CVE-2026-50392 – Windows Secure Kernel Mode Elevation of Privilege Vulnerability
“When attackers turn a local foothold into SYSTEM-level control, the entire security boundary is at risk.”
A use-after-free vulnerability in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. By exploiting improper memory management, an attacker with low privileges could gain SYSTEM-level privileges, enabling complete control over the affected device. Although successful exploitation requires winning a race condition, the impact of a successful attack is severe and could lead to full system compromise.
CVSS Score: 7.0
SEVERITY: Critical
THREAT:
This vulnerability affects Windows Secure Kernel Mode and is caused by a use-after-free memory handling flaw. An attacker with low privileges who has local access to a vulnerable system could exploit the vulnerability to elevate privileges to SYSTEM. Once elevated, an attacker can bypass security boundaries, disable security controls, install malware, and access sensitive data.
EXPLOITS:
At the time of publication, the vulnerability was not publicly disclosed and was not being actively exploited. Microsoft assesses exploitation as Less Likely. The CVSS v3.1 temporal metrics indicate Exploit Code Maturity: Unproven, and there is no confirmed public proof-of-concept exploit code.
TECHNICAL SUMMARY:
The vulnerability is caused by a use-after-free (CWE-416) condition in Windows Secure Kernel Mode. Improper memory management allows an authenticated attacker with low privileges to manipulate freed memory and elevate privileges. Microsoft notes that successful exploitation requires the attacker to win a race condition, which is reflected in the High Attack Complexity rating. According to the CVSS v3.1 metrics, exploitation requires a local attack vector, high attack complexity, low privileges, and no user interaction. A successful exploit could result in complete compromise of confidentiality, integrity, and availability.
EXPLOITABILITY:
Affected products include Windows 11 versions 24H2, 25H2, and 26H1, as well as Windows Server 2025, including Server Core installations. Exploitation requires local access and low privileges. No user interaction is required. A successful exploit could allow an attacker to obtain SYSTEM privileges.
BUSINESS IMPACT:
Privilege escalation vulnerabilities are frequently used after an attacker gains initial access to a system. Obtaining SYSTEM privileges allows attackers to disable security protections, execute malware with maximum privileges, steal sensitive information, establish persistence, and move laterally throughout an enterprise. Even though exploitation is considered less likely, the consequences of a successful attack are significant.
WORKAROUND:
No mitigations or workarounds are available. Apply the appropriate security update to affected systems.
URGENCY:
This update should be prioritized because it addresses a Critical elevation of privilege vulnerability that can grant SYSTEM privileges. While exploitation requires winning a race condition and Microsoft assesses exploitation as less likely, successful exploitation can completely compromise an affected system and enable further attacks across the environment.
Key Details
- Attack Vector
- Local
- Attack Complexity
- High
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-416