CVE-2026-42825 – Windows Telephony Service

A use-after-free vulnerability exists in Windows Telephony Service that allows an authorized local attacker to elevate privileges. Successful exploitation requires the attacker to win a race condition, making the attack complexity high. If exploited, the attacker could gain SYSTEM privileges, giving them broad control over the affected Windows system.

CVSS Score: 7.0

SEVERITY: Important

THREAT:
This vulnerability can turn limited local access into full SYSTEM-level control. An attacker who already has low privileges could exploit the flaw to access sensitive data, modify system settings, disable protections, or support follow-on attacks.

EXPLOITS:
No public exploit or proof-of-concept (PoC) exploit code has been confirmed. The vulnerability is not reported as exploited, and exploitation is assessed as unlikely. Exploit code maturity is listed as Unproven.

TECHNICAL SUMMARY:
The vulnerability is caused by a use-after-free condition in Windows Telephony Service. This type of memory safety issue can occur when software continues using memory after it has been freed. In this case, a local authorized attacker could exploit the condition to elevate privileges. The CVSS vector shows local attack access, high attack complexity, low privileges required, no user interaction, and high impact to confidentiality, integrity, and availability.

EXPLOITABILITY:
Affected software is Windows Telephony Service on vulnerable Windows systems. Exploitation requires local access, low privileges, and successful timing of a race condition. If successful, the attacker could gain SYSTEM privileges.

BUSINESS IMPACT:
This vulnerability is dangerous because it can allow attackers to expand control after gaining an initial foothold. SYSTEM-level access can enable credential theft, security tool tampering, data manipulation, malware installation, and deeper compromise of enterprise Windows environments.

WORKAROUND:
Apply the official Microsoft security update. If patching is delayed, restrict local access, limit low-privileged user rights, monitor for unusual Telephony Service behavior, and watch for unexpected privilege escalation activity.