CVE-2026-24295
HIGHWindows Device Association Service - Privilege Escalation
Title source: llmDescription
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.
Scores
CVSS v3
7.0
EPSS
0.0003
EPSS Percentile
7.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-416
CWE-362
Status
published
Affected Products (23)
microsoft/windows_10_22h2
< 10.0.19045.7058
microsoft/windows_10_1607
< 10.0.14393.8957
microsoft/windows_10_1607
< 10.0.14393.8957
microsoft/windows_10_1809
< 10.0.17763.8511
microsoft/windows_10_1809
< 10.0.17763.8511
microsoft/windows_10_21h2
< 10.0.19044.7058
microsoft/windows_10_21h2
< 10.0.19044.7058
microsoft/windows_10_21h2
< 10.0.19044.7058
microsoft/windows_10_22h2
< 10.0.19045.7058
microsoft/windows_10_22h2
< 10.0.19045.7058
microsoft/windows_11_23h2
< 10.0.22631.6783
microsoft/windows_11_23h2
< 10.0.22631.6783
microsoft/windows_11_24h2
< 10.0.26100.7979
microsoft/windows_11_24h2
< 10.0.26100.7979
microsoft/windows_11_25h2
< 10.0.26200.7979
... and 8 more
Timeline
Published
Mar 10, 2026
Tracked Since
Mar 11, 2026