Microsoft Windows Telephony Service Elevation of Privilege Vulnerability

A vulnerability in the Windows Telephony Service allows an authorized attacker to elevate privileges on a target system over an adjacent network. This issue arises from external control of file names or paths, enabling attackers to manipulate service configuration and execute malicious code with elevated rights.

Impact

Exploitation of this vulnerability could allow an attacker to gain SYSTEM privileges on the affected server.

Reproduction

An attacker with a low-privileged domain account can remotely send crafted RPC requests to the Telephony service. These requests can be designed to overwrite the service's configuration file, potentially allowing the attacker to become a Telephony administrator. Once this privilege is obtained, the service can be triggered to load a malicious DLL, leading to remote code execution under a privileged service account.

Remediation

Users can apply the security update for this vulnerability, which is available as part of the January 2026 Monthly Rollup for various Windows Server and Windows 10 editions. Instructions for downloading this update can be found in the Microsoft Update Catalog.