Skip to main content

Windows TCP/IP EUVDEUVD-2026-29607

| CVE-2026-34351 HIGH
Race Condition (CWE-362)
2026-05-12 microsoft GHSA-qfc8-j6v5-57wr
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
May 12, 2026 - 19:00 vuln.today
CVE Published
May 12, 2026 - 16:58 nvd
HIGH 7.8

DescriptionCVE.org

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows TCP/IP stack affects Windows 10 (1607-22H2), Windows 11 (22H3-26H1), and Windows Server 2012 through a race condition vulnerability. Low-complexity exploitation requires only low-privilege authenticated access with no user interaction (CVSS 7.8, AV:L/AC:L/PR:L/UI:N). Vendor-released patch available from Microsoft Security Response Center. No public exploit code or active exploitation confirmed at time of analysis, though the low attack complexity and local vector suggest feasibility for post-compromise privilege escalation in enterprise environments.

Technical ContextAI

The vulnerability resides in the Windows TCP/IP network stack implementation, specifically involving CWE-362 (Race Condition) - a concurrency flaw where multiple threads or processes access a shared resource without proper synchronization primitives. In TCP/IP stacks, race conditions typically occur during packet processing, connection state management, or socket operations when multiple threads manipulate shared data structures (e.g., connection tables, routing caches, memory buffers) simultaneously. The affected CPE strings identify Windows 10 versions from 1607 through 22H2, Windows 11 versions 22H3 through the future 26H1 release, and Windows Server 2012, indicating this is a long-standing architectural issue in the Windows network subsystem rather than a recent regression. Successful exploitation of the race window allows an attacker with low privileges to manipulate kernel-mode TCP/IP data structures, achieving code execution at SYSTEM level or bypassing security boundaries.

RemediationAI

Apply the vendor-released security update from Microsoft Security Response Center available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34351, which provides specific KB article numbers and patched build versions for each affected Windows release. Organizations should prioritize patching for multi-user systems (Terminal Servers, Citrix farms, jump hosts) and internet-facing servers where initial compromise risk is higher. If immediate patching is not feasible, consider compensating controls: restrict local logon rights to only essential administrative accounts via Group Policy (Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > 'Allow log on locally'), deploy application whitelisting to prevent unauthorized code execution even if privilege escalation succeeds, and enhance monitoring for suspicious SYSTEM-level process creation from low-privilege user contexts (monitor for child processes of user-mode applications spawning with SYSTEM tokens). Note that network-level mitigations are ineffective since this is a local exploitation vulnerability; the attack occurs after an attacker already has local access. Mitigations reduce attack surface but do not eliminate the vulnerability - patching remains the definitive remediation.

Share

EUVD-2026-29607 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy