—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege Escalation Vulnerability in Windows Virtualization-Based Security (VBS) Enclave 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

The following Windows Virtualization-Based Security (VBS) have been affected:

Windows Server 2025 (Server Core installation) 10.0.26100.x and prior

Windows Server 2025 10.0.26100.x and prior

Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.x and prior

Windows 11 Version 25H2 10.0.26200.x and prior

Windows 11 Version 24H2 10.0.26100.x and prior

Windows 11 Version 23H2 10.0.22631.x and prior

Windows 11 Version 22H3 10.0.22631.x and prior

Overview

A vulnerability has been reported in Microsoft Windows Virtualization-Based Security (VBS) Enclave which may allow a local attacker to elevate privileges and compromise system security boundaries.

Target Audience:

Individuals and organizations using the above-mentioned Microsoft Windows operating systems with Virtualization-Based Security (VBS) Enclave enabled.

Risk Assessment:

High risk of privilege escalation, security bypass, and system compromise on affected Windows systems.

Impact Assessment:

Elevation of privileges, compromise of system integrity, unauthorized access, and potential security bypass.

Description

Microsoft Windows is a widely used operating system that provides core system services, application support, and advanced security features for both personal and enterprise environments. Microsoft Windows implements Virtualization-Based Security (VBS) to isolate sensitive system components within secure enclaves backed by hardware virtualization.

This vulnerability exists due to a heap-based buffer overflow in the VBS Enclave component. An authorized local attacker with elevated privileges can exploit this flaw to corrupt memory within the enclave, leading to unintended behavior and privilege escalation beyond intended security boundaries.

Successful exploitation of this vulnerability may allow an attacker to elevation of privileges, compromise of system integrity, unauthorized access, and potential security bypass.

Solution

Apply the security updates released by Microsoft:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20876

Vendor Information

Microsoft

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20876

References

 

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20876

CVE Name

CVE-2026-20876

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmluI6QACgkQ3jCgcSdc

ys/SnQ//fuXpNOdqPFBpQWDVFsZEFdPIvf3Xrr+PaWXvfEE9ajeBjRXN4A99AoV7

LGAWbZZxDah51UzH22RcomPmcTMg7+aSvWvYB1tc/wq88t3ytvzmJYr/liafikm1

Fb4WX4Gr3N+0V36B+nh0XOvxOc1EnXePv6ZSWewqGFwjs5X7aaWoZ936NppgE9Xy

B7JczCd3vdQl6/Uwt2mKWHQUk+Jf2OVf46XY2UfXCJjf1jeD5jT6ijEHLJsd6jCS

67h+gZ7d7JwHj3NZehZtQEMHoYrXPzTkSWGzTy4WXm7/AcmRdB804vH5UFPt2xtC

Jap0wajytnvwJjrmcEDxbNUz5PS0Ng1nAN0NCITmCQmZzTYLM6t7S6tyH/4kGxOg

7bnvlp926tZINuX6NTcALBgtW0wSltJJ1/zi3FH2rPZqHqv4+V9n5Ir9jzaG9p+f

jhFsuASEqDrJn6e5EAmw6DlC6SdJ/IQbYMleSWtVz5Y69snZfGq/LBb94PUtMRI0

l3gPSRe5CKyFRhJLEC8MIuTihvY5A8xPjbrtWy64d0dMbTOREhOrN65PkwQB74y9

wqK3JltedmICRDoN2mgPzgr5K2OlfnP2aZV59DE+PBrQEkL5+WWsj094SjiZM0et

PWaPDhft2PxEieC6byQAJYcU/DFyu6DTvIy1d4QLgBp4Dm6n/Jg=

=qWeX

—–END PGP SIGNATURE—–