SB2026071625 - Multiple vulnerabilities in Microsoft Windows Ancillary Function Driver for WinSock
Published: July 16, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2026-50312)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Windows Ancillary Function Driver for WinSock. A local user can gain elevated privileges on the target system.
2) Cleartext transmission of sensitive information (CVE-ID: CVE-2026-34346)
CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information in Windows Ancillary Function Driver for WinSock. A local user can gain access to sensitive data.
3) Use-after-free (CVE-ID: CVE-2026-57093)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Windows Ancillary Function Driver for WinSock. A local user can gain elevated privileges on the target system.
4) External Control of File Name or Path (CVE-ID: CVE-2026-50462)
CWE-ID: CWE-73 - External Control of File Name or Path
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to external control of file name or path in Windows Ancillary Function Driver for WinSock, which leads to security restrictions bypass and privilege escalation.
Remediation
Install update from vendor's website.