SB20260310105 - Multiple vulnerabilities in Microsoft Windows Ancillary Function Driver for WinSock

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2026-25178)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Windows Ancillary Function Driver for WinSock. A local user can gain elevated privileges on the target system.

2) NULL pointer dereference (CVE-ID: CVE-2026-24293)

The vulnerability allows a local suer to escalate privileges on the system.

The vulnerability exists due to a NULL pointer dereference error in Windows Ancillary Function Driver for WinSock. A local user can pass specially crafted data to the application and gain elevated privileges on the target system.

3) Improper access control (CVE-ID: CVE-2026-25176)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in Windows Ancillary Function Driver for WinSock. A local user can bypass implemented security restrictions and gain elevated privileges on the target system.

4) Improper Validation of Specified Type of Input (CVE-ID: CVE-2026-25179)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper validation of specified type of input in Windows Ancillary Function Driver for WinSock, which leads to security restrictions bypass and privilege escalation.

Remediation

Install update from vendor's website.

References

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25178
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24293
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25176
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25179