{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-27914/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-27914"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","windows","cve-2026-27914"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-27914 describes an improper access control vulnerability affecting Microsoft Management Console (MMC). The vulnerability allows an attacker who already has local access to a system, but with limited privileges, to elevate those privileges to a higher level. This could allow the attacker to perform actions they would normally be restricted from doing, potentially leading to full system compromise. Public details emerged on April 14, 2026 when the CVE was published by Microsoft. Defenders need to ensure systems are patched to prevent exploitation by malicious actors post-authentication.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial access to the target system with low-privileged account credentials. This could be achieved through various means, such as exploiting a separate vulnerability or obtaining credentials through phishing or social engineering.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages their existing access to execute the Microsoft Management Console (mmc.exe).\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates MMC to load a specifically crafted snap-in or configuration file.\u003c/li\u003e\n\u003cli\u003eThe malicious snap-in exploits the improper access control vulnerability within MMC.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation allows the attacker to bypass intended access restrictions.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages elevated privileges to perform malicious actions, such as installing malware or modifying system configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker gains persistence through newly installed malware or changes to system settings.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves the objective of escalating privileges to gain complete control of the system and exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-27914 allows a local attacker to escalate their privileges, potentially leading to full system compromise. The impact could include unauthorized access to sensitive data, installation of malware, disruption of services, and complete control of the affected system. The scope of the impact depends on the level of access the attacker gains and the resources available on the compromised system.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update released by Microsoft to patch CVE-2026-27914 to prevent exploitation (\u003ca href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27914)\"\u003ehttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27914)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided in this brief to your SIEM to detect potential exploitation attempts involving suspicious MMC command line arguments.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for mmc.exe spawning child processes with unusual privileges or access rights to detect potential privilege escalation activity.\u003c/li\u003e\n\u003cli\u003eInvestigate any alerts triggered by the Sigma rule or suspicious process creation events related to MMC.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-15T12:00:00Z","date_published":"2026-04-15T12:00:00Z","id":"/briefs/2026-04-mmc-privesc/","summary":"CVE-2026-27914 is an improper access control vulnerability in Microsoft Management Console that allows a locally authorized attacker to elevate privileges.","title":"Microsoft Management Console Improper Access Control Vulnerability (CVE-2026-27914)","url":"https://feed.craftedsignal.io/briefs/2026-04-mmc-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-27914","version":"https://jsonfeed.org/version/1.1"}