Micropatches Released for Windows Elevation of Privilege Vulnerabilities

Micropatches Released for Windows Elevation of Privilege Vulnerabilities

First seen 14 Jul 2026, 14:06 UTC Blog.0Patch 72% similarity 57.9

Article Content

Browse articles
ThreatCluster

Two critical vulnerabilities affecting Windows systems have been addressed with micropatches. CVE-2025-60704, a privilege escalation vulnerability in Kerberos, allows attackers on local networks to impersonate domain users. This flaw was reported by Eliran Partush and Dor Segal of Silverfort and was patched by Microsoft in November 2025. CVE-2026-20871, a local privilege escalation vulnerability in Desktop Window Manager, enables unprivileged attackers to execute arbitrary code as System. This vulnerability was reported through the Trend Zero Day Initiative and patched in January 2026. 0patch has released micropatches for legacy Windows versions to mitigate these issues. Both vulnerabilities can be exploited by local attackers, posing risks to systems that are no longer receiving official updates.

Key Points: • CVE-2025-60704 allows local network attackers to impersonate any domain user. • CVE-2026-20871 enables local unprivileged attackers to execute arbitrary code as System. • 0patch provides micropatches for legacy Windows versions to mitigate these vulnerabilities.

ThreatCluster AI

Timeline

2025-11-11
CVE-2025-60704 published
A privilege escalation vulnerability in Kerberos was disclosed, allowing local attackers to impersonate domain users.
Blog.0Patch
2026-01-13
CVE-2026-20871 published
A local privilege escalation vulnerability in Desktop Window Manager was disclosed, enabling arbitrary code execution.
Blog.0Patch
2026-07-12
Micropatches released for CVE-2026-20871
0patch released micropatches for legacy Windows versions to address the Desktop Window Manager vulnerability.
Blog.0Patch
2026-07-13
Micropatches released for CVE-2025-60704
0patch released micropatches for legacy Windows versions to mitigate the Kerberos vulnerability.
Blog.0Patch

Community

Browse all →