Heap-Based Buffer Overflow in Virtual Hard Disk Miniport Driver by Microsoft
CVE-2026-58601

7.8HIGH

What is CVE-2026-58601?

The Virtual Hard Disk (VHD) Miniport Driver vulnerability is a heap-based buffer overflow that allows authorized attackers to elevate their privileges locally. Successful exploitation of this vulnerability could allow an attacker to gain elevated access to system resources and potentially compromise the integrity of the entire system. It is crucial for users of affected Microsoft products to apply the necessary patches to mitigate this risk.

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.9339

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.9020

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.7548

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.