CVE-2026-50487 in Windowsinfo

Summary

by MITRE • 07/14/2026

Use after free in Microsoft Windows DNS allows an unauthorized attacker to elevate privileges over a network.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/15/2026

This vulnerability represents a critical use-after-free condition in the Windows Domain Name System service that enables remote privilege escalation attacks. The flaw occurs when the dns.exe process handles certain malformed DNS query responses, specifically in how it manages memory allocation and deallocation during DNS record processing. When an attacker crafts malicious DNS responses and injects them into the target network, the vulnerable dns.exe process may attempt to access freed memory locations, leading to arbitrary code execution with system-level privileges.

The technical implementation of this vulnerability stems from improper handling of dynamic memory structures within the DNS server's response processing pipeline. According to CWE-416, this represents a classic use-after-free scenario where memory is deallocated but references remain accessible. The attack vector operates over standard network protocols since DNS queries are transmitted via UDP and TCP ports 53, making exploitation possible from any network location where the attacker can influence DNS traffic. This vulnerability aligns with ATT&CK technique T1068 which describes privilege escalation through local system exploitation.

The operational impact of this vulnerability extends beyond simple remote code execution as it provides attackers with complete system compromise capabilities. Once elevated to SYSTEM privileges, adversaries can establish persistent access through various methods including registry modifications, service installation, or credential theft operations. The vulnerability affects multiple Windows Server versions including 2016, 2019, and 2022, though the attack surface may vary depending on network configuration and DNS server role implementations. Network-based exploitation is particularly concerning as it requires no prior authentication credentials.

Mitigation strategies should prioritize immediate patch application from Microsoft Security Updates to address the underlying memory management flaw in dns.exe. Organizations must implement network segmentation controls to limit DNS query injection opportunities, particularly in DMZ environments where external traffic enters the network. Additional protective measures include DNS sinkholing for known malicious domains, monitoring for unusual DNS query patterns, and implementing proper network access controls to restrict unauthorized DNS server communication. The vulnerability also underscores the importance of maintaining current security baselines and conducting regular penetration testing to identify similar memory corruption flaws in enterprise infrastructure components.

Responsible

Microsoft

Reservation

06/04/2026

Disclosure

07/14/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

low

Sources

Interested in the pricing of exploits?

See the underground prices here!