Skip to main content

Windows UDFS Driver EUVDEUVD-2026-35655

| CVE-2026-40409 HIGH
Numeric Truncation Error (CWE-197)
2026-06-09 secure@microsoft.com GHSA-gh84-vhg8-4mc3
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 17:34 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionNVD

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

AnalysisAI

Elevation of privilege in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows a local authenticated attacker to escalate to SYSTEM-level privileges with high impact on confidentiality, integrity, and availability. The CVSS 7.8 vector indicates local attack with low complexity and low privileges required, and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local user access
Delivery
Stage crafted UDF/ISO image on host
Exploit
Trigger UDFS.sys parsing via mount
Execution
Exploit numeric truncation in kernel parser
Persist
Corrupt kernel memory for SYSTEM token
Impact
Execute payload as SYSTEM

Vulnerability AssessmentAI

Exploitation Attacker must already have authenticated local code execution as a low-privileged user on the target Windows host (CVSS PR:L, AV:L), and must be able to cause the UDFS driver to parse attacker-controlled UDF file-system metadata - typically by mounting a crafted ISO, optical disc, or virtual disk volume. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS vector (AV:L/AC:L/PR:L/UI:N) describes a local, low-complexity attack requiring only an authenticated user, with no user interaction, yielding full CIA impact - consistent with a local-to-SYSTEM elevation of privilege primitive. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A standard domain user on a patched-but-vulnerable Windows endpoint mounts a maliciously crafted UDF-formatted ISO image (delivered via download, USB, or attached storage), triggering the truncation flaw inside UDFS.sys during volume parsing and corrupting kernel memory. The attacker leverages the corruption to elevate from a low-privileged user to SYSTEM, then disables endpoint protections and stages follow-on tooling. …
Remediation Apply the Microsoft security update referenced in MSRC advisory CVE-2026-40409 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40409 as the primary remediation; the exact fix KB and build numbers must be obtained from that advisory because they were not provided in this intelligence package, so cite 'Patch available per vendor advisory' until the specific KB is confirmed. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Windows systems with UDFS in use and audit local user account access-prioritize servers and sensitive workstations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-35655 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy