CVE-2026-21223 | THREATINT

Description

Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged update commands as LocalSystem. This allows a non‑administrator to enable or disable Windows Virtualization‑Based Security (VBS) by modifying protected system registry keys under HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard. Disabling VBS weakens critical platform protections such as Credential Guard, Hypervisor‑protected Code Integrity (HVCI), and the Secure Kernel, resulting in a security feature bypass.

PUBLISHED Reserved 2025-12-11 | Published 2026-01-16 | Updated 2026-01-20 | Assigner microsoft

Problem types

CWE-269: Improper Privilege Management

Product status

1.0.0.0 (custom) before 144.0.3719.82

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21223 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) vendor-advisory patch

cve.org (CVE-2026-21223)

nvd.nist.gov (CVE-2026-21223)

Download JSON