"A newly disclosed Windows Admin Center flaw carries a CVSS score of 8.8 and could let an authorized user quietly escalate privileges across enterprise environments. The vulnerability affects WAC version 2.6.4 and, if exploited, may grant sweeping administrative control over the very systems it was built to manage. "Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network," Microsoft said in its advisory."
"If exploited, the attacker could obtain the same level of access as the account running Windows Admin Center. In many enterprise deployments, that account holds administrative rights across multiple managed servers. With that level of control, an attacker could modify system configurations, create or alter privileged accounts, disable security controls, access sensitive enterprise data, and move laterally across the network."
Windows Admin Center version 2.6.4 contains an authentication vulnerability (CVE-2026-26119) rated CVSS 8.8 that can allow an authorized user to escalate privileges across a network. Windows Admin Center serves as a centralized management platform for Windows Server environments, virtual machines, failover clusters, and other infrastructure, and often runs with elevated administrative permissions. An attacker with limited authorized access could exploit the flaw to obtain the same access as the account running Windows Admin Center. Such access frequently grants administrative rights across multiple managed servers. An attacker could modify configurations, create or alter privileged accounts, disable security controls, access sensitive data, and move laterally across the enterprise. Microsoft has not reported active exploitation in the wild.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]