CVE-2026-32222
Untrusted Pointer Dereference in Windows Win32K Enables Local Privilege Escalation
Publication date: 2026-04-14
Last updated on: 2026-04-17
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_11_24h2 | to 10.0.26100.8246 (exc) |
| microsoft | windows_11_24h2 | to 10.0.26100.8246 (exc) |
| microsoft | windows_11_25h2 | to 10.0.26200.8246 (exc) |
| microsoft | windows_11_25h2 | to 10.0.26200.8246 (exc) |
| microsoft | windows_11_26h1 | to 10.0.28000.1836 (exc) |
| microsoft | windows_11_26h1 | to 10.0.28000.1836 (exc) |
| microsoft | windows_server_2025 | to 10.0.26100.32690 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-822 | The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an authorized attacker to elevate privileges locally on affected Windows systems.
Elevation of privilege vulnerabilities can potentially lead to unauthorized access to sensitive data or system functions, which may impact compliance with standards such as GDPR or HIPAA that require protection of personal and health information.
However, no specific information is provided about direct effects on compliance with these regulations.
Can you explain this vulnerability to me?
This vulnerability is an untrusted pointer dereference in the Windows Win32K component called ICOMP. It allows an authorized attacker to elevate their privileges locally on the affected system.
How can this vulnerability impact me? :
The vulnerability can allow an authorized attacker to elevate their privileges on a Windows system. This means the attacker could gain higher-level access than intended, potentially leading to full control over the system, compromising confidentiality, integrity, and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the security updates provided by Microsoft as soon as possible to fix the untrusted pointer dereference issue in Windows Win32K - ICOMP.