CVE-2026-34342

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

CVSS Details

CVSS Score

7.0

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* - VULNERABLE

Windows Print Spooler Components (具体受影响版本请参考Microsoft安全公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

/*
 * PoC for CVE-2026-34342
 * Conceptual demonstration of a race condition in Windows Print Spooler.
 * This code attempts to exploit the synchronization issue in shared resources.
 */

#include <windows.h>
#include <stdio.h>

DWORD WINAPI ThreadA(LPVOID lpParam) {
    // Simulate legitimate operation on the shared resource
    HANDLE hSpooler = OpenPrinter("Microsoft Print to PDF", NULL, NULL);
    if (hSpooler) {
        Sleep(10); // Introduce delay to widen the race window
        ClosePrinter(hSpooler);
    }
    return 0;
}

DWORD WINAPI ThreadB(LPVOID lpParam) {
    // Simulate malicious operation attempting to elevate privileges
    // exploiting the lack of synchronization in ThreadA
    Sleep(5); // Attempt to hit the race window
    
    // In a real exploit, this would involve memory corruption or
    // hijacking a privileged operation to execute code as SYSTEM.
    printf("[+] Attempting to exploit race condition...\n");
    
    // Hypothetical exploitation logic
    // ... 
    return 0;
}

int main() {
    printf("[*] Starting PoC for CVE-2026-34342...\n");
    
    HANDLE hThreads[2];
    hThreads[0] = CreateThread(NULL, 0, ThreadA, NULL, 0, NULL);
    hThreads[1] = CreateThread(NULL, 0, ThreadB, NULL, 0, NULL);
    
    WaitForMultipleObjects(2, hThreads, TRUE, INFINITE);
    
    CloseHandle(hThreads[0]);
    CloseHandle(hThreads[1]);
    
    printf("[*] Exploit attempt finished.\n");
    return 0;
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-34342
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-34342
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-34342/
[4] VulDB https://vuldb.com/cve/CVE-2026-34342
[5] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34342

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-34342", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:17:08.640", "lastModified": "2026-05-14T14:59:29.583", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.0, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-362"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.14393.9140", "matchCriteriaId": "D48FE1A3-FD94-469C-87EA-AA7B4AAC6B86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.14393.9140", "matchCriteriaId": "027462CD-8FA3-4C9F-8778-5AB3F4CDB5B1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.17763.8755", "matchCriteriaId": "94017187-8A34-41BB-A49E-0FA6986E8CB8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.17763.8755", "matchCriteriaId": "BB81D249-7566-44B7-914C-A3674CE87AFB"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.19044.7291", "matchCriteriaId": "92E25E15-66FF-45E3-A044-88A7CFDEA9DF"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.19044.7291", "matchCriteriaId": "0D04D4AA-D1A5-45D4-A27A-F80D3F6171AF"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.19044.7291", "matchCriteriaId": "12B4D343-5326-4CF2-913D-F642C34B458A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.19045.7291", "matchCriteriaId": "6BB3BCA4-519F-4BAB-B7C7-9E3BBCE5A6AB"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.19045.7291", "matchCriteriaId": "65466E7E-0BDC-4ECC-AE5F-2E4B8615D205"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.19045.7291", "matchCriteriaId": "A722684E-1073-4076-82AE-3235AA1C4C9F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.22631.7079", "matchCriteriaId": "D039A905-2FE4-4A10-85BF-175947E6A017"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.22631.7079", "matchCriteriaId": "4904DDBD-B183-4AA2-ABD6-47BAF1A28861"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.26100.8390", "matchCriteriaId": "048AD3CD-DD62-4B62-9302-61779D998B4A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.26100.8390", "matchCriteriaId": "3682F4DD-0870-4E39-B75E-649C89BB1E08"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.26200.8390", "matchCriteriaId": "C2C93D38-DFD7-4DE1-95B8-6D73E4A545D6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.26200.8390", "matchCriteriaId": "05EB89A0-2ADD-4B67-A644-41FE1DE69E4A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.28000.2113", "matchCriteriaId": "D45A5D2F-E058-4033-B184-BAE224FC1CEA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.28000.2113", "matchCriteriaId": "5127F350-9271-4B74-84E0-D7E5D2D5640E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "v ... (truncated)