Microsoft Patches Windows splwow64 Race Condition Privilege Escalation Vulnerability (CVE-2026-34342)

Microsoft has issued a security update to address CVE-2026-34342, a local privilege escalation vulnerability in the Windows splwow64.exe process, which is part of the Print Spooler service. The flaw was disclosed on May 12, 2026, by the Zero Day Initiative (ZDI) and reported by researcher Marcin Wiazowski.

The vulnerability is a race condition arising from unsafe use of shared memory within splwow64.exe. An attacker who already has the ability to execute low-privileged code on the target system can exploit this flaw to escalate privileges from low integrity to medium integrity, allowing arbitrary code execution in the context of the current user. The CVSS score for this vulnerability is 4.4, with a vector of AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L, indicating a local attack vector with low complexity and low privileges required.

Microsoft has released a security update to correct this vulnerability, available via the Microsoft Security Response Center (MSRC) update guide. Users are advised to apply the patch promptly to mitigate the risk. The vulnerability was reported to Microsoft on January 12, 2026, and coordinated public disclosure occurred on May 12, 2026.

This issue is part of a broader pattern of privilege escalation vulnerabilities in Windows components, particularly those related to the Print Spooler service, which has been a frequent target for attackers. While this specific flaw requires local access and low-privileged code execution, it could be chained with other vulnerabilities to achieve more significant compromise.

Organizations should prioritize patching this vulnerability, especially on systems where untrusted users have local access. The update is included in Microsoft's May 2026 Patch Tuesday release.