cve-2026-34345

CVE-2026-34345 is a Microsoft-disclosed elevation-of-privilege vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys). Rated Important with a CVSS 3.1 base score, the flaw allows a low-privileged local attacker to exploit a race condition and gain SYSTEM privileges on supported Windows client and server releases. While not remotely exploitable, it poses a significant risk in post-compromise scenarios where local privilege escalation can turn a contained intrusion into a domain-wide compromise. Discussions on WindowsForum cover the patch details, affected versions, and mitigation strategies for enterprise IT environments.