Information disclosure in Windows and Windows Server - CVE-2026-34328
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to improper access control in Windows Audio Service when exposing service memory information locally. A local user can access memory address information belonging to the EventLog Windows service to disclose sensitive information.
The disclosed information is limited to memory addresses belonging to the EventLog Windows service.