OTPulse

Windows TCP/IP Elevation of Privilege Vulnerability

Plan PatchCVSS 7.8CVE-2026-34334May 12, 2026
Microsoft
IT in OT - Windows Server and Active Directory are widely deployed in OT environments
Attack path
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

A race condition in Windows TCP/IP networking allows a local user with standard privileges to elevate to administrator level through improper synchronization of shared resources. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 23H2, 24H2, 25H2, 26H1), and Windows Server 2016, 2019, 2022, and 2025 across 32-bit, 64-bit, and ARM64 architectures. Microsoft rates exploitation as unlikely and has issued fixes in the May 2026 security update.

What this means
What could happen
An attacker with a local user account on a Windows workstation or server can exploit a TCP/IP race condition to gain administrator privileges, potentially allowing unauthorized system configuration changes or process manipulation.
Who's at risk
Organizations running Windows 10 or Windows Server 2016, 2019, 2022, or 2025 on engineering workstations, HMI servers, or data historian systems. Affects both 32-bit and 64-bit versions across all modern Windows releases. Particularly relevant if administrative access restrictions are in place to limit engineer accounts.
How it could be exploited
An attacker with a local user account interacts with Windows TCP/IP networking code during a specific timing window where insufficient synchronization occurs. By exploiting this race condition, the attacker can elevate their privileges to system administrator level without needing admin credentials.
Prerequisites
  • Local user account on the affected Windows system
  • Ability to execute code or scripts on the system
Requires local account accessLow complexity attackAffects privilege escalation
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (27)
27 with fix
ProductAffected VersionsFix Status
Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8755
Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8755
Windows Server 2019All versionsBuild 10.0.17763.8755
Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8755
Windows Server 2022All versionsBuild 10.0.20348.5139
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply the May 2026 Windows security update for your Windows version (see product fixes for specific build numbers)
View full vendor advisory
API: /api/v1/advisories/0fc317c8-74b9-4e82-9659-a9f425ca0aa2

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Windows TCP/IP Elevation of Privilege Vulnerability | CVSS 7.8 - OTPulse