CVE-2026-23668: Microsoft Windows cdd.dll Driver Flaw Allows Local Privilege Escalation to SYSTEM

Microsoft has released a security update to address CVE-2026-23668, a local privilege escalation vulnerability in the Windows cdd.dll driver. The flaw, reported by researcher Marcin Wiazowski, carries a CVSS score of 8.8 and allows an attacker with low-privileged code execution to escalate privileges to SYSTEM.

The vulnerability resides in the cdd.dll driver's improper locking when performing operations on an object. This lack of synchronization can be exploited by an attacker to execute arbitrary code in the context of SYSTEM, the highest privilege level on Windows. The attack requires local access and low privileges, making it a significant threat in post-exploitation scenarios where an attacker has already gained a foothold on a system.

Microsoft has issued a security update as part of its March 2026 Patch Tuesday release. The update is available through the Microsoft Update Guide and Windows Update. Users are strongly advised to apply the patch promptly to mitigate the risk of privilege escalation attacks.

The vulnerability was disclosed through the Zero Day Initiative (ZDI) as ZDI-26-180, following a coordinated disclosure timeline. The researcher reported the flaw to Microsoft on December 2, 2025, and the advisory was publicly released on March 10, 2026.

This vulnerability is part of a broader trend of privilege escalation vulnerabilities in Windows kernel drivers, which are frequently targeted by attackers to gain full control of compromised systems. The high CVSS score reflects the criticality of such flaws, as they can turn a low-privilege foothold into a complete system compromise.

Organizations should prioritize testing and deploying the update, especially on systems where attackers may have already gained initial access. The update is available at Microsoft's advisory.