Blog.0Patch
Micropatches Released for Windows Elevation of Privilege Vulnerabilities
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Two critical vulnerabilities affecting Windows systems have been addressed with micropatches. CVE-2025-60704, a privilege escalation vulnerability in Kerberos, allows attackers on local networks to impersonate domain users. This flaw was reported by Eliran Partush and Dor Segal of Silverfort and was patched by Microsoft in November 2025. CVE-2026-20871, a local privilege escalation vulnerability in Desktop Window Manager, enables unprivileged attackers to execute arbitrary code as System. This vulnerability was reported through the Trend Zero Day Initiative and patched in January 2026. 0patch has released micropatches for legacy Windows versions to mitigate these issues. Both vulnerabilities can be exploited by local attackers, posing risks to systems that are no longer receiving official updates.
Key Points: • CVE-2025-60704 allows local network attackers to impersonate any domain user. • CVE-2026-20871 enables local unprivileged attackers to execute arbitrary code as System. • 0patch provides micropatches for legacy Windows versions to mitigate these vulnerabilities.