CVE-2026-50495 in Windowsinfo

Summary

by MITRE • 07/14/2026

Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/14/2026

This vulnerability represents a critical weakness in Microsoft Windows Domain Name System implementation where authorized users can exploit improper access control mechanisms to perform local tampering operations. The flaw exists within the Windows DNS server component that fails to properly validate or restrict access permissions for authenticated local users, creating an avenue for privilege escalation and data manipulation. Such vulnerabilities fall under the CWE-284 Access Control weakness category, specifically addressing inadequate protection of resources against unauthorized access attempts. The technical implementation appears to lack proper authorization checks when processing DNS requests or modifications, allowing legitimate users with local access to potentially alter DNS records, modify zone data, or manipulate authoritative server configurations without appropriate administrative privileges. This represents a significant operational risk as it enables lateral movement and persistence within network environments where Windows DNS servers operate. Attackers can leverage this vulnerability to redirect traffic, create malicious domain entries, or disrupt normal DNS resolution processes that organizations rely upon for network communication. The impact extends beyond simple data tampering as it can facilitate more sophisticated attacks including cache poisoning, man-in-the-middle scenarios, or complete denial of service conditions affecting critical infrastructure components. Organizations using Windows DNS servers are particularly vulnerable since the flaw operates at the core server functionality level rather than requiring external exploitation vectors. The attack surface becomes broader when considering that local access might be gained through various legitimate means such as administrative accounts, compromised user credentials, or even insider threats. This vulnerability directly maps to several ATT&CK techniques including privilege escalation through access token manipulation and persistence via registry modifications or DNS record alterations. Proper implementation of least privilege principles and enhanced access control mechanisms within Windows DNS components would significantly mitigate this risk by ensuring that only authorized administrative users can perform critical DNS modification operations. The remediation approach should focus on implementing proper access controls, regular security auditing of DNS configurations, and maintaining updated security patches from Microsoft to address known vulnerabilities in the Windows DNS server implementation.

Responsible

Microsoft

Reservation

06/04/2026

Disclosure

07/14/2026

Moderation

accepted

CPE

ready

EPSS

0.00279

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!