escalation Archives

Winsage

March 4, 2026

PoC Exploit Released for Microsoft Windows Error Reporting ALPC Privilege Escalation

A proof-of-concept exploit for CVE-2026-20817, a local privilege escalation vulnerability in the Windows Error Reporting (WER) service, has been released by security researcher oxfemale on GitHub. This vulnerability allows low-privileged users to gain SYSTEM-level access through crafted Advanced Local Procedure Call (ALPC) messages. The flaw is located in the WER service's SvcElevatedLaunch method, which fails to validate caller privileges before executing WerFault.exe with user-supplied command line parameters. The CVSS v3.1 base score for this vulnerability is 7.8, indicating a high severity level. It affects unpatched versions of Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022 prior to the January 2026 update. Demonstrations have shown successful exploitation on Windows 11 23H2. Security teams are advised to monitor for unusual processes related to WerFault.exe, investigate missing SeTcbPrivilege in SYSTEM tokens, and review WER-related activities from low-privilege users. Immediate application of the January 2026 security patches is recommended, and a temporary workaround involves disabling the WER service.

Winsage

March 3, 2026

PoC Exploit Released for Windows Error Reporting ALPC Privilege Escalation

A critical local privilege escalation vulnerability, tracked as CVE-2026-20817, affects Microsoft Windows through the Windows Error Reporting (WER) service. This flaw allows authenticated users with low-level privileges to execute arbitrary code with full SYSTEM privileges. The vulnerability resides in the SvcElevatedLaunch method (0x0D) and fails to validate user permissions, enabling attackers to launch WerFault.exe with malicious command-line parameters from a shared memory block. The exploit affects all versions of Windows 10 and Windows 11 prior to January 2026, as well as Windows Server 2019 and 2022. Microsoft addressed this vulnerability in the January 2026 Security Update. Organizations are advised to apply security patches and monitor for unusual WerFault.exe processes.

AppWizard

March 2, 2026

PCs under $500 to “disappear by 2028” predicts analyst. Apparently water’s wet, too.

Gartner predicts that the sub-0 entry-level PC segment will disappear by 2028 due to a 130% increase in memory and SSD costs, contributing to a 17% rise in PC prices by 2025. This situation is expected to result in a 10.4% decline in PC shipments this year, the first contraction in over a decade. Consumers are anticipated to keep their devices longer, with business users holding onto PCs for 15% longer and consumers for 20% longer by the end of 2026. The report indicates that elevated RAM and SSD prices will persist longer than expected, influenced by broader inflation trends. Additionally, the anticipated 50% market penetration of AI PCs is now expected to be delayed until 2028.

Winsage

February 26, 2026

PoC Published for Microsoft Windows Flaw That Allows Low-Privileged Users to Force Irrecoverable BSODs

Security researchers have developed a working Proof of Concept (PoC) exploit for a vulnerability in the Windows kernel, identified as CVE-2026-2636, which allows low-privileged users to induce a Blue Screen of Death (BSoD), resulting in a Denial of Service. This vulnerability is linked to the Windows Common Log File System (CLFS) driver, specifically the CLFS.sys component, and arises from improper handling of invalid or special elements within CLFS (CWE-159). The PoC demonstrates that a non-administrative user can trigger the bug by executing a crafted ReadFile operation on a handle linked to an opened .blf log file without the expected I/O Request Packet (IRP) flags set. This leads to a critical inconsistency in the driver, causing Windows to invoke the kernel routine KeBugCheckEx, which results in a BSoD. The CVE-2026-2636 has a CVSS score of 5.5 (Medium) and poses a high impact on availability, allowing any authenticated user to crash the host reliably. Microsoft addressed this vulnerability in the September 2025 cumulative update, protecting systems running Windows 11 2024 LTSC and Windows Server 2025 by default. However, older or unpatched builds remain vulnerable. Organizations are advised to verify the deployment of the September 2025 updates, prioritize patching multi-user systems, and monitor for unusual spikes in BSoD events.

AppWizard

February 20, 2026

Russia steps up campaign against Telegram with allegations against its founder

The head of Russia's FSB security service has accused Telegram's founder, Pavel Durov, of enabling criminal activities on the platform. Russia's state communications regulator has imposed restrictions on Telegram for failing to remove extremist content, which is significant given the app's importance for communication in the country. In response, Telegram stated that the accusations are false justifications to undermine its operations while promoting a state-owned alternative, MAX. FSB chief Alexander Bortnikov claimed that Durov prioritizes personal interests leading to legal infractions, citing crimes such as juvenile delinquency and terrorism facilitated through Telegram. The communications regulator has slowed down Telegram's functionality due to inadequate responses to warnings, and a government minister raised security concerns about the app's encryption. Telegram has refuted claims of compromised encryption and stated that Russian authorities are pushing citizens towards a state-controlled messaging service. Additionally, other foreign messaging apps like WhatsApp and FaceTime have faced restrictions, and citizens have been encouraged to switch to MAX. Despite the crackdown, Telegram remains popular among Russian authorities, and ordinary users are using VPNs to bypass restrictions.

AppWizard

February 15, 2026

Max Cometh: What The Blocking Of WhatsApp, Telegram Means For Millions Of Russians

Russian authorities have been implementing a "sovereign Internet" initiative, which involves controlling digital communication and filtering information accessed by citizens. Recently, on February 11, Roskomnadzor removed WhatsApp from the National Domain Name System, effectively erasing it from the Russian digital landscape, which impacts over 100 million users. Two days earlier, Telegram experienced significant slowdowns, leading to fines for alleged non-compliance with Russian law. The government has been promoting the state-controlled messaging app, Messenger Max, developed by VK, as an alternative to popular platforms like WhatsApp and Telegram. The recent removal of 13 domain names, including those of major news outlets, marks a significant escalation in efforts to control digital information and is part of a broader strategy established since 2019 to impose stringent Internet regulations. This includes the establishment of a Russian National Domain System that allows Roskomnadzor to dictate website accessibility within the country, raising concerns about the potential instability and isolation of the Russian Internet.

AppWizard

February 12, 2026

Russia fully blocks WhatsApp, talks up state-backed alternative

The Russian government has officially blocked WhatsApp, owned by Meta Platforms, due to its failure to comply with local laws. Kremlin spokesperson Dmitry Peskov confirmed this decision and encouraged citizens to use MAX, a state-backed messaging service, as an alternative. Critics have raised concerns about MAX being a potential surveillance tool, which the authorities denied. The ban on WhatsApp follows six months of pressure on the platform as part of a broader strategy by Russian authorities to establish a "sovereign" communications infrastructure. Meta Russia has been designated as an extremist organization, and WhatsApp criticized the government's actions, warning that blocking the app could increase risks for over 100 million users in Russia. Restrictions include the removal of WhatsApp's domain names from Russia's national register, forcing users to access it via VPNs. The government has also imposed restrictions on other social media platforms and has fined WhatsApp for not removing prohibited content, insisting on the establishment of a local representative office, which has not occurred.

Winsage

February 12, 2026

Microsoft’s latest update patches six zero-days and two critical flaws – but is it another buggy mess?

Microsoft's February Patch Tuesday update addresses feature and security bugs, continuing the refresh of Secure Boot certificates to protect against bootkit malware. Secure Boot prevents malicious software from executing during startup by using trusted certificates, many of which are set to expire in June. The update is available for both Windows 11 and Windows 10 users, with the latter needing to be enrolled in the Extended Security Updates (ESU) program until October 2026. Windows 11 fixes include resolutions for full-screen gaming and WPA3-Personal Wi-Fi connectivity issues, while Windows 10 improvements address Chinese fonts, specific graphics processing units, and custom folder names in File Explorer. A bug causing unexpected restarts in Secure Launch-compatible PCs has also been fixed. The update includes 55 security patches, a decrease from January's 114, with two classified as critical and six identified as zero-day vulnerabilities. One vulnerability exploited in the wild could allow system privilege escalation, another could disrupt network connectivity, and a third could disable security controls and access sensitive data. Users can update their Windows 11 PCs through System > Windows Update, and Windows 10 users through System > Update & Security. Due to previous buggy updates, users may consider waiting a few days before installing the February update, with the option to uninstall if issues arise.

AppWizard

February 12, 2026

WhatsApp says Russia has tried to fully block the messaging app

Russia has moved to block WhatsApp entirely within its borders, aiming to redirect users to MAX, a state-supported messaging application criticized for its potential surveillance capabilities. This action is part of a broader strategy by the Russian government to tighten control over digital communication, following previous restrictions on major social media platforms and other messaging services like Signal and Viber. Kremlin spokesman Dmitry Peskov stated that WhatsApp could be unblocked if it complies with Russian law. The government is also planning new restrictions on Telegram, which has been vital for military communications in Ukraine. MAX, the promoted national messaging app, lacks end-to-end encryption and is designed to share user data with authorities.

AppWizard

February 12, 2026

Russia blocks Meta’s WhatsApp messaging service

Millions of Russians were disconnected from WhatsApp after Russian authorities removed the app from the online directory managed by Roskomnadzor. This action is part of a campaign to restrict access to foreign messaging platforms and encourage the use of a state-sanctioned app called Max, which lacks encryption. Concurrently, Meta's Facebook and Instagram were also removed from the directory and designated as “extremist,” limiting their access to VPNs. Reports indicate that access to YouTube has been impaired. Telegram has gained popularity and faced restrictions, with concerns raised by officials about the impact on information flow. Since last summer, Russia has systematically degraded access to WhatsApp and Telegram, implementing measures that have significantly slowed performance and limited functionalities.