Microsoft Patches Privilege Escalation Flaw in Windows Admin Center
Take action: If you use Windows Admin Center, apply the February 17 security update immediately — this flaw can let an attacker with minimal access take over your entire domain. While you're at it, review who has access to your Admin Center and restrict it to only those who truly need it.
Learn More
Microsoft released a security update on February 17, 2026, to fix a severe privilege escalation vulnerability in Windows Admin Center. This platform is a used for remote management of Windows servers, Azure resources, and hybrid environments.
The vulnerability is tracked as CVE-2026-26119 (CVSS score 8.8) an improper authentication vulnerability that allows attackers to escalate privileges by exploiting weaknesses in session token handling. Attackers can craft specific requests with low-level access, by impersonating high-privilege users and bypass role-based access controls.
A successful exploit allows threat actors to pivot from an initial foothold to full domain takeover. No public exploit code exists yet. Windows Admin Center often manages Active Directory and Hyper-V environments, the impact on confidentiality, integrity, and availability is high. Attackers can use this access to steal sensitive data, deploy ransomware, or disrupt critical infrastructure.
Administrators should apply the official fix ASAP. Segment Windows Admin Center traffic on isolated VLANs and use Privileged Access Management (PAM) for just-in-time access.
