Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
7.8

Windows Ancillary Function Driver WinSock Privilege Elevation Vulnerability

CVE-2026-24293
Summary

A flaw in the Windows Ancillary Function Driver for WinSock may allow an attacker with local access to gain elevated privileges. This means an attacker could potentially take control of your system. To mitigate this risk, apply the latest Windows updates.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
microsoft windows_10_21h2 <= 10.0.19044.7058
microsoft windows_10_21h2 <= 10.0.19044.7058
microsoft windows_10_21h2 <= 10.0.19044.7058
microsoft windows_10_22h2 <= 10.0.19045.7058
microsoft windows_10_22h2 <= 10.0.19045.7058
microsoft windows_10_22h2 <= 10.0.19045.7058
microsoft windows_11_23h2 <= 10.0.22631.6783
microsoft windows_11_23h2 <= 10.0.22631.6783
microsoft windows_11_24h2 <= 10.0.26100.7979
microsoft windows_11_24h2 <= 10.0.26100.7979
microsoft windows_11_25h2 <= 10.0.26200.7979
microsoft windows_11_25h2 <= 10.0.26200.7979
microsoft windows_11_26h1 <= 10.0.28000.1719
microsoft windows_11_26h1 <= 10.0.28000.1719
microsoft windows_server_2022 <= 10.0.20348.4830
microsoft windows_server_2022_23h2 <= 10.0.25398.2207
microsoft windows_server_2025 <= 10.0.26100.32463
Original title
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Original description
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
nvd CVSS3.1 7.8
Vulnerability type
CWE-476 NULL Pointer Dereference
Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026