Microsoft Windows Ancillary Function Driver: Seven Use-After-Free Flaws Disclosed
Microsoft's June 2026 Patch Tuesday addressed seven High-severity 'use after free' vulnerabilities in the Windows Ancillary Function Driver for WinSock, allowing local privilege escalation.
Key findings
- Seven 'use after free' vulnerabilities disclosed together in Microsoft's WinSock Ancillary Function Driver.
- All vulnerabilities allow local privilege escalation with 'High' severity ratings.
- CVE-2026-45638 has the highest CVSSv3 score at 7.8, while others are rated at 7.0.
- These flaws were part of Microsoft's June 2026 Patch Tuesday, addressing 200 vulnerabilities in total.
- No active exploitation in the wild was reported for these specific vulnerabilities prior to disclosure.
Microsoft's June 2026 Patch Tuesday brought a significant security update, including the disclosure of seven 'use after free' vulnerabilities within the Windows Ancillary Function Driver for WinSock. These flaws, all disclosed on June 9, 2026, carry a 'High' severity rating and could allow an authorized local attacker to elevate their privileges on a compromised system. The batch of vulnerabilities includes CVE-2026-45638 (CVSSv3 7.8), and CVE-2026-45603, CVE-2026-45601, CVE-2026-45598, CVE-2026-45596, CVE-2026-42911, and CVE-2026-34335, all with a CVSSv3 score of 7.0.
All seven vulnerabilities share the same root cause: a 'use after free' error within the Windows Ancillary Function Driver for WinSock. This type of memory corruption vulnerability occurs when a program attempts to access memory after it has been freed, potentially leading to unpredictable behavior or security exploits. In this specific case, the exploitation allows for local privilege escalation, meaning an attacker who already has some level of access to a system could leverage these flaws to gain higher-level administrative privileges.
While the provided information does not indicate active exploitation of these specific vulnerabilities in the wild prior to their disclosure, Microsoft's June 2026 Patch Tuesday addressed a total of 200 flaws, including three zero-day vulnerabilities. This context suggests a broad security focus for the month, with administrators urged to prioritize updates. The 'use after free' bugs in the WinSock driver are part of a larger set of 63 Elevation of Privilege vulnerabilities patched by Microsoft during this cycle N1, N2.
Microsoft has released security updates to address these vulnerabilities. Users are advised to apply the latest cumulative updates for their respective Windows versions to ensure their systems are protected. The specific versions affected and patched are detailed in Microsoft's official security advisories, which are part of the June 2026 Patch Tuesday rollout. Prompt application of these patches is crucial to mitigate the risk of local privilege escalation.
This coordinated disclosure of seven related vulnerabilities highlights the importance of timely patching for core Windows components. The 'use after free' class of bugs, particularly in network-facing drivers like the WinSock Ancillary Function Driver, can present significant risks if exploited. Users should remain vigilant and ensure their systems are updated to the latest security baseline to defend against such threats.