CVE-2026-42912: Windows Telephony Service Elevation of Privilege Vulnerability

Published Jun 9, 2026
·
Updated

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Other sources

Windows Telephony Service Elevation of Privilege Vulnerability

Microsoft

Affected Software

55 affected componentsFixes available
Microsoft Windows 11=24H2
Patch available
Microsoft Windows 11=24H2
Patch available
Microsoft Windows Server 2025
Patch available
Microsoft Windows 11=23H2
Patch available
Microsoft Windows 11=23H2
Patch available
Microsoft Windows Server 2022
Patch available
Microsoft Windows 10=1809
Patch available
Microsoft Windows 10=1809
Patch available
Microsoft Windows Server 2019
Patch available
Microsoft Windows Server 2019
Patch available
Microsoft Windows Server 2025
Patch available
Microsoft Windows 11=25H2
Patch available
Microsoft Windows 11=25H2
Patch available
Microsoft Windows 10=22H2
Patch available
Microsoft Windows 10=21H2
Patch available
Microsoft Windows 10=22H2
Patch available
Microsoft Windows 10=22H2
Patch available
Microsoft Windows Server 2012 R2
Patch available
Microsoft Windows 10=21H2
Patch available
Microsoft Windows 10=21H2
Patch available
Microsoft Windows Server 2012
Patch available
Microsoft Windows Server 2022
Patch available
Microsoft Windows Server 2012
Patch available
Microsoft Windows Server 2012 R2
Patch available
Microsoft Windows 10=1607
Patch available
Microsoft Windows Server 2016
Patch available
Microsoft Windows Server 2016
Patch available
Microsoft Windows 11=26H1
Patch available
Microsoft Windows 11=26H1
Patch available
Microsoft Windows 10=1607
Patch available
Microsoft Windows Telephony Service
Microsoft Windows 10 1607<10.0.14393.9234
Microsoft Windows 10 1607<10.0.14393.9234
Microsoft Windows 10 1809<10.0.17763.8880
Microsoft Windows 10 1809<10.0.17763.8880
Microsoft Windows 10 21h2<10.0.19044.7417
Microsoft Windows 10 21h2<10.0.19044.7417
Microsoft Windows 10 21h2<10.0.19044.7417
Microsoft Windows 10 22h2<10.0.19045.7417
Microsoft Windows 10 22h2<10.0.19045.7417
Microsoft Windows 10 22h2<10.0.19045.7417
Microsoft Windows 11 23h2<10.0.22631.7219
Microsoft Windows 11 23h2<10.0.22631.7219
Microsoft Windows 11 24h2<10.0.26100.8655
Microsoft Windows 11 24h2<10.0.26100.8655
Microsoft Windows 11 25h2<10.0.26200.8655
Microsoft Windows 11 25h2<10.0.26200.8655
Microsoft Windows 11 26h1<10.0.28000.2269
Microsoft Windows 11 26h1<10.0.28000.2269
Microsoft Windows Server 2012
Microsoft Windows Server 2012=r2
Microsoft Windows Server 2016<10.0.14393.9234
Microsoft Windows Server 2019<10.0.17763.8880
Microsoft Windows Server 2022<10.0.20348.5256
Microsoft Windows Server 2025<10.0.26100.32995

Event History

Jun 9, 2026
CVE Published
via Microsoft·02:00 PM
Data Sourced
via Microsoft·02:00 PM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·02:00 PM
Affected Software
Updated
via Microsoft·02:00 PM
Description
CVE Published
via MITRE·05:06 PM
Data Sourced
via MITRE·05:06 PM
DescriptionSeverity
Data Sourced
via NVD·05:17 PM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2026-42912?

The severity of CVE-2026-42912 is classified as high with a score of 7.

2

What systems are affected by CVE-2026-42912?

CVE-2026-42912 affects Microsoft Windows 10, Windows 11, and various versions of Windows Server 2012 through 2025.

3

How do I fix CVE-2026-42912?

To fix CVE-2026-42912, ensure that you apply the latest security updates provided by Microsoft for your affected operating systems.

4

What is the nature of the vulnerability CVE-2026-42912?

CVE-2026-42912 is a race condition vulnerability in Windows Telephony Service that allows an attacker to elevate privileges.

5

Who can exploit CVE-2026-42912?

CVE-2026-42912 can be exploited by an authorized attacker with local access to the affected systems.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203