CVE-2026-23672 is an out-of-bounds read vulnerability classified under CWE-125 found in the Windows Universal Disk Format File System Driver (UDFS) on Windows 10 Version 1607 (build 10.0.14393.0). This vulnerability allows an attacker with low-level privileges on the affected system to read memory outside the intended bounds, potentially leading to elevation of privilege. The flaw arises due to improper validation of input data when processing UDFS file system structures, which can cause the driver to access memory regions beyond allocated buffers. This can result in leakage of sensitive information, corruption of memory, or triggering of system instability. The vulnerability requires local access and does not need user interaction, increasing the risk of automated or scripted exploitation by malicious insiders or malware that has gained limited access. The CVSS 3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and privileges required. No public exploits have been reported yet, but the vulnerability is significant due to the critical nature of privilege escalation in maintaining system security. The affected Windows 10 version 1607 is an older release, but still in use in some enterprise environments and legacy systems. Microsoft has not yet published patches, so mitigation currently relies on limiting access and monitoring. This vulnerability highlights the importance of secure file system driver implementations and timely patching of legacy operating systems.

The vulnerability enables attackers with low privileges to escalate their rights to higher privilege levels, potentially SYSTEM-level, compromising the confidentiality, integrity, and availability of affected systems. This can lead to unauthorized access to sensitive data, installation of persistent malware, disruption of system operations, and lateral movement within networks. Organizations relying on Windows 10 Version 1607, particularly in critical infrastructure, government, and enterprise environments, face increased risk of insider threats or malware exploiting this flaw to gain elevated control. The lack of user interaction requirement and low complexity of exploitation further increase the threat landscape. Legacy systems that cannot be easily upgraded remain vulnerable, potentially serving as entry points for broader attacks. The absence of known exploits in the wild currently limits immediate widespread impact, but the vulnerability remains a significant risk until patched.

Organizations should prioritize upgrading from Windows 10 Version 1607 to a supported, patched version of Windows to eliminate exposure. Until patches are released, restrict local access to affected systems by enforcing strict access controls and limiting administrative privileges. Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor for suspicious activity related to UDFS driver usage or privilege escalation attempts. Conduct regular audits of user privileges and system logs to detect anomalous behavior. Network segmentation can help contain potential compromises originating from vulnerable hosts. Additionally, educate users and administrators about the risks of running outdated operating systems and the importance of timely patching. Coordinate with Microsoft for updates and apply security patches immediately upon release. Consider disabling or restricting the use of UDFS if not required in the environment as a temporary mitigation.