Skip to main content

Windows Print Spooler CVE-2026-34342

| EUVDEUVD-2026-29601 HIGH
Race Condition (CWE-362)
2026-05-12 microsoft GHSA-j7wf-wpq3-wph2
7.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
May 12, 2026 - 18:33 vuln.today
CVE Published
May 12, 2026 - 16:58 nvd
HIGH 7.0

DescriptionCVE.org

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows Print Spooler Components affects Windows 10, Windows 11, and Windows Server 2012 through race condition exploitation. Authenticated low-privileged attackers can elevate to SYSTEM privileges via concurrent resource access attacks, though attack complexity is rated high (AC:H). Vendor-released patch available from Microsoft Security Response Center. No active exploitation confirmed in CISA KEV at time of analysis, but Print Spooler remains a historically attractive target with established attack patterns (PrintNightmare, SpoolFool precedents).

Technical ContextAI

This vulnerability stems from CWE-362 (race condition) in the Windows Print Spooler service architecture, where multiple threads or processes access shared resources without proper synchronization primitives (mutexes, semaphores, or atomic operations). The Print Spooler service runs with SYSTEM privileges and manages printer queues, driver loading, and file operations. Race conditions in this service typically involve time-of-check-time-of-use (TOCTOU) flaws where an attacker can modify a resource between validation and use, or exploit file system race windows during spool file processing. The CPE data indicates widespread exposure across Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server 2012, representing both client and server operating systems spanning nearly a decade of Windows releases.

RemediationAI

Apply Microsoft security updates immediately from the official update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34342, where patches for all affected Windows versions are available. Use Windows Update, WSUS, or Microsoft Endpoint Configuration Manager to deploy patches across enterprise environments. As compensating control where patching is delayed, consider disabling the Print Spooler service on systems that do not require printing functionality via 'Stop-Service Spooler; Set-Service Spooler -StartupType Disabled' in PowerShell, though this breaks all printing capabilities. Alternatively, restrict Print Spooler to administrators only by modifying service permissions, but this may interfere with legitimate user printing workflows and requires testing in production environments. Monitor Spooler service activity via Sysmon Event ID 7 (ImageLoad) and Windows Event 307 (PrintService) for unusual driver loads or spool file manipulations.

Share

CVE-2026-34342 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy