CVE-2026-24291 is a vulnerability classified under CWE-732 (Incorrect Permission Assignment for Critical Resource) affecting Microsoft Windows 10 Version 1607 (build 10.0.14393.0). The flaw resides in the Windows Accessibility Infrastructure component, specifically in the ATBroker.exe process, which manages accessibility features. Due to improper permission settings on critical resources, an authorized local attacker can exploit this vulnerability to elevate their privileges on the affected system. The attacker does not require user interaction to exploit this issue, and the attack complexity is low, as indicated by the CVSS vector (AV:L/AC:L/PR:L/UI:N). The vulnerability impacts confidentiality, integrity, and availability at a high level, allowing attackers to gain higher privileges, potentially leading to full system compromise. Although no public exploits are currently known, the vulnerability is rated with a CVSS 3.1 base score of 7.8 (high severity), reflecting its significant risk. The vulnerability was reserved in January 2026 and published in March 2026. No official patches or mitigations have been linked yet, so organizations must rely on compensating controls until updates are available.

The vulnerability allows local attackers with authorized access to escalate privileges, potentially gaining SYSTEM-level rights. This can lead to unauthorized access to sensitive data, modification or deletion of critical system files, installation of persistent malware, and disruption of system availability. In enterprise environments, exploitation could facilitate lateral movement, undermining network security and increasing the risk of widespread compromise. The lack of required user interaction and low attack complexity increase the likelihood of exploitation in environments where legacy Windows 10 Version 1607 systems remain in use. Organizations that have not upgraded or patched these systems face elevated risks, especially those with multiple users having local access. The impact extends to confidentiality, integrity, and availability, making this a critical concern for information security and operational continuity.

1. Apply official patches or security updates from Microsoft as soon as they become available for Windows 10 Version 1607. 2. Restrict local user permissions to the minimum necessary, enforcing the principle of least privilege to reduce the pool of users who can exploit the vulnerability. 3. Limit local access to systems running the affected Windows version, especially in shared or multi-user environments. 4. Monitor and audit usage of ATBroker.exe and related accessibility infrastructure components for unusual or unauthorized activity. 5. Employ application whitelisting and endpoint detection and response (EDR) tools to detect and block suspicious privilege escalation attempts. 6. Consider upgrading affected systems to a more recent, supported Windows version where this vulnerability is not present. 7. Implement network segmentation to contain potential lateral movement if exploitation occurs. 8. Educate system administrators and users about the risks of local privilege escalation and the importance of timely patching.