CVE-2026-50435 in Windowsinfo

Summary

by MITRE • 07/14/2026

Buffer over-read in Windows Overlay Filter allows an authorized attacker to elevate privileges locally.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/14/2026

The vulnerability in question represents a critical buffer over-read condition within the Windows Overlay Filter component that enables local privilege escalation for authenticated attackers. This flaw exists within the kernel-mode driver responsible for managing overlay file system operations, specifically when processing certain file access requests through the overlay filter interface. The buffer over-read occurs during the validation of file handle operations where insufficient bounds checking allows an attacker to read beyond allocated memory regions. The vulnerability stems from improper input validation in the overlay filter's file system control request handler, which fails to properly validate the length of user-supplied data structures before processing them.

The technical implementation of this privilege escalation exploit relies on the attacker's ability to manipulate kernel memory through carefully crafted file operations that trigger the vulnerable code path. When an authenticated user executes specific file system operations against overlay-filtered directories, the system processes these requests through the affected driver component. The flaw manifests when the driver attempts to read data from a buffer that has been allocated with insufficient space for the requested operation, causing memory content beyond the intended boundaries to be accessed and potentially exposed. This over-read condition can be leveraged by an attacker to extract sensitive kernel memory information or manipulate internal data structures that control access permissions.

The operational impact of this vulnerability extends beyond simple privilege escalation as it provides attackers with elevated system privileges that can be used to bypass security controls, modify system files, install malicious software, or access confidential data. The local nature of the attack means that an attacker must already have valid user credentials on the target system, but once successful, the elevation allows for complete system compromise without requiring additional authentication mechanisms. This vulnerability directly impacts Windows operating systems that utilize overlay filter functionality and affects various versions including windows 10, windows server 2016, and windows server 2019. The attack vector typically involves exploitation through legitimate file system operations such as file enumeration, access control list modifications, or file attribute queries.

Mitigation strategies for this vulnerability include immediate deployment of Microsoft security patches that address the buffer over-read condition in the overlay filter driver component. Organizations should prioritize patch management procedures to ensure timely installation of the relevant updates, particularly those released through Microsoft's monthly security bulletins. System administrators should also implement monitoring solutions that can detect anomalous file system access patterns that might indicate exploitation attempts. Additionally, the principle of least privilege should be enforced by limiting user accounts to minimum required permissions and disabling unnecessary overlay filter functionality where possible. According to CWE standards, this vulnerability maps to CWE-125: "Out-of-bounds Read" which is classified under the broader category of memory safety issues in kernel-mode components. The ATT&CK framework would categorize this as a privilege escalation technique using kernel vulnerabilities, specifically targeting the Windows kernel's file system filtering mechanisms and exploiting weaknesses in the overlay filter subsystem to achieve elevated privileges through local execution.

Responsible

Microsoft

Reservation

06/04/2026

Disclosure

07/14/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!