Cybersecuritynews
RegPwn: Critical Windows Registry Flaw Grants SYSTEM Access
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Researchers at MDSec have disclosed a critical Elevation of Privilege vulnerability in Microsoft Windows, identified as 'RegPwn' and tracked as CVE-2026-24291. This vulnerability allows low-privileged users to gain full SYSTEM access by exploiting the handling of registry configurations for Windows Accessibility features. The flaw was discovered during internal engagements by MDSec's red team, who have been aware of it since January 2025. Microsoft addressed the issue in a recent Patch Tuesday update on March 10, 2026. The flaw affects various Windows systems utilizing Accessibility features like the On-Screen Keyboard and Narrator. Security professionals are urged to apply the patch immediately to mitigate potential exploitation. The vulnerability has been classified as high severity due to its potential impact on system security.
Key Points: • RegPwn (CVE-2026-24291) allows low-privileged users to gain SYSTEM access. • The vulnerability was discovered by MDSec and has been known since January 2025. • Microsoft released a patch for RegPwn on March 10, 2026.