CVE-2026-50350
Received Received - Intake

Exposure of Sensitive Information in Windows Trusted Runtime Interface Driver

Vulnerability report for CVE-2026-50350, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_trusted_runtime_interface_driver *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-50350 is a vulnerability in the Windows Trusted Runtime Interface Driver. It involves the exposure of sensitive information to an unauthorized actor. This means that an attacker who is already authorized on the system (local access) can exploit this flaw to disclose sensitive information.

The vulnerability is classified as an information disclosure issue, where the attacker does not modify or delete data but can access sensitive information that they should not have permission to view.

  • Affected component: Windows Trusted Runtime Interface Driver.
  • Attack vector: Local (AV:L), meaning the attacker must have access to the system.
  • Privilege requirement: Low (PR:L), indicating the attacker needs some level of authorization but not administrative privileges.
  • Impact: High confidentiality impact (C:H), meaning sensitive data can be exposed.
Impact Analysis

This vulnerability can impact you if you are using a system with the affected Windows Trusted Runtime Interface Driver. An attacker with local access to your system could exploit this flaw to access sensitive information.

  • Potential exposure of confidential data, such as personal information, credentials, or other sensitive details stored on the system.
  • Risk of further attacks if the disclosed information is used to escalate privileges or move laterally within a network.

Since the attack requires local access, the risk is higher in environments where multiple users share a system or where an attacker has already gained a foothold on a machine.

Compliance Impact

This vulnerability could affect compliance with several standards and regulations, depending on the nature of the exposed data and the industry.

  • GDPR: If the disclosed information includes personal data of EU citizens, this could constitute a breach under GDPR, leading to potential fines and mandatory reporting requirements.
  • HIPAA: If the exposed data includes protected health information (PHI), this could violate HIPAA regulations, resulting in penalties and required remediation actions.
  • Other standards: Depending on the data exposed, this could also impact compliance with regulations like PCI DSS (if payment data is involved) or industry-specific guidelines.

Organizations should assess whether the vulnerability could lead to unauthorized access to regulated data and take appropriate steps to mitigate the risk, such as applying patches or implementing compensating controls.

Detection Guidance

The provided context does not include specific detection methods or commands for identifying the presence of CVE-2026-50350 on a network or system. This vulnerability involves the Windows Trusted Runtime Interface Driver, and detection would typically require checking for the affected software version or using security tools that can identify vulnerable components.

To detect this vulnerability, you may need to verify the installed version of the Windows Trusted Runtime Interface Driver or use Microsoft-provided tools like the Microsoft Update Catalog or Windows Update to check for missing security patches. However, no explicit commands or detection steps are mentioned in the available resources.

Mitigation Strategies

To mitigate CVE-2026-50350, apply the security update provided by Microsoft as soon as possible. The update will address the vulnerability in the Windows Trusted Runtime Interface Driver.

  • Visit the Microsoft Security Response Center (MSRC) update guide for CVE-2026-50350 to download and install the latest patch.
  • Ensure all systems running the affected Windows component are updated to the latest secure version.
  • Monitor Microsoft’s official channels for any additional guidance or updates related to this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50350. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart