🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-45638 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock (afd.sys), a core Windows networking component. If exploited, an attacker with local access could gain SYSTEM-level privileges on affected Windows machines, including those running as Azure VMs or hybrid-connected servers. This update is an acknowledgement change only and carries no new technical details or patches.

Security Architect’s Take: No immediate remediation action is required as this is an informational acknowledgement update — ensure the original patch for CVE-2026-45638 has been applied across all Windows-based Azure VMs, Azure Virtual Desktop hosts, and hybrid Arc-connected servers via your patch management tooling.

Original advisory: CVE-2026-45638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability