Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability

Description

Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.

Affected Products

Vendor	Product	Versions
Microsoft	Windows 10 Version 1607	10.0.14393.0, 10.0.17763.0, 10.0.19044.0, 10.0.19045.0, 10.0.22631.0, 10.0.22631.0, 10.0.26100.0, 10.0.26200.0, 10.0.28000.0, 6.2.9200.0, 6.2.9200.0, 6.3.9600.0, 6.3.9600.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.25398.0, 10.0.26100.0, 10.0.26100.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	windows	mitre_affected	90%
microsoft	windows server 2022, 23h2 edition (server core installation)	mitre_affected	90%
microsoft	windows 10 version 21h2	mitre_affected	90%
microsoft	windows server 2012 r2	mitre_affected	90%
microsoft	windows server 2025 (server core installation)	mitre_affected	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27929(vendor-advisory, patch)

Related News (2 articles)

Tier C

VulDB5h ago

CVE-2026-27929 | Microsoft Windows up to Server 2025 toctou

→ No new info (linked only)

Tier A

Microsoft MSRC9h ago

CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability

→ No new info (linked only)

CVSS 3.17.0 HIGH

VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

10.0.14393.906010.0.17763.864410.0.19044.718410.0.19045.718410.0.22631.693610.0.26100.3269010.0.26200.824610.0.28000.18366.2.9200.260266.3.9600.2313210.0.20348.502010.0.25398.2274

CWECWE-367

PublishedApr 14, 2026

Last enriched5h agov3