🟠 High | Source: Microsoft Security Response Center
CVE-2026-49162 is a use-after-free vulnerability in the Microsoft Brokering File System, a Windows component that facilitates file access between sandboxed applications and the broader system. An attacker who already has local access can exploit this flaw to gain elevated privileges on the affected machine. This is particularly relevant in cloud environments where Windows VMs or Azure Virtual Desktop sessions may be shared or accessed by multiple users.
Security Architect’s Take: Ensure Windows hosts running the Brokering File System component — particularly Azure Virtual Desktop and Windows 365 environments — have the relevant Microsoft patch applied promptly. Review your privileged access controls and audit local user permissions on multi-user Windows VM workloads to limit the blast radius of any local privilege escalation.
Original advisory: CVE-2026-49162 Microsoft Brokering File System Elevation of Privilege Vulnerability