{
"title": "Microsoft Patches Windows Drive Redirection Flaw That Could Escalate Malware to System-Level Access",
"content": "Microsoft on July 14, 2026, released patches to neutralize a privilege escalation vulnerability in Windows Redirected Drive Buffering that allows a low-privileged attacker to gain complete control over an unpatched machine. Tracked as CVE-2026-50372 with a CVSS severity score of 7.0, the flaw was addressed in a sweeping set of cumulative updates for Windows 10, Windows 11, and multiple Windows Server versions.

The July 14 Update Closes a Memory Safety Hole

The vulnerability stems from a buffer over-read — classified by the National Vulnerability Database as both CWE-126 and a heap-based buffer overflow (CWE-122) — in the Windows component responsible for handling redirected drives. Microsoft’s advisory confirms that an attacker with local access and low-level rights could exploit the bug to obtain SYSTEM privileges, effectively dismantling Windows security boundaries from the inside.

The fix arrives via the standard July Patch Tuesday updates. Microsoft provided corrected build numbers across the board, urging administrators and home users to apply the latest cumulative updates. For Windows 11 versions 24H2 and 25H2, the patch is KB5101650, advancing systems to build 26100.8875 and 26200.8875 respectively. Windows 11 26H1 got KB5101649, bringing it to build 28000.2525. Windows Server 2022 receives build 20348.5386 through KB5099540, though Microsoft notes a BitLocker caveat for some managed systems that should be reviewed before deployment.

The following builds are now safe:

Windows 11 24H2: 26100.8875 or later Windows 11 25H2: 26200.8875 or later Windows 11 26H1: 28000.2525 or later Windows 10 21H2: 19044.7548 or later Windows 10 22H2: 19045.7548 or later Windows Server 2016: 14393.9339 or later Windows Server 2019: 17763.9020 or later Windows Server 2022: 20348.5386 or later * Windows Server 2025: 26100.33158 or later

The breadth of affected platforms — from Windows Server 2012 to the latest Windows 11 26H1 — indicates the vulnerable code has deep roots in Windows. It is not a newly introduced regression tied to a recent feature update.

Why a 7.0 Local Exploit Still Matters

At first glance, a CVSS score of 7.0 with high attack complexity and local access requirement might seem like a low-priority item. But that misses the point: privilege escalation