Live
Microsoft Fixes AFD.sys Privilege Escalation Flaw CVE-2026-50312 in July 2026 Patches·MSFT +0.1%Microsoft Patches AD FS Infinite Loop Vulnerability That Could Disable Enterprise Sign-Ons·NVDA +3.0%July Windows Update Seals Off HID Integer Overflow Leak — Here Are the Builds You Need·GOOGL +1.2%A Local Windows Push Notification Bug Can Leak Data—Here’s How to Patch It·AMZN +2.9%As DRAM Shortage Cuts Smartphone Shipments 11%, Windows PC Buyers Should Brace for Impact·MSFT +0.1%Windows Push Notification Bug Lets Locally-Authenticated Users Steal Secrets — Here’s the Fix·NVDA +3.0%Samsung's Galaxy Unpacked Tease Promises a Foldable 'New Shape' — Why Windows Users Should Keep Watching·GOOGL +1.2%Microsoft’s July Patch Seals a Silent Data Leak in Windows Push Notifications·AMZN +2.9%Microsoft Fixes AFD.sys Privilege Escalation Flaw CVE-2026-50312 in July 2026 Patches·MSFT +0.1%Microsoft Patches AD FS Infinite Loop Vulnerability That Could Disable Enterprise Sign-Ons·NVDA +3.0%July Windows Update Seals Off HID Integer Overflow Leak — Here Are the Builds You Need·GOOGL +1.2%A Local Windows Push Notification Bug Can Leak Data—Here’s How to Patch It·AMZN +2.9%As DRAM Shortage Cuts Smartphone Shipments 11%, Windows PC Buyers Should Brace for Impact·MSFT +0.1%Windows Push Notification Bug Lets Locally-Authenticated Users Steal Secrets — Here’s the Fix·NVDA +3.0%Samsung's Galaxy Unpacked Tease Promises a Foldable 'New Shape' — Why Windows Users Should Keep Watching·GOOGL +1.2%Microsoft’s July Patch Seals a Silent Data Leak in Windows Push Notifications·AMZN +2.9%

Cve 2026 49808

The latest Cve 2026 49808 coverage — news, analysis, and updates from the WindowsNews.AI desk.

13 stories in view AI assisted desk updated 6:24 AM
Latest Most Read Breaking
Sort
CVE-2026-50310 · Information Disclosure

July Windows Update Seals Off HID Integer Overflow Leak — Here Are the Builds You Need

Microsoft’s July 14, 2026 security updates address CVE-2026-50310, a local information‑disclosure vulnerability in the Windows Human Interface Device (HID) stack caused by an integer overflow. The flaw, rated medium severity with a 4.7 CVSS score, could allow a low‑privileged local attacker to read sensitive information, potentially aiding chained exploits. Patches are available for all supported Windows and Windows Server versions via specific cumulative updates; users and administrators should verify their build number and apply the update promptly, while testing for known compatibility issues on certain Dell devices and Server 2022 BitLocker configurations.

Security

Microsoft Patches AD FS Infinite Loop Vulnerability That Could Disable Enterprise Sign-Ons

Microsoft's July 14, 2026 security updates fix CVE-2026-50324, a denial-of-service vulnerability in Active Directory Federation Services that lets unauthenticated attackers trigger an infinite loop and crash the service. The flaw affects all supported Windows Server versions and, if exploited, could block users from signing into Microsoft 365 and other federated applications. While rated Important with a 5.9 CVSS score, its potential to disrupt entire identity infrastructures makes prompt patching critical, especially alongside a separate exploited AD FS vulnerability in the same release.

Security Desk·1m ago ·5 min
Security

Windows Push Notification Bug Lets Locally-Authenticated Users Steal Secrets — Here’s the Fix

Microsoft’s July 2026 Patch Tuesday addresses CVE-2026-50339, a Windows Push Notifications flaw that lets a locally authenticated attacker read confidential data. All supported Windows versions are affected; applying the cumulative update eliminates the risk. With high confidentiality impact and simple local exploitation, patching is urgent for shared and multi-user systems.

Security Desk·5m ago ·5 min
Security

A Local Windows Push Notification Bug Can Leak Data—Here’s How to Patch It

Microsoft’s July 2026 Patch Tuesday fixes CVE-2026-50430, an information-disclosure flaw in Windows Push Notifications that lets a low-privileged local attacker steal sensitive data without user interaction. The fix is delivered through cumulative updates for all supported Windows 10, Windows 11, and Windows Server editions, including Server Core. While not actively exploited at disclosure, the vulnerability's low attack complexity makes it a high-priority patch for any organization concerned about post-compromise lateral movement.

Security Desk·6m ago ·5 min
Advertisement
CVE-2026-50425 · Windows Security

Windows Updates Close Privilege-Escalation Gate: The Builds You Need to Have

Microsoft patched a high-severity privilege-escalation vulnerability (CVE-2026-50425) in its July 2026 security updates. The local-attack flaw in the Windows User Profile component could let attackers with limited access gain system-level control. This article details the required updates, build numbers, practical risks for different users, and steps to secure Windows devices now.

SE Security Desk·10m ago
CVE-2026-50315 · Windows 11

Important Windows 11 WIA Bug Fixed: July Patches Block Privilege Escalation

Microsoft's July 2026 Patch Tuesday included a fix for CVE-2026-50315, an important privilege escalation vulnerability in Windows Image Acquisition (WIA) that affects Windows 11 and Windows Server 2025. The local, low-complexity flaw lets attackers silently gain SYSTEM-level control from a low-privilege foothold. Administrators and home users should apply the cumulative update immediately and check their OS build to ensure protection.

SE Security Desk·11m ago
CVE-2026-50370 · Windows DHCP Server

Windows DHCP Server RCE Vulnerability Demands Urgent Patching—Here’s the Fix

Microsoft's July 14, 2026 patch fixes CVE-2026-50370, a critical DHCP Server RCE that allows unauthenticated attackers on an adjacent network to take full control of Windows servers. Administrators must immediately update all DHCP servers to the corrected builds and audit relay agents to reduce exposure, as exploitation is considered more likely.

SE Security Desk·16m ago
CVE-2026-50321 · Windows Security

Microsoft Patches Critical Windows USB Driver Flaw That Hands Full Control to Attackers

Microsoft's July 2026 Patch Tuesday fixes CVE-2026-50321, a high-severity local privilege-escalation flaw in the Windows USB driver. The race condition and use-after-free vulnerability affects all supported Windows 10, 11, and Server releases, allowing low-privileged local attackers to gain full system control with low complexity and no user interaction. Immediate patching is crucial, especially on multi-user workstations and servers.

SE Security Desk·16m ago
CVE-2026-50343 · Patch Tuesday

July 2026 Patch Tuesday: Microsoft Fixes Windows Installer Flaw That Could Hand Attackers Full Control

Microsoft's July 2026 Patch Tuesday addresses CVE-2026-50343, a privilege escalation flaw in Windows Install Service that lets attackers with low-level access gain full system control. The update fixes all supported Windows 10, 11, and Server versions; no workarounds exist. Users and admins should immediately install the cumulative patches to prevent post-compromise exploitation.

SE Security Desk·20m ago
CVE-2026-50396 · Windows 11 Update

Windows 11 July Update Closes Kernel Elevation Hole: What You Need to Know

Microsoft's July 14, 2026 security updates fix CVE-2026-50396, a use-after-free vulnerability in Windows kernel-mode drivers that could allow a local attacker to gain SYSTEM privileges on Windows 11 and Server 2025. The flaw carries a CVSS score of 7.0 and requires a low-privileged foothold, making it a potent second-stage exploit. Users and admins should verify that affected systems have reached the specific patched builds, not just that they've installed the latest cumulative update.

SE Security Desk·21m ago
CVE-2026-50341 · NTFS Vulnerability

July 2026 Windows Patches Fix NTFS Flaw That Leaks Data to Local Attackers

Microsoft released patches for CVE-2026-50341, a Windows NTFS buffer over-read vulnerability that could leak confidential data to locally authenticated attackers. The fix is in July 2026 cumulative updates for Windows 10, 11, and Server. While not actively exploited, the bug’s low complexity and broad impact make it a priority. Users should install the update and verify their build number, but watch for known issues on some Dell systems and Server 2022 BitLocker configurations.

SE Security Desk·26m ago
CVE-2026-50331 · Windows Security

You Need to Patch This Windows Flaw Before Attackers Use It to Take Over Your PC

Microsoft fixed a local privilege-escalation vulnerability (CVE-2026-50331) in the July 14, 2026 Patch Tuesday updates. The use-after-free flaw in the Windows Application Model could allow an attacker with low-level access to gain full control of a vulnerable system. Although no active exploitation has been observed, the low attack complexity and broad impact across Windows 10, 11, and Server versions make immediate patching essential. Users and administrators should install the applicable cumulative update, verify the build number, and restart to ensure protection.

SE Security Desk·26m ago
CVE-2026-50380 · Windows GDI+

Microsoft Fixes Critical 9.6-Rated Windows GDI+ Bug That Exposes PCs to Remote Attacks

Microsoft’s July 14, 2026 security update patches critical vulnerability CVE-2026-50380, a 9.6-severity heap-based buffer overflow in the Windows GDI+ graphics library. The flaw can be exploited over a network by tricking a user into opening malicious content, and it affects virtually every supported version of Windows, including Server Core. All users and administrators should apply the cumulative update immediately and verify that systems reach the fixed builds listed in the advisory.

SE Security Desk·30m ago