Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool's ms-screensketch: URI handler, the newly flagged issue resides in the...

CVE-2026-27909

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

EUVD-2026-22447

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

CVE-2026-27909

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

CVE-2026-27909 Windows Search Service Elevation of Privilege Vulnerability

...

CVE-2026-27909

CVE-2026-27909 is a Windows Search Component elevation-of-privilege vulnerability (use-after-free) that could allow an authenticated local attacker to gain SYSTEM privileges. Connected advisories confirm the issue and indicate Microsoft has fixed vulnerabilities across Windows components in April...

CVE-2026-27909 Windows Search Service Elevation of Privilege Vulnerability

...

Windows Search Service Elevation of Privilege Vulnerability

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. The Microsoft Windows Search Component has a resource management vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected...

PT-2026-32771

CVE-2026-27909 Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. https://t.co/EEmqZf1GgX...

Vim 代码问题漏洞

Vim is a cross-platform text editor from the Vim open source. A code issue vulnerability exists in versions prior to Vim 9.1.1947 that stems from insufficient search path control on Windows and could lead to the execution of a malicious executable...

CVE-2025-59253

Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally...

CVE-2025-59198

Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally...

CVE-2025-59190

Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally...

EUVD-2025-34274

Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally...

EUVD-2025-34295

Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally...

EUVD-2025-34301

Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally...

CVE-2025-59253

Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally...

CVE-2025-59253

Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally...

CVE-2025-59198

Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally...