CVE-2026-50329
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Description
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
In plain language
AI Act nowCVE-2026-50329 is a Windows-only local bug that can let someone with low-level access raise their privileges to take over the system; if you’re a typical small business, you should patch because Windows systems are often targeted after an attacker gets a foothold.
CVE-2026-50329 is a local privilege-escalation issue (CWE-416 use-after-free) in the Microsoft DWM Core Library that an authorized attacker with low-level access can exploit to gain higher system privileges on Windows 10/11 and supported Windows Server versions.
What to do now
- Check which exact Windows version and build your devices use (including Server editions).
- Compare your build to the fixed builds listed by Microsoft for CVE-2026-50329.
- Install the latest available security updates to reach at least one of the fixed versions:
- Windows 10 (10.0.17763.9020)
- Windows 10 (10.0.19044.7548)
- Windows 10 (10.0.19045.7548)
- Windows 11 (10.0.26100.8875)
- Windows 11 (10.0.26200.8875)
- Windows 11 (10.0.28000.2269)
- Windows Server 2019 (10.0.17763.9020)
- Windows Server 2022 (10.0.20348.5386)
- Windows Server 2025 (10.0.26100.33158).
- Reboot after updating and verify the build number changed to the fixed level.
- If you can’t patch immediately, reduce exposure by limiting any untrusted local accounts and locking down who can log on to the affected machines.
CVSS Vector Breakdown
AV:LAttack VectorAC:LAttack ComplexityPR:LPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
- Microsoft and Adobe Patch Tuesday, July 2026 Security Update Reviewen-us·Qualys Security Blog·
- Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilitiesen·Cisco Talos·
- Microsoft Patch Tuesday July 2026 - The AI Acopolypse is Hereen·SANS Internet Storm Center·
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-daysen-us·BleepingComputer·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-50329 and every CVE in our database. Create a free account — no credit card required.
Create Free Account