—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege Escalation Vulnerability in Windows Graphics Component 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Windows Graphics Component

Overview

A vulnerability has been reported in Windows Graphics Component, which could be exploited by an attacker to escalate privileges on the targeted system.

Target Audience:

All end-user organizations and individuals using Microsoft Graphics Component.

Impact Assessment:

Potential for Privilege Elevation.

Description

A use after free vulnerability exists in Microsoft Graphics Component. This vulnerability allows an authorized attacker to exploit improper handling of access control and file state transitions within the driver, enabling local privilege escalation on the affected system.

Successful exploitation of this vulnerability could allow the attacker escalation of privileges on the targeted system.

Solution

Apply appropriate security updates as mentioned in:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20822

Vendor Information

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20822

References

 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20822

CVE Name

CVE-2026-20822

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmluJFQACgkQ3jCgcSdc

ys+dRg//TQ1k4hDsqqrpbV1XnkaAmbqWXILppul4trCb2H4EhA6XE4YDl3UAbn9W

rIgh/ZhJZpNPxwKvowed7IEkrcvWwd/x7h5NW2vvk4PsmyG2qo0cXhTobdLMcMco

t/Fn1kuH9kGdOzi1aAadGg3dTbuW/spuCQu1uB/Zh5dvD2OeVAp0ck+zY7/Bs+Ar

aA4fDML8AzhR8LmbZ0CD7BrkyOFNgfDp3OzrILYXM4mnz2q7PRQgC5az5YxjLezw

Al41b9nJYseRzNqrZqjWYb8cAN8sH769U6COoIxW6LyvD6ds1k9EXIEUXnqOVrif

qdDGIJWckH+YJiLl5eTE+6fWrhRCwEoF9TgjFd9x5Q/jNN9mQ0i2MLuniTJDWpwP

47i9/7CD4sX75BdY4sa11/TEb5Aj+PMIHInBxj1o3FORLCxTJFPOaoO2c9WVZUED

y1t9eykRxxgoYYAbwc+E/PLnbkYaEvLyTNG4y/Fb0cni4RdFdrNQ+l1H4R6TjiFi

+Gl5fhzH5euO2QUjbgMX9SciVpqivg3Zsrg8+jFOq+BPFOvCHNBA7a1b53j5ArHb

03+hXsFyPMhgis3JQP9KtCcV+ib+yptX8aLTrb6LG4LONzBSTwUzbYE+Y0FtOsBZ

9d7DKFxA3dXBou1Yp57vUP4pQetatEDBcB3oybDqxtziEYfsxiM=

=hwdi

—–END PGP SIGNATURE—–