Skip to main content

Microsoft EUVDEUVD-2026-22483

| CVE-2026-27929 HIGH
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2026-04-14 microsoft GHSA-fqv3-v28j-57fx
7.0
CVSS 3.1 · NVD
Temporal: 6.1
Share

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.1 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:17 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22483
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.0

DescriptionCVE.org

Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.

AnalysisAI

Windows LUAFV driver privilege escalation via TOCTOU race condition allows authenticated local attackers with low privileges to gain SYSTEM-level access across all supported Windows 10, Windows 11, and Windows Server versions (2012 through 2025). The vulnerability requires high attack complexity to exploit the narrow timing window between security checks and file operations. Vendor-released patch available across all affected platforms. No public exploit identified at time of analysis, though th

Technical ContextAI

Windows LUAFV (LUA File Virtualization) is a kernel-mode filter driver implementing User Account Control (UAC) file and registry virtualization for legacy applications running under standard user contexts. This CWE-367 time-of-check time-of-use race condition occurs when LUAFV performs security validation on a file object, but an attacker can modify the target between the authorization check and the actual file operation. The timing window allows substitution of a privileged resource (such as a system file or registry key) after LUAFV validates access but before the operation executes. Successful exploitation requires precise timing to win the race condition, accounting for the AC:H (high attack complexity) rating. The vulnerability affects the core Windows security boundary between standard user and elevated contexts, making it a critical local privilege escalation vector across CPE-identified products spanning Windows 10 1607 (released 2016) through Windows 11 26H1 and Windows Server 2025.

RemediationAI

Apply Microsoft security updates immediately to patch the LUAFV race condition. For Windows 10 1607, update to build 10.0.14393.9060 or later. For Windows 10 1809, update to build 10.0.17763.8644 or later. For Windows 10 21H2 and 22H2, update to builds 10.0.19044.7184 and 10.0.19045.7184 respectively. Windows 11 22H3 and 23H2 require build 10.0.22631.6936 or later, while 24H2 and 25H2 require builds 10.0.26100.32690 and 10.0.26200.8246 respectively. Windows 11 26H1 requires build 10.0.28000.1836 or later. Windows Server 2012 and 2012 R2 require builds 6.2.9200.26026 and 6.3.9600.23132 respectively. Windows Server 2016, 2019, 2022, and 2025 require builds 10.0.14393.9060, 10.0.17763.8644, 10.0.20348.5020, and 10.0.26100.32690 respectively. Deploy patches through Windows Update, WSUS, or SCCM following standard change management procedures. No effective workarounds exist for kernel-level TOCTOU conditions without disabling LUAFV entirely, which would break UAC virtualization for legacy applications. Detailed patch information available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27929.

Share

EUVD-2026-22483 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy