CVE-2026-42912
HighCVSS 7.0Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
In Windows Telephony Service, there is a concurrent execution issue using shared resources with improper synchronization, leading to a race condition. This allows an authorized attacker to elevate privileges locally.
Risk Assessment
An attacker with local access could exploit this vulnerability to gain higher privileges, potentially leading to unauthorized access to the system and data.
Recommendation
It is recommended to update the operating system to the latest version to patch this vulnerability and to monitor system access for potential exploitation attempts.
Original NVD description (English source)
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

