New Micropatches Address Local Privilege Escalation Vulnerabilities in Windows

Severity: Medium (Score: 57.9)

Sources: Blog.0Patch

Summary

Two recent vulnerabilities affecting Windows systems have been patched. CVE-2025-59512, published on 2025-11-11, allows low-privileged users to delete arbitrary registry keys via the 'Consolidator' scheduled task, potentially leading to privilege escalation. CVE-2026-21508, published on 2026-02-10, enables local users to run arbitrary code as Local System through the Windows Storage component. Both vulnerabilities were reported by security researchers and have been addressed with micropatches from 0patch. The patches are available for multiple versions of Windows, including Windows 10 and Windows 11. Users are advised to apply these patches to prevent exploitation. The vulnerabilities affect systems that are no longer receiving official updates, emphasizing the importance of third-party patching solutions. Key Points: • CVE-2025-59512 allows arbitrary registry key deletion by low-privileged users. • CVE-2026-21508 enables local privilege escalation through Windows Storage component. • 0patch has released micropatches for both vulnerabilities across multiple Windows versions.

Key Entities

• Zero-day Exploit (attack_type)
• Microsoft (company)
• CVE-2025-59512 (cve)
• CVE-2026-21508 (cve)
• T1053 - Scheduled Task/Job (mitre_attack)
• T1055 - Process Injection (mitre_attack)
• Microsoft Office (platform)
• Windows (platform)
• Arbitrary Registry Key Delete (vulnerability)