📄 Microsoft MMC (.MSC) File Execution Abuse Leading / Admin Creation

This Metasploit local Windows exploit module abuses the way Microsoft Management Console MMC processes specially crafted .msc files to achieve arbitrary PowerShell execution when a user opens the file. The payload is designed to create a new local administrator account or execute a custom command...

CVE-2026-27914

Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally...

EUVD-2026-22458

Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally...

CVE-2026-27914 Microsoft Management Console Elevation of Privilege Vulnerability

...

CVE-2026-27914

CVE-2026-27914 affects the Microsoft Management Console (MMC). It is an Elevation of Privilege vulnerability where a local attacker with low privileges and no user interaction can potentially gain high impact on confidentiality, integrity, and availability due to the underlying root cause describ...

CVE-2026-27914 Microsoft Management Console Elevation of Privilege Vulnerability

...

Microsoft Management Console Elevation of Privilege Vulnerability

Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally...

PT-2026-32776

Name of the Vulnerable Software and Affected Versions Microsoft Management Console affected versions not specified Description Improper access control in the Microsoft Management Console allows an authorized attacker to elevate privileges locally, enabling them to affect the system. Recommendatio...

Microsoft Management Console 访问控制错误漏洞

Microsoft Management Console is a general-purpose management console framework developed by Microsoft Corporation. It is used to host and manage various system management tools, known as console plugins or management units. There is an access control error vulnerability in Microsoft Management...

📄 Microsoft MMC MSC EvilTwin Local Admin Creation

Microsoft MMC MSC EvilTwin local admin creation exploit. !/usr/bin/env python3 Exploit Title: Microsoft MMC MSC EvilTwin - Local Admin Creation Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.microsoft.com...

EUVD-2024-37224

Malicious code in bioql PyPI...

EUVD-2025-6311

Malicious code in bioql PyPI...

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. Trustwave SpiderLabs said it recently observed an EncryptHub campaign that brings together social engineering and the exploitation of a vulnerabilit...

PT-2025-17846 · Undefined · Undefined

We added the following vulnerabilities to our feed: - UNDISCLOSED: Microsoft Management Console - CVE-2025-24054: Windows File Explorer NTLM Leak - CVE-2025-24985: Windows FAT DoS - CVE-2023-36205: Zemana AntiMalware LPE - CVE-2021-21551: Dell Driver LPE https://t.co/iKW6swSCtZ...

Exploit for Improper Neutralization in Microsoft

CVE-2025-26633 - MSC EvilTwin PoC Proof of Concept PoC...

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is...

A Deep Dive into Water Gamayun’s Arsenal and Infrastructure

Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework CVE-2025-26633 to execute malicious code on infected machines...

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware

The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc...

CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin

Trend Research identified Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data...

CVE-2025-26633

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally...