🟡 Medium  |  Source: Microsoft Security Response Center


CVE-2026-34346 is a vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys), where sensitive information is transmitted in cleartext, allowing a locally authenticated attacker to read data they should not have access to. The flaw requires local access to exploit, limiting remote attack surface, but it could be leveraged as part of a broader attack chain to harvest credentials or session data. Windows systems running cloud workloads — including Azure VMs and hybrid-joined endpoints — are in scope.

Security Architect’s Take: Prioritise patching Windows hosts running Azure Virtual Machines, Azure Virtual Desktop, or hybrid workloads where multiple users or processes share the same host, as local information disclosure flaws are commonly chained with privilege escalation exploits. Ensure your patch management pipeline is applying the relevant Microsoft security update promptly and verify coverage via Defender for Cloud or your vulnerability management tooling.

Original advisory: CVE-2026-34346 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability