Signal

Microsoft issues critical out-of-band patch for ASP.NET Core privilege escalation flaw

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-22 09:29 UTCUpdated 2026-04-23 14:36 UTC

rss

cvevulnerabilitypatchprivilege_escalationmicrosoftincident_response

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Microsoft patches critical ASP.NET Core privilege escalation vulnerability

SC Media · News · scworld.com · 2026-04-23 14:36 UTC

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

SecurityWeek · News · securityweek.com · 2026-04-23 08:00 UTC

ASP.NET Core 10.0: CVSS (Max): 9.1

AusCERT - Bulletins · News · portal.auscert.org.au · 2026-04-23 03:10 UTC

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

CSO Online · News · csoonline.com · 2026-04-22 18:37 UTC

View all evidence

Overview

Microsoft released an urgent security update to fix a critical privilege escalation vulnerability (CVE-2026-40372) in ASP.NET Core's Data Protection Library.

Entities

MicrosoftASP.NET CoreMicrosoft DefenderIonut Arghire

Score total

1.3

Momentum 24h

4

Posts

4

Origins

4

Source types

1

Duplicate ratio

0%

Why now

The vulnerability was introduced in a recent Patch Tuesday update, affecting many developers and systems.
Attackers are actively exploiting these flaws, increasing urgency for patching.
Microsoft's out-of-band patch signals the critical nature and immediate risk posed by these vulnerabilities.

Why it matters

The ASP.NET Core vulnerability enables remote attackers to gain SYSTEM privileges, risking full system compromise.
Microsoft's quick patch release highlights the importance of timely updates to mitigate critical security flaws.
The exploitation of a zero-day in Microsoft Defender underscores ongoing threats to endpoint security.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Microsoft released an out-of-band patch for a critical privilege escalation vulnerability in ASP.NET Core Data Protection Library (CVE-2026-40372).
The ASP.NET Core vulnerability allows attackers to bypass cryptographic validation and elevate privileges to SYSTEM level remotely.
A zero-day vulnerability in Microsoft Defender has been exploited to access the SAM database and gain system privileges.

How sources frame it

CSO Online: neutral
AusCERT: neutral
SecurityWeek: neutral

All evidence

All evidence

Microsoft patches critical ASP.NET Core privilege escalation vulnerability

SC Media · scworld.com · 2026-04-23 14:36 UTC

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

SecurityWeek · securityweek.com · 2026-04-23 08:00 UTC

ASP.NET Core 10.0: CVSS (Max): 9.1

AusCERT - Bulletins · portal.auscert.org.au · 2026-04-23 03:10 UTC

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

CSO Online · csoonline.com · 2026-04-22 18:37 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

SC Media (1)
SecurityWeek (1)
AusCERT - Bulletins (1)
CSO Online (1)

Top origin domains (this list)

scworld.com (1)
securityweek.com (1)
portal.auscert.org.au (1)
csoonline.com (1)