

11) Use-after-free (CVE-ID: CVE-2026-20877)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Windows Management Services. A local user can win a race condition and gain elevated privileges on the target system.

12) Use-after-free (CVE-ID: CVE-2026-20865)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Windows Management Services. A local user can win a race condition and gain elevated privileges on the target system.

Remediation

Install update from vendor's website.

SB20260113122 - Multiple vulnerabilities in Microsoft Windows Management Services

Breakdown by Severity

Description

Remediation

References