🟡 Medium  |  Source: Microsoft Security Response Center


CVE-2026-34349 is an information disclosure vulnerability in Windows Media that allows a locally authenticated attacker to access sensitive information they should not be able to see. The flaw requires the attacker to already have a foothold on the affected system, limiting remote exploitation risk. While not critical, it could be chained with other vulnerabilities to facilitate privilege escalation or lateral movement.

Security Architect’s Take: Prioritise patching Windows endpoints and Azure VMs running Windows workloads in your next maintenance cycle, particularly where Windows Media components are active. Assess whether your Azure VM images and golden AMIs include the affected Windows Media libraries and update them accordingly.

Original advisory: CVE-2026-34349 Windows Media Information Disclosure Vulnerability