Microsoft Patches Critical Windows Admin Center Flaw Enabling Full Domain Takeover

CVE-2026-26xx in Windows Admin Center is a critical privilege escalation that can lead to complete Active Directory domain control. Update to version 2511 immediately.

By Titan Layer Editorial Team

Published on March 11, 2026

Source: —

Microsoft released an emergency patch for a critical vulnerability in Windows Admin Center (WAC) that allows remote attackers to perform privilege escalation and potentially gain full control over an Active Directory domain. The vulnerability exists in an authentication component that fails to properly validate session tokens in certain race conditions. An attacker with network access to the WAC can escalate to domain administrator privileges. Update Windows Admin Center to version 2511 immediately, restrict access to trusted admin IPs only, implement MFA, and consider isolating WAC in a dedicated management VLAN.

Article information

Editorial author:Titan Layer Editorial Team

Original source:—

Original publisher:—

Original author:—

Original publication date:—

Reference link:—

Titan Layer publication date:March 11, 2026

Content type:Curated summary and editorial analysis

#microsoft#windows#cve#privilege escalation#patch

Share this article

Critical Vulnerabilities

Incomplete Windows Patch Opens Door to Zero-Click Attacks

Titan Layer

6d ago

Technology

Microsoft Revamps Windows Insider Program

Titan Layer

4/27/2026

Critical Vulnerabilities

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

Titan Layer

4/25/2026

Microsoft Patches Critical Windows Admin Center Flaw Enabling Full Domain Takeover

Article information

Share this article

Related Articles

Incomplete Windows Patch Opens Door to Zero-Click Attacks

Microsoft Revamps Windows Insider Program

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline