CVE-2026-42912: Windows Telephony Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Metrics
- CVSS v3.1
- 7.0
- Severity
- HIGH
- Fixed in
- 6.2.9200.26132
- Affected Products
- 20
HarborGuard Analysis
Synopsis
A race condition in the Windows Telephony Service allows a locally authenticated attacker to elevate privileges on affected Windows 10 and Windows 11 systems. The attacker must already hold a low-privilege account on the host and exploit a timing window in how the service handles shared resources; no network access or victim interaction is required. Successful exploitation gives the attacker full control over confidentiality, integrity, and availability of the affected system. Patched-image rebuilds at the fix versions are available on HarborGuard for environments running affected Windows base images.
HarborGuard Coverage
Detection of CVE-2026-42912 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of publication using upstream feeds from Microsoft and NVD. This coverage extends to custom-built images that layer on top of affected Windows base images, not just images pulled directly from public registries.
AvailableTriage is available with CVSS 7.0 (HIGH) scoring applied automatically, weighted further by each customer organization's own compliance policy to reflect their risk tolerance. Findings are routed to the appropriate team inbox within each customer org based on policy-defined ownership rules.
AvailableA patched-image rebuild targeting the applicable fix versions (including 10.0.14393.9234, 10.0.17763.8880, and 10.0.19044.7417) is available on HarborGuard for any environment running an affected Windows base image. For customers who opt into auto-remediation, HarborGuard can trigger a rebuild, run regression tests, and open a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network-facing exposure is required to trigger the vulnerability.
- AuthenticationRequired
Any low-privilege local account is sufficient; no administrative rights are needed to attempt exploitation.
- Victim interactionNot required
The attacker can trigger the race condition without any action from another user or administrator on the system.
- Attack complexityDetail
Exploitation depends on winning a race condition tied to shared-resource timing, which introduces environmental variability and makes reliable exploitation harder.
Blast Radius
- A successful attacker reads protected system data and credentials held by higher-privileged processes.
- A successful attacker writes to or modifies system files, registry keys, and other protected resources normally restricted to SYSTEM or administrator-level processes.
- A successful attacker can crash or destabilize system services, causing loss of availability for the host.
- Combined control over confidentiality, integrity, and availability effectively gives the attacker full local system compromise.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-42912 is active across customer pipelines and registries, including images built on Windows base layers. For environments running affected versions of Windows 10 or Windows 11 base images, patched rebuilds at the corrected OS patch levels are available. Where compliance policy permits, customers with auto-remediation enabled receive a rebuilt image, a regression-test run, and a PR opened against affected workloads; for HIGH-severity issues, median time from CVE publication to a merged patch PR is around 90 minutes in those environments. Customers who manage their own patch cadence can use HarborGuard's policy controls to flag any image still running a vulnerable Windows base version and block it from progressing through the pipeline until an updated base layer is confirmed.
Fix available
- Microsoft / Windows 10 Version 1607< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows 10 Version 1809< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows 10 Version 21H2< 10.0.19044.7417 (from 10.0.19044.0)
- Microsoft / Windows 10 Version 22H2< 10.0.19045.7417 (from 10.0.19045.0)
- Microsoft / Windows 11 version 23H2< 10.0.22631.7219 (from 10.0.22631.0)
- Microsoft / Windows 11 Version 23H2< 10.0.22631.7219 (from 10.0.22631.0)
- Microsoft / Windows 11 Version 24H2< 10.0.26100.8655 (from 10.0.26100.0)
- Microsoft / Windows 11 Version 25H2< 10.0.26200.8655 (from 10.0.26200.0)
- Microsoft / Windows 11 version 26H1< 10.0.28000.2269 (from 10.0.28000.0)
- Microsoft / Windows Server 2012< 6.2.9200.26132 (from 6.2.9200.0)
- Microsoft / Windows Server 2012 (Server Core installation)< 6.2.9200.26132 (from 6.2.9200.0)
- Microsoft / Windows Server 2012 R2< 6.3.9600.23228 (from 6.3.9600.0)
- Microsoft / Windows Server 2012 R2 (Server Core installation)< 6.3.9600.23228 (from 6.3.9600.0)
- Microsoft / Windows Server 2016< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows Server 2016 (Server Core installation)< 10.0.14393.9234 (from 10.0.14393.0)
- Microsoft / Windows Server 2019< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows Server 2019 (Server Core installation)< 10.0.17763.8880 (from 10.0.17763.0)
- Microsoft / Windows Server 2022< 10.0.20348.5256 (from 10.0.20348.0)
- Microsoft / Windows Server 2025< 10.0.26100.32995 (from 10.0.26100.0)
- Microsoft / Windows Server 2025 (Server Core installation)< 10.0.26100.32995 (from 10.0.26100.0)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C