CPE-8CC97D1E-5D23-4609-81F3-879199CAA788 Detail

CPE Details

Microsoft Windows Server 2008 R2 Service Pack 1 Datacenter Edition on x64

Vendor

microsoft

Product

windows_server_2008

Version

Created

2019-05-02
12h44 +00:00

Modified

2019-05-02
12h44 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::datacenter::x64:

Informations

Vendor

microsoft

Product

windows_server_2008

Version

Update

sp1

Software Edition

datacenter

Target Hardware

x64

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2025-21377	2025-02-11 17h58 +00:00	NTLM Hash Disclosure Spoofing Vulnerability	6.5	Medium
CVE-2025-21410	2025-02-11 17h58 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2025-21407	2025-02-11 17h58 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21406	2025-02-11 17h58 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21419	2025-02-11 17h58 +00:00	Windows Setup Files Cleanup Elevation of Privilege Vulnerability	7.1	High
CVE-2025-21418	2025-02-11 17h58 +00:00	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	7.8	High
CVE-2025-21245	2025-01-14 18h04 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21409	2025-01-14 18h04 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21223	2025-01-14 18h04 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21238	2025-01-14 18h04 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21240	2025-01-14 18h04 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21250	2025-01-14 18h04 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21417	2025-01-14 18h04 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21246	2025-01-14 18h04 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21332	2025-01-14 18h04 +00:00	MapUrlToZone Security Feature Bypass Vulnerability	8.8	High
CVE-2025-21339	2025-01-14 18h04 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21338	2025-01-14 18h04 +00:00	GDI+ Remote Code Execution Vulnerability	7.8	High
CVE-2025-21336	2025-01-14 18h04 +00:00	Windows Cryptographic Information Disclosure Vulnerability	5.6	Medium
CVE-2025-21331	2025-01-14 18h04 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.3	High
CVE-2025-21324	2025-01-14 18h04 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21310	2025-01-14 18h04 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21307	2025-01-14 18h04 +00:00	Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability	9.8	Critical
CVE-2025-21305	2025-01-14 18h04 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21300	2025-01-14 18h04 +00:00	Windows upnphost.dll Denial of Service Vulnerability	7.5	High
CVE-2025-21287	2025-01-14 18h04 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2025-21286	2025-01-14 18h04 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21276	2025-01-14 18h04 +00:00	Windows MapUrlToZone Denial of Service Vulnerability	7.5	High
CVE-2025-21273	2025-01-14 18h04 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21189	2025-01-14 18h04 +00:00	MapUrlToZone Security Feature Bypass Vulnerability	4.3	Medium
CVE-2025-21261	2025-01-14 18h04 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21256	2025-01-14 18h04 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21232	2025-01-14 18h04 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21231	2025-01-14 18h04 +00:00	IP Helper Denial of Service Vulnerability	7.5	High
CVE-2025-21230	2025-01-14 18h04 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2025-21228	2025-01-14 18h04 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21227	2025-01-14 18h04 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21226	2025-01-14 18h04 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21220	2025-01-14 18h04 +00:00	Microsoft Message Queuing Information Disclosure Vulnerability	7.5	High
CVE-2025-21328	2025-01-14 18h04 +00:00	MapUrlToZone Security Feature Bypass Vulnerability	4.3	Medium
CVE-2025-21329	2025-01-14 18h04 +00:00	MapUrlToZone Security Feature Bypass Vulnerability	4.3	Medium
CVE-2025-21217	2025-01-14 18h04 +00:00	Windows NTLM Spoofing Vulnerability	6.5	Medium
CVE-2025-21389	2025-01-14 18h04 +00:00	Windows upnphost.dll Denial of Service Vulnerability	7.5	High
CVE-2025-21341	2025-01-14 18h04 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21176	2025-01-14 18h04 +00:00	.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability	8.8	High
CVE-2025-21327	2025-01-14 18h04 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21320	2025-01-14 18h03 +00:00	Windows Kernel Memory Information Disclosure Vulnerability	5.5	Medium
CVE-2025-21319	2025-01-14 18h03 +00:00	Windows Kernel Memory Information Disclosure Vulnerability	5.5	Medium
CVE-2025-21306	2025-01-14 18h03 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21303	2025-01-14 18h03 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21302	2025-01-14 18h03 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21298	2025-01-14 18h03 +00:00	Windows OLE Remote Code Execution Vulnerability	9.8	Critical
CVE-2025-21297	2025-01-14 18h03 +00:00	Windows Remote Desktop Services Remote Code Execution Vulnerability	8.1	High
CVE-2025-21296	2025-01-14 18h03 +00:00	BranchCache Remote Code Execution Vulnerability	7.5	High
CVE-2025-21295	2025-01-14 18h03 +00:00	SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability	8.1	High
CVE-2025-21294	2025-01-14 18h03 +00:00	Microsoft Digest Authentication Remote Code Execution Vulnerability	8.1	High
CVE-2025-21290	2025-01-14 18h03 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2025-21289	2025-01-14 18h03 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2025-21288	2025-01-14 18h03 +00:00	Windows COM Server Information Disclosure Vulnerability	6.5	Medium
CVE-2025-21285	2025-01-14 18h03 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2025-21282	2025-01-14 18h03 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21277	2025-01-14 18h03 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2025-21272	2025-01-14 18h03 +00:00	Windows COM Server Information Disclosure Vulnerability	6.5	Medium
CVE-2025-21270	2025-01-14 18h03 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2025-21269	2025-01-14 18h03 +00:00	Windows HTML Platforms Security Feature Bypass Vulnerability	4.3	Medium
CVE-2025-21268	2025-01-14 18h03 +00:00	MapUrlToZone Security Feature Bypass Vulnerability	4.3	Medium
CVE-2025-21266	2025-01-14 18h03 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21265	2025-01-14 18h03 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21263	2025-01-14 18h03 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21260	2025-01-14 18h03 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21258	2025-01-14 18h03 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21255	2025-01-14 18h03 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21252	2025-01-14 18h03 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21251	2025-01-14 18h03 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2025-21249	2025-01-14 18h03 +00:00	Windows Digital Media Elevation of Privilege Vulnerability	6.6	Medium
CVE-2025-21244	2025-01-14 18h03 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21243	2025-01-14 18h03 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21242	2025-01-14 18h03 +00:00	Windows Kerberos Information Disclosure Vulnerability	5.9	Medium
CVE-2025-21237	2025-01-14 18h03 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21236	2025-01-14 18h03 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21233	2025-01-14 18h03 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21215	2025-01-14 18h03 +00:00	Secure Boot Security Feature Bypass Vulnerability	4.6	Medium
CVE-2025-21214	2025-01-14 18h03 +00:00	Windows BitLocker Information Disclosure Vulnerability	4.2	Medium
CVE-2025-21210	2025-01-14 18h03 +00:00	Windows BitLocker Information Disclosure Vulnerability	4.2	Medium
CVE-2025-21413	2025-01-14 18h03 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2025-21411	2025-01-14 18h03 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2024-49105	2024-12-10 20h06 +00:00	Remote Desktop Client Remote Code Execution Vulnerability	8.4	High
CVE-2024-49138	2024-12-10 17h49 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-49127	2024-12-10 17h49 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.1	High
CVE-2024-49118	2024-12-10 17h49 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	8.1	High
CVE-2024-49113	2024-12-10 17h49 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability	7.5	High
CVE-2024-49112	2024-12-10 17h49 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	9.8	Critical
CVE-2024-49090	2024-12-10 17h49 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-49088	2024-12-10 17h49 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-49082	2024-12-10 17h49 +00:00	Windows File Explorer Information Disclosure Vulnerability	6.8	Medium
CVE-2024-49080	2024-12-10 17h49 +00:00	Windows IP Routing Management Snapin Remote Code Execution Vulnerability	8.8	High
CVE-2024-49072	2024-12-10 17h49 +00:00	Windows Task Scheduler Elevation of Privilege Vulnerability	7.8	High
CVE-2024-49126	2024-12-10 17h49 +00:00	Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability	8.1	High
CVE-2024-49125	2024-12-10 17h49 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-49124	2024-12-10 17h49 +00:00	Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability	8.1	High
CVE-2024-49122	2024-12-10 17h49 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	8.1	High
CVE-2024-49121	2024-12-10 17h49 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability	7.5	High
CVE-2024-49104	2024-12-10 17h49 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-49102	2024-12-10 17h49 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-49096	2024-12-10 17h49 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2024-49089	2024-12-10 17h49 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.2	High
CVE-2024-49086	2024-12-10 17h49 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-49085	2024-12-10 17h49 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-49084	2024-12-10 17h49 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7	High
CVE-2024-49019	2024-11-12 17h54 +00:00	Active Directory Certificate Services Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38203	2024-11-12 17h54 +00:00	Windows Package Library Manager Information Disclosure Vulnerability	6.2	Medium
CVE-2024-43641	2024-11-12 17h54 +00:00	Windows Registry Elevation of Privilege Vulnerability	7.8	High
CVE-2024-43635	2024-11-12 17h54 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2024-43622	2024-11-12 17h54 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2024-43621	2024-11-12 17h54 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2024-43620	2024-11-12 17h53 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2024-49046	2024-11-12 17h53 +00:00	Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability	7.8	High
CVE-2024-43451	2024-11-12 17h53 +00:00	NTLM Hash Disclosure Spoofing Vulnerability	6.5	Medium
CVE-2024-43450	2024-11-12 17h53 +00:00	Windows DNS Spoofing Vulnerability	7.5	High
CVE-2024-43449	2024-11-12 17h53 +00:00	Windows USB Video Class System Driver Elevation of Privilege Vulnerability	6.8	Medium
CVE-2024-43644	2024-11-12 17h53 +00:00	Windows Client-Side Caching Elevation of Privilege Vulnerability	7.8	High
CVE-2024-43643	2024-11-12 17h53 +00:00	Windows USB Video Class System Driver Elevation of Privilege Vulnerability	6.8	Medium
CVE-2024-43638	2024-11-12 17h53 +00:00	Windows USB Video Class System Driver Elevation of Privilege Vulnerability	6.8	Medium
CVE-2024-43637	2024-11-12 17h53 +00:00	Windows USB Video Class System Driver Elevation of Privilege Vulnerability	6.8	Medium
CVE-2024-43634	2024-11-12 17h53 +00:00	Windows USB Video Class System Driver Elevation of Privilege Vulnerability	6.8	Medium
CVE-2024-43628	2024-11-12 17h53 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2024-43627	2024-11-12 17h53 +00:00	Windows Telephony Service Remote Code Execution Vulnerability	8.8	High
CVE-2024-43626	2024-11-12 17h53 +00:00	Windows Telephony Service Elevation of Privilege Vulnerability	7.8	High
CVE-2024-43623	2024-11-12 17h53 +00:00	Windows NT OS Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2024-43611	2024-10-08 17h36 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-43583	2024-10-08 17h36 +00:00	Winlogon Elevation of Privilege Vulnerability	7.8	High
CVE-2024-43599	2024-10-08 17h36 +00:00	Remote Desktop Client Remote Code Execution Vulnerability	8.8	High
CVE-2024-43593	2024-10-08 17h36 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-43592	2024-10-08 17h36 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-43589	2024-10-08 17h36 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-43572	2024-10-08 17h36 +00:00	Microsoft Management Console Remote Code Execution Vulnerability	7.8	High
CVE-2024-43570	2024-10-08 17h36 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7	High
CVE-2024-43564	2024-10-08 17h36 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-43556	2024-10-08 17h36 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2024-43553	2024-10-08 17h36 +00:00	NT OS Kernel Elevation of Privilege Vulnerability	7.4	High
CVE-2024-43549	2024-10-08 17h35 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-43547	2024-10-08 17h35 +00:00	Windows Kerberos Information Disclosure Vulnerability	6.5	Medium
CVE-2024-43545	2024-10-08 17h35 +00:00	Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability	7.5	High
CVE-2024-43544	2024-10-08 17h35 +00:00	Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability	7.5	High
CVE-2024-43520	2024-10-08 17h35 +00:00	Windows Kernel Denial of Service Vulnerability	5	Medium
CVE-2024-43517	2024-10-08 17h35 +00:00	Microsoft ActiveX Data Objects Remote Code Execution Vulnerability	8.8	High
CVE-2024-43509	2024-10-08 17h35 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2024-43501	2024-10-08 17h35 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-43484	2024-10-08 17h35 +00:00	.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability	7.5	High
CVE-2024-43483	2024-10-08 17h35 +00:00	.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability	7.5	High
CVE-2024-43456	2024-10-08 17h35 +00:00	Windows Remote Desktop Services Tampering Vulnerability	7.4	High
CVE-2024-38212	2024-10-08 17h35 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-43453	2024-10-08 17h35 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-38262	2024-10-08 17h35 +00:00	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	7.5	High
CVE-2024-38265	2024-10-08 17h35 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-38124	2024-10-08 17h35 +00:00	Windows Netlogon Elevation of Privilege Vulnerability	9	Critical
CVE-2024-38149	2024-10-08 17h35 +00:00	BranchCache Denial of Service Vulnerability	7.5	High
CVE-2024-43607	2024-10-08 17h35 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-43608	2024-10-08 17h35 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-43541	2024-10-08 17h35 +00:00	Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability	7.5	High
CVE-2024-43535	2024-10-08 17h35 +00:00	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	7	High
CVE-2024-43534	2024-10-08 17h35 +00:00	Windows Graphics Component Information Disclosure Vulnerability	6.5	Medium
CVE-2024-43532	2024-10-08 17h35 +00:00	Remote Registry Service Elevation of Privilege Vulnerability	8.8	High
CVE-2024-43519	2024-10-08 17h35 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-43518	2024-10-08 17h35 +00:00	Windows Telephony Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-43515	2024-10-08 17h35 +00:00	Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability	7.5	High
CVE-2024-43506	2024-10-08 17h35 +00:00	BranchCache Denial of Service Vulnerability	7.5	High
CVE-2024-38261	2024-10-08 17h35 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.8	High
CVE-2024-30073	2024-09-10 16h54 +00:00	Windows Security Zone Mapping Security Feature Bypass Vulnerability	7.8	High
CVE-2024-43461	2024-09-10 16h54 +00:00	Windows MSHTML Platform Spoofing Vulnerability	8.8	High
CVE-2024-43455	2024-09-10 16h54 +00:00	Windows Remote Desktop Licensing Service Spoofing Vulnerability	9.8	Critical
CVE-2024-43454	2024-09-10 16h54 +00:00	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	7.1	High
CVE-2024-38263	2024-09-10 16h54 +00:00	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	7.5	High
CVE-2024-38260	2024-09-10 16h54 +00:00	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	8.8	High
CVE-2024-38258	2024-09-10 16h54 +00:00	Windows Remote Desktop Licensing Service Information Disclosure Vulnerability	7.5	High
CVE-2024-38247	2024-09-10 16h54 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38245	2024-09-10 16h54 +00:00	Kernel Streaming Service Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38239	2024-09-10 16h54 +00:00	Windows Kerberos Elevation of Privilege Vulnerability	7.2	High
CVE-2024-38234	2024-09-10 16h54 +00:00	Windows Networking Denial of Service Vulnerability	6.5	Medium
CVE-2024-38231	2024-09-10 16h53 +00:00	Windows Remote Desktop Licensing Service Denial of Service Vulnerability	7.5	High
CVE-2024-38217	2024-09-10 16h53 +00:00	Windows Mark of the Web Security Feature Bypass Vulnerability	5.4	Medium
CVE-2024-38014	2024-09-10 16h53 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2024-43467	2024-09-10 16h53 +00:00	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	7.5	High
CVE-2024-38256	2024-09-10 16h53 +00:00	Windows Kernel-Mode Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2024-38250	2024-09-10 16h53 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38249	2024-09-10 16h53 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38236	2024-09-10 16h53 +00:00	DHCP Server Service Denial of Service Vulnerability	7.5	High
CVE-2024-37968	2024-08-13 17h30 +00:00	Windows DNS Spoofing Vulnerability	7.5	High
CVE-2024-38223	2024-08-13 17h30 +00:00	Windows Initial Machine Configuration Elevation of Privilege Vulnerability	6.8	Medium
CVE-2024-38214	2024-08-13 17h30 +00:00	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	6.5	Medium
CVE-2024-38120	2024-08-13 17h30 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-38180	2024-08-13 17h30 +00:00	Windows SmartScreen Security Feature Bypass Vulnerability	8.8	High
CVE-2024-38154	2024-08-13 17h30 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-38153	2024-08-13 17h30 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38152	2024-08-13 17h30 +00:00	Windows OLE Remote Code Execution Vulnerability	7.8	High
CVE-2024-38151	2024-08-13 17h30 +00:00	Windows Kernel Information Disclosure Vulnerability	5.5	Medium
CVE-2024-38144	2024-08-13 17h30 +00:00	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	8.8	High
CVE-2024-38140	2024-08-13 17h30 +00:00	Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability	9.8	Critical
CVE-2024-38134	2024-08-13 17h30 +00:00	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38131	2024-08-13 17h30 +00:00	Clipboard Virtual Channel Extension Remote Code Execution Vulnerability	8.8	High
CVE-2024-38130	2024-08-13 17h30 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-38128	2024-08-13 17h30 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-38127	2024-08-13 17h30 +00:00	Windows Hyper-V Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38125	2024-08-13 17h30 +00:00	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38122	2024-08-13 17h30 +00:00	Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability	5.5	Medium
CVE-2024-38121	2024-08-13 17h30 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-38118	2024-08-13 17h30 +00:00	Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability	5.5	Medium
CVE-2024-38117	2024-08-13 17h30 +00:00	NTFS Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38116	2024-08-13 17h30 +00:00	Windows IP Routing Management Snapin Remote Code Execution Vulnerability	8.8	High
CVE-2024-38115	2024-08-13 17h30 +00:00	Windows IP Routing Management Snapin Remote Code Execution Vulnerability	8.8	High
CVE-2024-38114	2024-08-13 17h30 +00:00	Windows IP Routing Management Snapin Remote Code Execution Vulnerability	8.8	High
CVE-2024-29995	2024-08-13 17h30 +00:00	Windows Kerberos Elevation of Privilege Vulnerability	8.1	High
CVE-2024-38063	2024-08-13 17h29 +00:00	Windows TCP/IP Remote Code Execution Vulnerability	9.8	Critical
CVE-2024-38199	2024-08-13 17h29 +00:00	Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability	9.8	Critical
CVE-2024-38198	2024-08-13 17h29 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.5	High
CVE-2024-38196	2024-08-13 17h29 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38193	2024-08-13 17h29 +00:00	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38191	2024-08-13 17h29 +00:00	Kernel Streaming Service Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38099	2024-07-09 17h03 +00:00	Windows Remote Desktop Licensing Service Denial of Service Vulnerability	5.9	Medium
CVE-2024-38081	2024-07-09 17h03 +00:00	.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability	7.3	High
CVE-2024-38079	2024-07-09 17h03 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38074	2024-07-09 17h03 +00:00	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	9.8	Critical
CVE-2024-38073	2024-07-09 17h03 +00:00	Windows Remote Desktop Licensing Service Denial of Service Vulnerability	7.5	High
CVE-2024-38068	2024-07-09 17h03 +00:00	Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability	7.5	High
CVE-2024-38067	2024-07-09 17h03 +00:00	Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability	7.5	High
CVE-2024-38066	2024-07-09 17h03 +00:00	Windows Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38057	2024-07-09 17h03 +00:00	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38052	2024-07-09 17h03 +00:00	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38050	2024-07-09 17h03 +00:00	Windows Workstation Service Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38049	2024-07-09 17h03 +00:00	Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability	8.1	High
CVE-2024-38048	2024-07-09 17h03 +00:00	Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability	6.5	Medium
CVE-2024-38031	2024-07-09 17h03 +00:00	Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability	7.5	High
CVE-2024-38028	2024-07-09 17h03 +00:00	Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability	7.2	High
CVE-2024-38027	2024-07-09 17h03 +00:00	Windows Line Printer Daemon Service Denial of Service Vulnerability	6.5	Medium
CVE-2024-38019	2024-07-09 17h03 +00:00	Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability	7.2	High
CVE-2024-38017	2024-07-09 17h03 +00:00	Microsoft Message Queuing Information Disclosure Vulnerability	5.5	Medium
CVE-2024-38104	2024-07-09 17h02 +00:00	Windows Fax Service Remote Code Execution Vulnerability	8.8	High
CVE-2024-38091	2024-07-09 17h02 +00:00	Microsoft WS-Discovery Denial of Service Vulnerability	7.5	High
CVE-2024-38085	2024-07-09 17h02 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38077	2024-07-09 17h02 +00:00	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	9.8	Critical
CVE-2024-38071	2024-07-09 17h02 +00:00	Windows Remote Desktop Licensing Service Denial of Service Vulnerability	7.5	High
CVE-2024-38064	2024-07-09 17h02 +00:00	Windows TCP/IP Information Disclosure Vulnerability	7.5	High
CVE-2024-38061	2024-07-09 17h02 +00:00	DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability	7.5	High
CVE-2024-38060	2024-07-09 17h02 +00:00	Windows Imaging Component Remote Code Execution Vulnerability	8.8	High
CVE-2024-38055	2024-07-09 17h02 +00:00	Microsoft Windows Codecs Library Information Disclosure Vulnerability	5.5	Medium
CVE-2024-38054	2024-07-09 17h02 +00:00	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38051	2024-07-09 17h02 +00:00	Windows Graphics Component Remote Code Execution Vulnerability	7.8	High
CVE-2024-38034	2024-07-09 17h02 +00:00	Windows Filtering Platform Elevation of Privilege Vulnerability	7.8	High
CVE-2024-38025	2024-07-09 17h02 +00:00	Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability	7.2	High
CVE-2024-35270	2024-07-09 17h02 +00:00	Windows iSCSI Service Denial of Service Vulnerability	5.3	Medium
CVE-2024-30081	2024-07-09 17h02 +00:00	Windows NTLM Spoofing Vulnerability	7.1	High
CVE-2024-30095	2024-06-11 16h59 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.8	High
CVE-2024-30094	2024-06-11 16h59 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.8	High
CVE-2024-30093	2024-06-11 16h59 +00:00	Windows Storage Elevation of Privilege Vulnerability	7.3	High
CVE-2024-30091	2024-06-11 16h59 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2024-30090	2024-06-11 16h59 +00:00	Microsoft Streaming Service Elevation of Privilege Vulnerability	7	High
CVE-2024-30087	2024-06-11 16h59 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2024-30084	2024-06-11 16h59 +00:00	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	7	High
CVE-2024-30063	2024-06-11 16h59 +00:00	Windows Distributed File System (DFS) Remote Code Execution Vulnerability	6.7	Medium
CVE-2024-35250	2024-06-11 16h59 +00:00	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-30082	2024-06-11 16h59 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2024-30080	2024-06-11 16h59 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	9.8	Critical
CVE-2024-30078	2024-06-11 16h59 +00:00	Windows Wi-Fi Driver Remote Code Execution Vulnerability	8.8	High
CVE-2024-30077	2024-06-11 16h59 +00:00	Windows OLE Remote Code Execution Vulnerability	8	High
CVE-2024-30075	2024-06-11 16h59 +00:00	Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability	8	High
CVE-2024-30074	2024-06-11 16h59 +00:00	Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability	8	High
CVE-2024-30049	2024-05-14 16h57 +00:00	Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability	7.8	High
CVE-2024-30039	2024-05-14 16h57 +00:00	Windows Remote Access Connection Manager Information Disclosure Vulnerability	5.5	Medium
CVE-2024-30037	2024-05-14 16h57 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	5.5	Medium
CVE-2024-30036	2024-05-14 16h57 +00:00	Windows Deployment Services Information Disclosure Vulnerability	6.5	Medium
CVE-2024-30031	2024-05-14 16h57 +00:00	Windows CNG Key Isolation Service Elevation of Privilege Vulnerability	7.8	High
CVE-2024-30030	2024-05-14 16h57 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2024-30029	2024-05-14 16h57 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.5	High
CVE-2024-30028	2024-05-14 16h57 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2024-30027	2024-05-14 16h57 +00:00	NTFS Elevation of Privilege Vulnerability	7.8	High
CVE-2024-30025	2024-05-14 16h57 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-30024	2024-05-14 16h57 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.5	High
CVE-2024-30050	2024-05-14 16h57 +00:00	Windows Mark of the Web Security Feature Bypass Vulnerability	5.4	Medium
CVE-2024-30023	2024-05-14 16h57 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.5	High
CVE-2024-30022	2024-05-14 16h57 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.5	High
CVE-2024-30020	2024-05-14 16h57 +00:00	Windows Cryptographic Services Remote Code Execution Vulnerability	8.1	High
CVE-2024-30019	2024-05-14 16h57 +00:00	DHCP Server Service Denial of Service Vulnerability	6.5	Medium
CVE-2024-30016	2024-05-14 16h57 +00:00	Windows Cryptographic Services Information Disclosure Vulnerability	5.5	Medium
CVE-2024-30015	2024-05-14 16h57 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.5	High
CVE-2024-30014	2024-05-14 16h57 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.5	High
CVE-2024-30009	2024-05-14 16h57 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-30006	2024-05-14 16h57 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-29996	2024-05-14 16h56 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2024-28925	2024-04-09 17h01 +00:00	Secure Boot Security Feature Bypass Vulnerability	8	High
CVE-2024-26240	2024-04-09 17h01 +00:00	Secure Boot Security Feature Bypass Vulnerability	8	High
CVE-2024-26230	2024-04-09 17h01 +00:00	Windows Telephony Server Elevation of Privilege Vulnerability	7.8	High
CVE-2024-26228	2024-04-09 17h01 +00:00	Windows Cryptographic Services Security Feature Bypass Vulnerability	7.8	High
CVE-2024-26226	2024-04-09 17h01 +00:00	Windows Distributed File System (DFS) Information Disclosure Vulnerability	6.5	Medium
CVE-2024-26216	2024-04-09 17h01 +00:00	Windows File Server Resource Management Service Elevation of Privilege Vulnerability	7.3	High
CVE-2024-26215	2024-04-09 17h01 +00:00	DHCP Server Service Denial of Service Vulnerability	7.5	High
CVE-2024-26214	2024-04-09 17h01 +00:00	Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2024-26212	2024-04-09 17h01 +00:00	DHCP Server Service Denial of Service Vulnerability	7.5	High
CVE-2024-26208	2024-04-09 17h00 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.2	High
CVE-2024-26244	2024-04-09 17h00 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-26242	2024-04-09 17h00 +00:00	Windows Telephony Server Elevation of Privilege Vulnerability	7	High
CVE-2024-26234	2024-04-09 17h00 +00:00	Proxy Driver Spoofing Vulnerability	6.7	Medium
CVE-2024-26229	2024-04-09 17h00 +00:00	Windows CSC Service Elevation of Privilege Vulnerability	7.8	High
CVE-2024-26210	2024-04-09 17h00 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-26248	2024-04-09 17h00 +00:00	Windows Kerberos Elevation of Privilege Vulnerability	7.5	High
CVE-2024-26241	2024-04-09 17h00 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2024-26195	2024-04-09 17h00 +00:00	DHCP Server Service Remote Code Execution Vulnerability	7.2	High
CVE-2024-26194	2024-04-09 17h00 +00:00	Secure Boot Security Feature Bypass Vulnerability	7.4	High
CVE-2024-26183	2024-04-09 17h00 +00:00	Windows Kerberos Denial of Service Vulnerability	6.5	Medium
CVE-2024-20678	2024-04-09 17h00 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2024-29066	2024-04-09 17h00 +00:00	Windows Distributed File System (DFS) Remote Code Execution Vulnerability	7.2	High
CVE-2024-29050	2024-04-09 17h00 +00:00	Windows Cryptographic Services Remote Code Execution Vulnerability	8.4	High
CVE-2024-26232	2024-04-09 17h00 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2024-26158	2024-04-09 17h00 +00:00	Microsoft Install Service Elevation of Privilege Vulnerability	7.8	High
CVE-2024-26205	2024-04-09 17h00 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-26200	2024-04-09 17h00 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-26179	2024-04-09 17h00 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8	High
CVE-2024-26253	2024-04-09 17h00 +00:00	Windows rndismp6.sys Remote Code Execution Vulnerability	6.8	Medium
CVE-2024-26252	2024-04-09 17h00 +00:00	Windows rndismp6.sys Remote Code Execution Vulnerability	6.8	Medium
CVE-2024-21409	2024-04-09 17h00 +00:00	.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability	7.3	High
CVE-2024-29059	2024-03-22 23h09 +00:00	.NET Framework Information Disclosure Vulnerability	7.5	High
CVE-2024-26181	2024-03-12 16h58 +00:00	Windows Kernel Denial of Service Vulnerability	5.5	Medium
CVE-2024-26178	2024-03-12 16h58 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2024-26177	2024-03-12 16h58 +00:00	Windows Kernel Information Disclosure Vulnerability	5.5	Medium
CVE-2024-26176	2024-03-12 16h58 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2024-26174	2024-03-12 16h58 +00:00	Windows Kernel Information Disclosure Vulnerability	5.5	Medium
CVE-2024-26173	2024-03-12 16h58 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2024-26169	2024-03-12 16h58 +00:00	Windows Error Reporting Service Elevation of Privilege Vulnerability	7.8	High
CVE-2024-26166	2024-03-12 16h58 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-26162	2024-03-12 16h58 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2024-21440	2024-03-12 16h58 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2024-21437	2024-03-12 16h58 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2024-21436	2024-03-12 16h58 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2024-26161	2024-03-12 16h57 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-26159	2024-03-12 16h57 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2024-21451	2024-03-12 16h57 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2024-21450	2024-03-12 16h57 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21446	2024-03-12 16h57 +00:00	NTFS Elevation of Privilege Vulnerability	7.8	High
CVE-2024-21444	2024-03-12 16h57 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21441	2024-03-12 16h57 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21439	2024-03-12 16h57 +00:00	Windows Telephony Server Elevation of Privilege Vulnerability	7	High
CVE-2024-21438	2024-03-12 16h57 +00:00	Microsoft AllJoyn API Denial of Service Vulnerability	7.5	High
CVE-2024-21429	2024-03-12 16h57 +00:00	Windows USB Hub Driver Remote Code Execution Vulnerability	6.8	Medium
CVE-2023-50387	2024-02-13 23h00 +00:00	Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.	7.5	High
CVE-2024-21406	2024-02-13 18h02 +00:00	Windows Printing Service Spoofing Vulnerability	7.5	High
CVE-2024-21405	2024-02-13 18h02 +00:00	Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability	7	High
CVE-2024-21391	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21370	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21368	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21367	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21365	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21363	2024-02-13 18h02 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.8	High
CVE-2024-21359	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21356	2024-02-13 18h02 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability	6.5	Medium
CVE-2024-21347	2024-02-13 18h02 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	7.5	High
CVE-2024-21420	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21375	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21372	2024-02-13 18h02 +00:00	Windows OLE Remote Code Execution Vulnerability	8.8	High
CVE-2024-21369	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21366	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21361	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21360	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21358	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21357	2024-02-13 18h02 +00:00	Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability	8.1	High
CVE-2024-21352	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21350	2024-02-13 18h02 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2024-21349	2024-02-13 18h02 +00:00	Microsoft ActiveX Data Objects Remote Code Execution Vulnerability	8.8	High
CVE-2024-21340	2024-02-13 18h02 +00:00	Windows Kernel Information Disclosure Vulnerability	4.6	Medium
CVE-2024-21314	2024-01-09 17h57 +00:00	Microsoft Message Queuing Information Disclosure Vulnerability	6.5	Medium
CVE-2024-21312	2024-01-09 17h57 +00:00	.NET Framework Denial of Service Vulnerability	7.5	High
CVE-2024-21311	2024-01-09 17h57 +00:00	Windows Cryptographic Services Information Disclosure Vulnerability	5.5	Medium
CVE-2024-0057	2024-01-09 17h56 +00:00	NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability	9.8	Critical
CVE-2024-0056	2024-01-09 17h56 +00:00	Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability	8.7	High
CVE-2024-21313	2024-01-09 17h56 +00:00	Windows TCP/IP Information Disclosure Vulnerability	5.3	Medium
CVE-2024-21307	2024-01-09 17h56 +00:00	Remote Desktop Client Remote Code Execution Vulnerability	7.5	High
CVE-2024-20691	2024-01-09 17h56 +00:00	Windows Themes Information Disclosure Vulnerability	4.7	Medium
CVE-2023-35622	2023-12-12 18h10 +00:00	Windows DNS Spoofing Vulnerability	7.5	High
CVE-2023-35633	2023-12-12 18h10 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-35632	2023-12-12 18h10 +00:00	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	7.8	High
CVE-2023-35630	2023-12-12 18h10 +00:00	Internet Connection Sharing (ICS) Remote Code Execution Vulnerability	8.8	High
CVE-2023-35629	2023-12-12 18h10 +00:00	Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability	6.8	Medium
CVE-2023-35628	2023-12-12 18h10 +00:00	Windows MSHTML Platform Remote Code Execution Vulnerability	8.1	High
CVE-2023-35642	2023-12-12 18h10 +00:00	Internet Connection Sharing (ICS) Denial of Service Vulnerability	6.5	Medium
CVE-2023-35641	2023-12-12 18h10 +00:00	Internet Connection Sharing (ICS) Remote Code Execution Vulnerability	8.8	High
CVE-2023-35639	2023-12-12 18h10 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2023-36006	2023-12-12 18h10 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2023-36005	2023-12-12 18h10 +00:00	Windows Telephony Server Elevation of Privilege Vulnerability	8.1	High
CVE-2023-36004	2023-12-12 18h10 +00:00	Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability	7.5	High
CVE-2023-36012	2023-12-12 18h10 +00:00	DHCP Server Service Information Disclosure Vulnerability	5.3	Medium
CVE-2023-21740	2023-12-12 18h10 +00:00	Windows Media Remote Code Execution Vulnerability	7.8	High
CVE-2023-36049	2023-11-14 20h18 +00:00	.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability	9.8	Critical
CVE-2023-36025	2023-11-14 17h57 +00:00	Windows SmartScreen Security Feature Bypass Vulnerability	8.8	High
CVE-2023-36393	2023-11-14 17h57 +00:00	Windows User Interface Application Core Remote Code Execution Vulnerability	7.8	High
CVE-2023-36395	2023-11-14 17h57 +00:00	Windows Deployment Services Denial of Service Vulnerability	7.5	High
CVE-2023-36397	2023-11-14 17h57 +00:00	Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-36401	2023-11-14 17h57 +00:00	Microsoft Remote Registry Service Remote Code Execution Vulnerability	7.2	High
CVE-2023-36402	2023-11-14 17h57 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2023-36403	2023-11-14 17h57 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7	High
CVE-2023-36017	2023-11-14 17h57 +00:00	Windows Scripting Engine Memory Corruption Vulnerability	8.8	High
CVE-2023-36036	2023-11-14 17h57 +00:00	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2023-36423	2023-11-14 17h57 +00:00	Microsoft Remote Registry Service Remote Code Execution Vulnerability	8.8	High
CVE-2023-36424	2023-11-14 17h57 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2023-36425	2023-11-14 17h57 +00:00	Windows Distributed File System (DFS) Remote Code Execution Vulnerability	8	High
CVE-2023-36428	2023-11-14 17h57 +00:00	Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability	5.5	Medium
CVE-2023-36560	2023-11-14 17h57 +00:00	ASP.NET Security Feature Bypass Vulnerability	8.8	High
CVE-2023-36705	2023-11-14 17h57 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2023-36719	2023-11-14 17h57 +00:00	Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability	7.8	High
CVE-2023-36743	2023-10-10 17h08 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2023-36776	2023-10-10 17h08 +00:00	Win32k Elevation of Privilege Vulnerability	7	High
CVE-2023-36790	2023-10-10 17h08 +00:00	Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2023-38166	2023-10-10 17h08 +00:00	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2023-29348	2023-10-10 17h08 +00:00	Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability	7.5	High
CVE-2023-36431	2023-10-10 17h08 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2023-36434	2023-10-10 17h08 +00:00	Windows IIS Server Elevation of Privilege Vulnerability	9.8	Critical
CVE-2023-36438	2023-10-10 17h08 +00:00	Windows TCP/IP Information Disclosure Vulnerability	7.5	High
CVE-2023-36563	2023-10-10 17h08 +00:00	Microsoft WordPad Information Disclosure Vulnerability	6.5	Medium
CVE-2023-36564	2023-10-10 17h08 +00:00	Windows Search Security Feature Bypass Vulnerability	6.5	Medium
CVE-2023-36567	2023-10-10 17h08 +00:00	Windows Deployment Services Information Disclosure Vulnerability	7.5	High
CVE-2023-36570	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2023-36571	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2023-36572	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2023-36573	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2023-36574	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2023-36575	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2023-36577	2023-10-10 17h07 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2023-36578	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2023-36579	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2023-36581	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2023-36582	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2023-36583	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2023-36584	2023-10-10 17h07 +00:00	Windows Mark of the Web Security Feature Bypass Vulnerability	5.4	Medium
CVE-2023-36585	2023-10-10 17h07 +00:00	Windows upnphost.dll Denial of Service Vulnerability	7.5	High
CVE-2023-36589	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2023-36590	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2023-36591	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2023-36592	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.3	High
CVE-2023-36593	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.8	High
CVE-2023-36594	2023-10-10 17h07 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2023-36598	2023-10-10 17h07 +00:00	Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability	7.8	High
CVE-2023-36602	2023-10-10 17h07 +00:00	Windows TCP/IP Denial of Service Vulnerability	7.5	High
CVE-2023-36606	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2023-36697	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	8	High
CVE-2023-36702	2023-10-10 17h07 +00:00	Microsoft DirectMusic Remote Code Execution Vulnerability	7.8	High
CVE-2023-36703	2023-10-10 17h07 +00:00	DHCP Server Service Denial of Service Vulnerability	7.5	High
CVE-2023-36706	2023-10-10 17h07 +00:00	Windows Deployment Services Information Disclosure Vulnerability	6.5	Medium
CVE-2023-36710	2023-10-10 17h07 +00:00	Windows Media Foundation Core Remote Code Execution Vulnerability	7.8	High
CVE-2023-36722	2023-10-10 17h07 +00:00	Active Directory Domain Services Information Disclosure Vulnerability	4.4	Medium
CVE-2023-36724	2023-10-10 17h07 +00:00	Windows Power Management Service Information Disclosure Vulnerability	5.5	Medium
CVE-2023-36726	2023-10-10 17h07 +00:00	Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability	7.8	High
CVE-2023-36731	2023-10-10 17h07 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2023-36732	2023-10-10 17h07 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2023-41774	2023-10-10 17h07 +00:00	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2023-41773	2023-10-10 17h07 +00:00	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2023-41771	2023-10-10 17h07 +00:00	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2023-41770	2023-10-10 17h07 +00:00	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2023-41769	2023-10-10 17h07 +00:00	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2023-41768	2023-10-10 17h07 +00:00	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2023-41767	2023-10-10 17h07 +00:00	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2023-41766	2023-10-10 17h07 +00:00	Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability	7.8	High
CVE-2023-41765	2023-10-10 17h07 +00:00	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2023-35349	2023-10-10 17h07 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-36788	2023-09-12 16h58 +00:00	.NET Framework Remote Code Execution Vulnerability	7.8	High
CVE-2023-36792	2023-09-12 16h58 +00:00	Visual Studio Remote Code Execution Vulnerability	7.8	High
CVE-2023-36793	2023-09-12 16h58 +00:00	Visual Studio Remote Code Execution Vulnerability	7.8	High
CVE-2023-36794	2023-09-12 16h58 +00:00	Visual Studio Remote Code Execution Vulnerability	7.8	High
CVE-2023-36796	2023-09-12 16h58 +00:00	Visual Studio Remote Code Execution Vulnerability	7.8	High
CVE-2023-38160	2023-09-12 16h58 +00:00	Windows TCP/IP Information Disclosure Vulnerability	5.5	Medium
CVE-2023-36801	2023-09-12 16h58 +00:00	DHCP Server Service Information Disclosure Vulnerability	5.3	Medium
CVE-2023-36804	2023-09-12 16h58 +00:00	Windows GDI Elevation of Privilege Vulnerability	7.8	High
CVE-2023-38139	2023-09-12 16h58 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-38141	2023-09-12 16h58 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-38142	2023-09-12 16h58 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-38143	2023-09-12 16h58 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2023-38144	2023-09-12 16h58 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2023-38149	2023-09-12 16h58 +00:00	Windows TCP/IP Denial of Service Vulnerability	7.5	High
CVE-2023-38152	2023-09-12 16h58 +00:00	DHCP Server Service Information Disclosure Vulnerability	5.3	Medium
CVE-2023-38161	2023-09-12 16h58 +00:00	Windows GDI Elevation of Privilege Vulnerability	7.8	High
CVE-2023-36899	2023-08-08 18h34 +00:00	ASP.NET Elevation of Privilege Vulnerability	8.8	High
CVE-2023-36873	2023-08-08 18h34 +00:00	.NET Framework Spoofing Vulnerability	7.4	High
CVE-2023-38172	2023-08-08 17h08 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2023-38184	2023-08-08 17h08 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	7.5	High
CVE-2023-35385	2023-08-08 17h08 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-35384	2023-08-08 17h08 +00:00	Windows HTML Platforms Security Feature Bypass Vulnerability	6.5	Medium
CVE-2023-35383	2023-08-08 17h08 +00:00	Microsoft Message Queuing Information Disclosure Vulnerability	7.5	High
CVE-2023-35381	2023-08-08 17h08 +00:00	Windows Fax Service Remote Code Execution Vulnerability	8.8	High
CVE-2023-35380	2023-08-08 17h08 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-35379	2023-08-08 17h08 +00:00	Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability	7.8	High
CVE-2023-35377	2023-08-08 17h08 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	6.5	Medium
CVE-2023-38254	2023-08-08 17h08 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	6.5	Medium
CVE-2023-35376	2023-08-08 17h08 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	6.5	Medium
CVE-2023-36913	2023-08-08 17h08 +00:00	Microsoft Message Queuing Information Disclosure Vulnerability	7.5	High
CVE-2023-36912	2023-08-08 17h08 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2023-36911	2023-08-08 17h08 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-36910	2023-08-08 17h08 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-36909	2023-08-08 17h08 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	6.5	Medium
CVE-2023-36908	2023-08-08 17h08 +00:00	Windows Hyper-V Information Disclosure Vulnerability	6.5	Medium
CVE-2023-36907	2023-08-08 17h08 +00:00	Windows Cryptographic Services Information Disclosure Vulnerability	7.5	High
CVE-2023-36906	2023-08-08 17h08 +00:00	Windows Cryptographic Services Information Disclosure Vulnerability	7.5	High
CVE-2023-36903	2023-08-08 17h08 +00:00	Windows System Assessment Tool Elevation of Privilege Vulnerability	9.8	Critical
CVE-2023-36900	2023-08-08 17h08 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2023-36889	2023-08-08 17h08 +00:00	Windows Group Policy Security Feature Bypass Vulnerability	5.5	Medium
CVE-2023-36882	2023-08-08 17h08 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2023-36876	2023-08-08 17h08 +00:00	Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability	7.1	High
CVE-2023-35359	2023-08-08 17h08 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-20588	2023-08-08 17h06 +00:00	A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.	5.5	Medium
CVE-2023-20569	2023-08-08 17h02 +00:00	A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.	4.7	Medium
CVE-2023-36884	2023-07-11 18h14 +00:00	Windows Search Remote Code Execution Vulnerability	7.5	High
CVE-2023-35312	2023-07-11 17h03 +00:00	Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability	7.8	High
CVE-2023-35310	2023-07-11 17h03 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2023-35309	2023-07-11 17h03 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	7.5	High
CVE-2023-35303	2023-07-11 17h03 +00:00	USB Audio Class System Driver Remote Code Execution Vulnerability	8.8	High
CVE-2023-35300	2023-07-11 17h03 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2023-35299	2023-07-11 17h03 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2023-35297	2023-07-11 17h03 +00:00	Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability	8.1	High
CVE-2023-35296	2023-07-11 17h03 +00:00	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	6.5	Medium
CVE-2023-32057	2023-07-11 17h03 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-32055	2023-07-11 17h03 +00:00	Active Template Library Elevation of Privilege Vulnerability	6.7	Medium
CVE-2023-32053	2023-07-11 17h03 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2023-33164	2023-07-11 17h03 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	6.5	Medium
CVE-2023-33163	2023-07-11 17h03 +00:00	Windows Network Load Balancing Remote Code Execution Vulnerability	7.5	High
CVE-2023-33154	2023-07-11 17h03 +00:00	Windows Partition Management Driver Elevation of Privilege Vulnerability	9.8	Critical
CVE-2023-21526	2023-07-11 17h03 +00:00	Windows Netlogon Information Disclosure Vulnerability	7.4	High
CVE-2023-36874	2023-07-11 17h03 +00:00	Windows Error Reporting Service Elevation of Privilege Vulnerability	7.8	High
CVE-2023-35367	2023-07-11 17h03 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-35366	2023-07-11 17h03 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-35365	2023-07-11 17h03 +00:00	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-35351	2023-07-11 17h02 +00:00	Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability	6.6	Medium
CVE-2023-35350	2023-07-11 17h02 +00:00	Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability	7.2	High
CVE-2023-35346	2023-07-11 17h02 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2023-35345	2023-07-11 17h02 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2023-35344	2023-07-11 17h02 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2023-35342	2023-07-11 17h02 +00:00	Windows Image Acquisition Elevation of Privilege Vulnerability	7.8	High
CVE-2023-35341	2023-07-11 17h02 +00:00	Microsoft DirectMusic Information Disclosure Vulnerability	6.2	Medium
CVE-2023-35340	2023-07-11 17h02 +00:00	Windows CNG Key Isolation Service Elevation of Privilege Vulnerability	7.8	High
CVE-2023-35338	2023-07-11 17h02 +00:00	Windows Peer Name Resolution Protocol Denial of Service Vulnerability	7.5	High
CVE-2023-35332	2023-07-11 17h02 +00:00	Windows Remote Desktop Protocol Security Feature Bypass	6.8	Medium
CVE-2023-35330	2023-07-11 17h02 +00:00	Windows Extended Negotiation Denial of Service Vulnerability	7.5	High
CVE-2023-35328	2023-07-11 17h02 +00:00	Windows Transaction Manager Elevation of Privilege Vulnerability	7.8	High
CVE-2023-35322	2023-07-11 17h02 +00:00	Windows Deployment Services Remote Code Execution Vulnerability	8.8	High
CVE-2023-35321	2023-07-11 17h02 +00:00	Windows Deployment Services Denial of Service Vulnerability	6.5	Medium
CVE-2023-35319	2023-07-11 17h02 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	6.5	Medium
CVE-2023-35318	2023-07-11 17h02 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	6.5	Medium
CVE-2023-35316	2023-07-11 17h02 +00:00	Remote Procedure Call Runtime Information Disclosure Vulnerability	6.5	Medium
CVE-2023-35314	2023-07-11 17h02 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	6.5	Medium
CVE-2023-32050	2023-07-11 17h02 +00:00	Windows Installer Elevation of Privilege Vulnerability	7	High
CVE-2023-32046	2023-07-11 17h02 +00:00	Windows MSHTML Platform Elevation of Privilege Vulnerability	7.8	High
CVE-2023-32045	2023-07-11 17h02 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2023-32044	2023-07-11 17h02 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2023-32043	2023-07-11 17h02 +00:00	Windows Remote Desktop Security Feature Bypass Vulnerability	6.8	Medium
CVE-2023-32042	2023-07-11 17h02 +00:00	OLE Automation Information Disclosure Vulnerability	7.5	High
CVE-2023-32038	2023-07-11 17h02 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2023-32035	2023-07-11 17h02 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	7.5	High
CVE-2023-32034	2023-07-11 17h02 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	7.5	High
CVE-2023-32033	2023-07-11 17h02 +00:00	Microsoft Failover Cluster Remote Code Execution Vulnerability	7.2	High
CVE-2023-33174	2023-07-11 17h02 +00:00	Windows Cryptographic Information Disclosure Vulnerability	5.5	Medium
CVE-2023-33173	2023-07-11 17h02 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	7.5	High
CVE-2023-33172	2023-07-11 17h02 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	7.5	High
CVE-2023-33169	2023-07-11 17h02 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	7.5	High
CVE-2023-33168	2023-07-11 17h02 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	7.5	High
CVE-2023-33167	2023-07-11 17h02 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	7.5	High
CVE-2023-33166	2023-07-11 17h02 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	7.5	High
CVE-2023-32030	2023-06-14 14h52 +00:00	.NET and Visual Studio Denial of Service Vulnerability	7.5	High
CVE-2023-29331	2023-06-14 14h52 +00:00	.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability	7.5	High
CVE-2023-24936	2023-06-14 14h52 +00:00	.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability	7.5	High
CVE-2023-24895	2023-06-14 14h52 +00:00	.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability	7.8	High
CVE-2023-29326	2023-06-14 14h52 +00:00	.NET Framework Remote Code Execution Vulnerability	7.8	High
CVE-2023-24897	2023-06-14 14h52 +00:00	.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability	7.8	High
CVE-2023-32020	2023-06-13 23h26 +00:00	Windows DNS Spoofing Vulnerability	5.6	Medium
CVE-2023-32017	2023-06-13 23h26 +00:00	Microsoft PostScript Printer Driver Remote Code Execution Vulnerability	7.8	High
CVE-2023-32016	2023-06-13 23h26 +00:00	Windows Installer Information Disclosure Vulnerability	5.5	Medium
CVE-2023-32015	2023-06-13 23h26 +00:00	Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-32014	2023-06-13 23h26 +00:00	Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-32011	2023-06-13 23h26 +00:00	Windows iSCSI Discovery Service Denial of Service Vulnerability	7.5	High
CVE-2023-29373	2023-06-13 23h26 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2023-29372	2023-06-13 23h26 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2023-29371	2023-06-13 23h26 +00:00	Windows GDI Elevation of Privilege Vulnerability	7.8	High
CVE-2023-29368	2023-06-13 23h26 +00:00	Windows Filtering Platform Elevation of Privilege Vulnerability	7	High
CVE-2023-29365	2023-06-13 23h26 +00:00	Windows Media Remote Code Execution Vulnerability	7.8	High
CVE-2023-29364	2023-06-13 23h26 +00:00	Windows Authentication Elevation of Privilege Vulnerability	7	High
CVE-2023-29363	2023-06-13 23h26 +00:00	Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-29362	2023-06-13 23h26 +00:00	Remote Desktop Client Remote Code Execution Vulnerability	8.8	High
CVE-2023-29359	2023-06-13 23h26 +00:00	GDI Elevation of Privilege Vulnerability	7.8	High
CVE-2023-29358	2023-06-13 23h26 +00:00	Windows GDI Elevation of Privilege Vulnerability	7.8	High
CVE-2023-29351	2023-06-13 23h26 +00:00	Windows Group Policy Elevation of Privilege Vulnerability	8.1	High
CVE-2023-29346	2023-06-13 23h26 +00:00	NTFS Elevation of Privilege Vulnerability	7.8	High
CVE-2022-35759	2023-05-31 18h07 +00:00	Windows Local Security Authority (LSA) Denial of Service Vulnerability	6.5	Medium
CVE-2022-35758	2023-05-31 18h07 +00:00	Windows Kernel Memory Information Disclosure Vulnerability	5.5	Medium
CVE-2022-35756	2023-05-31 18h07 +00:00	Windows Kerberos Elevation of Privilege Vulnerability	7.8	High
CVE-2022-35753	2023-05-31 18h07 +00:00	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	8.1	High
CVE-2022-35752	2023-05-31 18h07 +00:00	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	8.1	High
CVE-2022-35751	2023-05-31 18h07 +00:00	Windows Hyper-V Elevation of Privilege Vulnerability	7.8	High
CVE-2022-35750	2023-05-31 18h07 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2022-35747	2023-05-31 18h07 +00:00	Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability	5.9	Medium
CVE-2022-35745	2023-05-31 18h07 +00:00	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	8.1	High
CVE-2022-35744	2023-05-31 18h07 +00:00	Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability	9.8	Critical
CVE-2022-35743	2023-05-31 18h07 +00:00	Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability	7.8	High
CVE-2023-29325	2023-05-09 17h03 +00:00	Windows OLE Remote Code Execution Vulnerability	8.1	High
CVE-2023-24904	2023-05-09 17h03 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.1	High
CVE-2023-28251	2023-05-09 17h03 +00:00	Windows Driver Revocation List Security Feature Bypass Vulnerability	5.5	Medium
CVE-2023-24932	2023-05-09 17h03 +00:00	Secure Boot Security Feature Bypass Vulnerability	6.7	Medium
CVE-2023-29336	2023-05-09 17h03 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2023-29335	2023-05-09 17h03 +00:00	Microsoft Word Security Feature Bypass Vulnerability	7.5	High
CVE-2023-29324	2023-05-09 17h03 +00:00	Windows MSHTML Platform Security Feature Bypass Vulnerability	6.5	Medium
CVE-2023-24954	2023-05-09 17h03 +00:00	Microsoft SharePoint Server Information Disclosure Vulnerability	6.5	Medium
CVE-2023-24946	2023-05-09 17h02 +00:00	Windows Backup Service Elevation of Privilege Vulnerability	7.8	High
CVE-2023-24945	2023-05-09 17h02 +00:00	Windows iSCSI Target Service Information Disclosure Vulnerability	5.5	Medium
CVE-2023-24943	2023-05-09 17h02 +00:00	Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-24903	2023-05-09 17h02 +00:00	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	8.1	High
CVE-2023-24942	2023-05-09 17h02 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	7.5	High
CVE-2023-24940	2023-05-09 17h02 +00:00	Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability	7.5	High
CVE-2023-24900	2023-05-09 17h02 +00:00	Windows NTLM Security Support Provider Information Disclosure Vulnerability	5.9	Medium
CVE-2023-28283	2023-05-09 17h02 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.1	High
CVE-2023-28308	2023-04-11 19h14 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2023-28307	2023-04-11 19h14 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2023-28306	2023-04-11 19h14 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2023-28302	2023-04-11 19h14 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2023-28293	2023-04-11 19h13 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-28256	2023-04-11 19h13 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2023-28278	2023-04-11 19h13 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2023-28255	2023-04-11 19h13 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2023-28254	2023-04-11 19h13 +00:00	Windows DNS Server Remote Code Execution Vulnerability	7.2	High
CVE-2023-28276	2023-04-11 19h13 +00:00	Windows Group Policy Security Feature Bypass Vulnerability	4.4	Medium
CVE-2023-28253	2023-04-11 19h13 +00:00	Windows Kernel Information Disclosure Vulnerability	5.5	Medium
CVE-2023-28275	2023-04-11 19h13 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2023-28252	2023-04-11 19h13 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2023-28250	2023-04-11 19h13 +00:00	Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-28272	2023-04-11 19h13 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-28271	2023-04-11 19h13 +00:00	Windows Kernel Memory Information Disclosure Vulnerability	5.5	Medium
CVE-2023-28268	2023-04-11 19h13 +00:00	Netlogon RPC Elevation of Privilege Vulnerability	8.1	High
CVE-2023-28244	2023-04-11 19h13 +00:00	Windows Kerberos Elevation of Privilege Vulnerability	8.1	High
CVE-2023-28266	2023-04-11 19h13 +00:00	Windows Common Log File System Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2023-28241	2023-04-11 19h13 +00:00	Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability	7.5	High
CVE-2023-28240	2023-04-11 19h13 +00:00	Windows Network Load Balancing Remote Code Execution Vulnerability	8.8	High
CVE-2023-28238	2023-04-11 19h13 +00:00	Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability	7.5	High
CVE-2023-28232	2023-04-11 19h13 +00:00	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability	7.5	High
CVE-2023-28231	2023-04-11 19h13 +00:00	DHCP Server Service Remote Code Execution Vulnerability	8.8	High
CVE-2023-28229	2023-04-11 19h13 +00:00	Windows CNG Key Isolation Service Elevation of Privilege Vulnerability	7	High
CVE-2023-28228	2023-04-11 19h13 +00:00	Windows Spoofing Vulnerability	5.5	Medium
CVE-2023-28227	2023-04-11 19h13 +00:00	Windows Bluetooth Driver Remote Code Execution Vulnerability	7.5	High
CVE-2023-28223	2023-04-11 19h13 +00:00	Windows Domain Name Service Remote Code Execution Vulnerability	6.6	Medium
CVE-2023-28220	2023-04-11 19h13 +00:00	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2023-28219	2023-04-11 19h13 +00:00	Layer 2 Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2023-24887	2023-04-11 19h13 +00:00	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	8.8	High
CVE-2023-24912	2023-04-11 19h13 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21554	2023-04-11 19h13 +00:00	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-28305	2023-04-11 19h13 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2023-28298	2023-04-11 19h13 +00:00	Windows Kernel Denial of Service Vulnerability	5.5	Medium
CVE-2023-28222	2023-04-11 19h13 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.1	High
CVE-2023-28218	2023-04-11 19h13 +00:00	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	7	High
CVE-2023-28217	2023-04-11 19h13 +00:00	Windows Network Address Translation (NAT) Denial of Service Vulnerability	7.5	High
CVE-2023-28216	2023-04-11 19h13 +00:00	Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability	7	High
CVE-2023-24931	2023-04-11 19h13 +00:00	Windows Secure Channel Denial of Service Vulnerability	7.5	High
CVE-2023-21769	2023-04-11 19h13 +00:00	Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability	7.5	High
CVE-2023-21729	2023-04-11 19h13 +00:00	Remote Procedure Call Runtime Information Disclosure Vulnerability	5.3	Medium
CVE-2023-21727	2023-04-11 19h13 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2023-24910	2023-03-14 16h55 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2023-24869	2023-03-14 16h55 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.1	High
CVE-2023-24908	2023-03-14 16h55 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.1	High
CVE-2023-24862	2023-03-14 16h55 +00:00	Windows Secure Channel Denial of Service Vulnerability	5.5	Medium
CVE-2023-24861	2023-03-14 16h55 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7	High
CVE-2023-23423	2023-03-14 16h55 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-23422	2023-03-14 16h55 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-23421	2023-03-14 16h55 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-23420	2023-03-14 16h55 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-23415	2023-03-14 16h55 +00:00	Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-23414	2023-03-14 16h55 +00:00	Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability	7.1	High
CVE-2023-23410	2023-03-14 16h55 +00:00	Windows HTTP.sys Elevation of Privilege Vulnerability	7.8	High
CVE-2023-23409	2023-03-14 16h55 +00:00	Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability	5.5	Medium
CVE-2023-23407	2023-03-14 16h55 +00:00	Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability	7.1	High
CVE-2023-23405	2023-03-14 16h55 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.1	High
CVE-2023-23402	2023-03-14 16h55 +00:00	Windows Media Remote Code Execution Vulnerability	7.8	High
CVE-2023-23401	2023-03-14 16h55 +00:00	Windows Media Remote Code Execution Vulnerability	7.8	High
CVE-2023-21708	2023-03-14 16h55 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-23394	2023-03-14 16h55 +00:00	Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability	5.5	Medium
CVE-2023-23385	2023-03-14 16h55 +00:00	Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability	7	High
CVE-2023-21823	2023-02-14 20h09 +00:00	Windows Graphics Component Remote Code Execution Vulnerability	7.8	High
CVE-2023-21808	2023-02-14 20h09 +00:00	.NET and Visual Studio Remote Code Execution Vulnerability	7.8	High
CVE-2023-23376	2023-02-14 19h33 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21722	2023-02-14 19h33 +00:00	.NET Framework Denial of Service Vulnerability	5	Medium
CVE-2023-21702	2023-02-14 19h33 +00:00	Windows iSCSI Service Denial of Service Vulnerability	7.5	High
CVE-2023-21701	2023-02-14 19h33 +00:00	Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability	7.5	High
CVE-2023-21700	2023-02-14 19h33 +00:00	Windows iSCSI Discovery Service Denial of Service Vulnerability	7.5	High
CVE-2023-21699	2023-02-14 19h33 +00:00	Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability	5.3	Medium
CVE-2023-21697	2023-02-14 19h33 +00:00	Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability	6.2	Medium
CVE-2023-21695	2023-02-14 19h33 +00:00	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability	8.8	High
CVE-2023-21694	2023-02-14 19h33 +00:00	Windows Fax Service Remote Code Execution Vulnerability	6.8	Medium
CVE-2023-21693	2023-02-14 19h33 +00:00	Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability	5.7	Medium
CVE-2023-21692	2023-02-14 19h33 +00:00	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-21691	2023-02-14 19h33 +00:00	Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability	7.5	High
CVE-2023-21690	2023-02-14 19h33 +00:00	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-21689	2023-02-14 19h33 +00:00	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability	9.8	Critical
CVE-2023-21688	2023-02-14 19h33 +00:00	NT OS Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21686	2023-02-14 19h33 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2023-21685	2023-02-14 19h33 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2023-21822	2023-02-14 19h33 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21820	2023-02-14 19h33 +00:00	Windows Distributed File System (DFS) Remote Code Execution Vulnerability	7.4	High
CVE-2023-21818	2023-02-14 19h33 +00:00	Windows Secure Channel Denial of Service Vulnerability	7.5	High
CVE-2023-21817	2023-02-14 19h33 +00:00	Windows Kerberos Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21816	2023-02-14 19h33 +00:00	Windows Active Directory Domain Services API Denial of Service Vulnerability	7.5	High
CVE-2023-21813	2023-02-14 19h33 +00:00	Windows Secure Channel Denial of Service Vulnerability	7.5	High
CVE-2023-21812	2023-02-14 19h33 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21811	2023-02-14 19h33 +00:00	Windows iSCSI Service Denial of Service Vulnerability	7.5	High
CVE-2023-21805	2023-02-14 19h33 +00:00	Windows MSHTML Platform Remote Code Execution Vulnerability	7.8	High
CVE-2023-21802	2023-02-14 19h33 +00:00	Windows Media Remote Code Execution Vulnerability	7.8	High
CVE-2023-21801	2023-02-14 19h33 +00:00	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	7.8	High
CVE-2023-21800	2023-02-14 19h33 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21799	2023-02-14 19h33 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2023-21798	2023-02-14 19h33 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2023-21797	2023-02-14 19h33 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2023-21684	2023-02-14 19h32 +00:00	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability	8.8	High
CVE-2023-21525	2023-01-09 23h00 +00:00	Remote Procedure Call Runtime Denial of Service Vulnerability	5.3	Medium
CVE-2023-21527	2023-01-09 23h00 +00:00	Windows iSCSI Service Denial of Service Vulnerability	7.5	High
CVE-2023-21532	2023-01-09 23h00 +00:00	Windows GDI Elevation of Privilege Vulnerability	7	High
CVE-2023-21535	2023-01-09 23h00 +00:00	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	8.1	High
CVE-2023-21537	2023-01-09 23h00 +00:00	Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21541	2023-01-09 23h00 +00:00	Windows Task Scheduler Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21542	2023-01-09 23h00 +00:00	Windows Installer Elevation of Privilege Vulnerability	7	High
CVE-2023-21543	2023-01-09 23h00 +00:00	Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability	8.1	High
CVE-2023-21546	2023-01-09 23h00 +00:00	Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability	8.1	High
CVE-2023-21548	2023-01-09 23h00 +00:00	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	8.1	High
CVE-2023-21552	2023-01-09 23h00 +00:00	Windows GDI Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21555	2023-01-09 23h00 +00:00	Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability	8.1	High
CVE-2023-21556	2023-01-09 23h00 +00:00	Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability	8.1	High
CVE-2023-21557	2023-01-09 23h00 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability	9.1	Critical
CVE-2023-21560	2023-01-09 23h00 +00:00	Windows Boot Manager Security Feature Bypass Vulnerability	6.6	Medium
CVE-2023-21561	2023-01-09 23h00 +00:00	Microsoft Cryptographic Services Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21563	2023-01-09 23h00 +00:00	BitLocker Security Feature Bypass Vulnerability	6.8	Medium
CVE-2023-21675	2023-01-09 23h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21678	2023-01-09 23h00 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21679	2023-01-09 23h00 +00:00	Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability	8.1	High
CVE-2023-21680	2023-01-09 23h00 +00:00	Windows Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21681	2023-01-09 23h00 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2023-21682	2023-01-09 23h00 +00:00	Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability	5.3	Medium
CVE-2023-21726	2023-01-09 23h00 +00:00	Windows Credential Manager User Interface Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21728	2023-01-09 23h00 +00:00	Windows Netlogon Denial of Service Vulnerability	7.5	High
CVE-2023-21730	2023-01-09 23h00 +00:00	Microsoft Cryptographic Services Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21732	2023-01-09 23h00 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2023-21746	2023-01-09 23h00 +00:00	Windows NTLM Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21747	2023-01-09 23h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21748	2023-01-09 23h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21749	2023-01-09 23h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21750	2023-01-09 23h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.1	High
CVE-2023-21754	2023-01-09 23h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21755	2023-01-09 23h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21757	2023-01-09 23h00 +00:00	Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability	7.5	High
CVE-2023-21760	2023-01-09 23h00 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.1	High
CVE-2023-21765	2023-01-09 23h00 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21772	2023-01-09 23h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21773	2023-01-09 23h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21774	2023-01-09 23h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2023-21776	2023-01-09 23h00 +00:00	Windows Kernel Information Disclosure Vulnerability	5.5	Medium
CVE-2022-41074	2022-12-12 23h00 +00:00	Windows Graphics Component Information Disclosure Vulnerability	5.5	Medium
CVE-2022-41076	2022-12-12 23h00 +00:00	PowerShell Remote Code Execution Vulnerability	8.5	High
CVE-2022-41077	2022-12-12 23h00 +00:00	Windows Fax Compose Form Elevation of Privilege Vulnerability	7.8	High
CVE-2022-41089	2022-12-12 23h00 +00:00	.NET Framework Remote Code Execution Vulnerability	7.8	High
CVE-2022-41121	2022-12-12 23h00 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2022-44666	2022-12-12 23h00 +00:00	Windows Contacts Remote Code Execution Vulnerability	7.8	High
CVE-2022-44667	2022-12-12 23h00 +00:00	Windows Media Remote Code Execution Vulnerability	7.8	High
CVE-2022-44668	2022-12-12 23h00 +00:00	Windows Media Remote Code Execution Vulnerability	7.8	High
CVE-2022-44670	2022-12-12 23h00 +00:00	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	8.1	High
CVE-2022-44675	2022-12-12 23h00 +00:00	Windows Bluetooth Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-44676	2022-12-12 23h00 +00:00	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	8.1	High
CVE-2022-44678	2022-12-12 23h00 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-44681	2022-12-12 23h00 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-44697	2022-12-12 23h00 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2022-41073	2022-11-09 00h00 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-41128	2022-11-09 00h00 +00:00	Windows Scripting Languages Remote Code Execution Vulnerability	8.8	High
CVE-2022-37966	2022-11-08 23h00 +00:00	Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability	8.1	High
CVE-2022-37967	2022-11-08 23h00 +00:00	Windows Kerberos Elevation of Privilege Vulnerability	7.2	High
CVE-2022-37992	2022-11-08 23h00 +00:00	Windows Group Policy Elevation of Privilege Vulnerability	7.8	High
CVE-2022-38023	2022-11-08 23h00 +00:00	Netlogon RPC Elevation of Privilege Vulnerability	8.1	High
CVE-2022-41039	2022-11-08 23h00 +00:00	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2022-41044	2022-11-08 23h00 +00:00	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2022-41045	2022-11-08 23h00 +00:00	Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability	7.8	High
CVE-2022-41047	2022-11-08 23h00 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2022-41048	2022-11-08 23h00 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2022-41053	2022-11-08 23h00 +00:00	Windows Kerberos Denial of Service Vulnerability	7.5	High
CVE-2022-41056	2022-11-08 23h00 +00:00	Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability	7.5	High
CVE-2022-41057	2022-11-08 23h00 +00:00	Windows HTTP.sys Elevation of Privilege Vulnerability	7.8	High
CVE-2022-41058	2022-11-08 23h00 +00:00	Windows Network Address Translation (NAT) Denial of Service Vulnerability	7.5	High
CVE-2022-41064	2022-11-08 23h00 +00:00	.NET Framework Information Disclosure Vulnerability	5.8	Medium
CVE-2022-41086	2022-11-08 23h00 +00:00	Windows Group Policy Elevation of Privilege Vulnerability	6.4	Medium
CVE-2022-41090	2022-11-08 23h00 +00:00	Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability	5.9	Medium
CVE-2022-41095	2022-11-08 23h00 +00:00	Windows Digital Media Receiver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-41097	2022-11-08 23h00 +00:00	Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability	6.5	Medium
CVE-2022-41098	2022-11-08 23h00 +00:00	Windows GDI+ Information Disclosure Vulnerability	5.5	Medium
CVE-2022-41109	2022-11-08 23h00 +00:00	Windows Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2022-41116	2022-11-08 23h00 +00:00	Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability	5.9	Medium
CVE-2022-41118	2022-11-08 23h00 +00:00	Windows Scripting Languages Remote Code Execution Vulnerability	7.5	High
CVE-2022-41033	2022-10-11 00h00 +00:00	Windows COM+ Event System Service Elevation of Privilege Vulnerability	7.8	High
CVE-2022-22035	2022-10-10 22h00 +00:00	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2022-24504	2022-10-10 22h00 +00:00	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2022-30198	2022-10-10 22h00 +00:00	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2022-33634	2022-10-10 22h00 +00:00	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2022-33635	2022-10-10 22h00 +00:00	Windows GDI+ Remote Code Execution Vulnerability	7.8	High
CVE-2022-33645	2022-10-10 22h00 +00:00	Windows TCP/IP Driver Denial of Service Vulnerability	7.5	High
CVE-2022-34689	2022-10-10 22h00 +00:00	Windows CryptoAPI Spoofing Vulnerability	7.5	High
CVE-2022-35770	2022-10-10 22h00 +00:00	Windows NTLM Spoofing Vulnerability	6.5	Medium
CVE-2022-37975	2022-10-10 22h00 +00:00	Windows Group Policy Elevation of Privilege Vulnerability	8.8	High
CVE-2022-37976	2022-10-10 22h00 +00:00	Active Directory Certificate Services Elevation of Privilege Vulnerability	8.8	High
CVE-2022-37977	2022-10-10 22h00 +00:00	Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability	6.5	Medium
CVE-2022-37978	2022-10-10 22h00 +00:00	Windows Active Directory Certificate Services Security Feature Bypass	7.5	High
CVE-2022-37981	2022-10-10 22h00 +00:00	Windows Event Logging Service Denial of Service Vulnerability	4.3	Medium
CVE-2022-37982	2022-10-10 22h00 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2022-37985	2022-10-10 22h00 +00:00	Windows Graphics Component Information Disclosure Vulnerability	5.5	Medium
CVE-2022-37986	2022-10-10 22h00 +00:00	Windows Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2022-37987	2022-10-10 22h00 +00:00	Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability	7.8	High
CVE-2022-37988	2022-10-10 22h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2022-37989	2022-10-10 22h00 +00:00	Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability	7.8	High
CVE-2022-37990	2022-10-10 22h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2022-37991	2022-10-10 22h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2022-37993	2022-10-10 22h00 +00:00	Windows Group Policy Preference Client Elevation of Privilege Vulnerability	7.8	High
CVE-2022-37994	2022-10-10 22h00 +00:00	Windows Group Policy Preference Client Elevation of Privilege Vulnerability	7.8	High
CVE-2022-37997	2022-10-10 22h00 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2022-37999	2022-10-10 22h00 +00:00	Windows Group Policy Preference Client Elevation of Privilege Vulnerability	7.8	High
CVE-2022-38000	2022-10-10 22h00 +00:00	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2022-38022	2022-10-10 22h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	3.3	Low
CVE-2022-38026	2022-10-10 22h00 +00:00	Windows DHCP Client Information Disclosure Vulnerability	5.5	Medium
CVE-2022-38027	2022-10-10 22h00 +00:00	Windows Storage Elevation of Privilege Vulnerability	7	High
CVE-2022-38029	2022-10-10 22h00 +00:00	Windows ALPC Elevation of Privilege Vulnerability	7	High
CVE-2022-38031	2022-10-10 22h00 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2022-38032	2022-10-10 22h00 +00:00	Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability	6.6	Medium
CVE-2022-38033	2022-10-10 22h00 +00:00	Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability	6.5	Medium
CVE-2022-38034	2022-10-10 22h00 +00:00	Windows Workstation Service Elevation of Privilege Vulnerability	8.8	High
CVE-2022-38037	2022-10-10 22h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2022-38038	2022-10-10 22h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2022-38040	2022-10-10 22h00 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2022-38041	2022-10-10 22h00 +00:00	Windows Secure Channel Denial of Service Vulnerability	7.5	High
CVE-2022-38042	2022-10-10 22h00 +00:00	Active Directory Domain Services Elevation of Privilege Vulnerability	7.1	High
CVE-2022-38043	2022-10-10 22h00 +00:00	Windows Security Support Provider Interface Information Disclosure Vulnerability	5.5	Medium
CVE-2022-38044	2022-10-10 22h00 +00:00	Windows CD-ROM File System Driver Remote Code Execution Vulnerability	7.8	High
CVE-2022-38047	2022-10-10 22h00 +00:00	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2022-38051	2022-10-10 22h00 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2022-41081	2022-10-10 22h00 +00:00	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2022-37969	2022-09-13 18h42 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-38006	2022-09-13 16h42 +00:00	Windows Graphics Component Information Disclosure Vulnerability	6.5	Medium
CVE-2022-38005	2022-09-13 16h42 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-38004	2022-09-13 16h42 +00:00	Windows Fax Service Remote Code Execution Vulnerability	7.8	High
CVE-2022-37964	2022-09-13 16h42 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2022-37958	2022-09-13 16h42 +00:00	SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability	8.1	High
CVE-2022-37955	2022-09-13 16h42 +00:00	Windows Group Policy Elevation of Privilege Vulnerability	7.8	High
CVE-2022-35840	2022-09-13 16h42 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2022-35836	2022-09-13 16h41 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2022-35835	2022-09-13 16h41 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2022-35834	2022-09-13 16h41 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2022-35833	2022-09-13 16h41 +00:00	Windows Secure Channel Denial of Service Vulnerability	7.5	High
CVE-2022-35832	2022-09-13 16h41 +00:00	Windows Event Tracing Denial of Service Vulnerability	5.5	Medium
CVE-2022-35830	2022-09-13 16h41 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.1	High
CVE-2022-35803	2022-09-13 16h41 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-34734	2022-09-13 16h41 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2022-34733	2022-09-13 16h41 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2022-34732	2022-09-13 16h41 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2022-34731	2022-09-13 16h41 +00:00	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8	High
CVE-2022-34730	2022-09-13 16h41 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2022-34729	2022-09-13 16h41 +00:00	Windows GDI Elevation of Privilege Vulnerability	7.8	High
CVE-2022-34728	2022-09-13 16h41 +00:00	Windows Graphics Component Information Disclosure Vulnerability	5.5	Medium
CVE-2022-34726	2022-09-13 16h41 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2022-34727	2022-09-13 16h41 +00:00	Microsoft ODBC Driver Remote Code Execution Vulnerability	8.8	High
CVE-2022-34725	2022-09-13 16h41 +00:00	Windows ALPC Elevation of Privilege Vulnerability	7	High
CVE-2022-34724	2022-09-13 16h41 +00:00	Windows DNS Server Denial of Service Vulnerability	7.5	High
CVE-2022-34722	2022-09-13 16h41 +00:00	Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability	9.8	Critical
CVE-2022-34721	2022-09-13 16h41 +00:00	Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability	9.8	Critical
CVE-2022-34720	2022-09-13 16h41 +00:00	Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability	7.5	High
CVE-2022-34719	2022-09-13 16h41 +00:00	Windows Distributed File System (DFS) Elevation of Privilege Vulnerability	7.8	High
CVE-2022-34718	2022-09-13 16h41 +00:00	Windows TCP/IP Remote Code Execution Vulnerability	9.8	Critical
CVE-2022-33679	2022-09-13 16h41 +00:00	Windows Kerberos Elevation of Privilege Vulnerability	8.1	High
CVE-2022-33647	2022-09-13 16h41 +00:00	Windows Kerberos Elevation of Privilege Vulnerability	8.1	High
CVE-2022-30200	2022-09-13 16h41 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	7.8	High
CVE-2022-30170	2022-09-13 16h41 +00:00	Windows Credential Roaming Service Elevation of Privilege Vulnerability	7.3	High
CVE-2022-26929	2022-09-13 16h41 +00:00	.NET Framework Remote Code Execution Vulnerability	7.8	High
CVE-2022-35837	2022-09-12 22h00 +00:00	Windows Graphics Component Information Disclosure Vulnerability	6.5	Medium
CVE-2022-37956	2022-09-12 22h00 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2022-35795	2022-08-09 20h06 +00:00	Windows Error Reporting Service Elevation of Privilege Vulnerability	7.8	High
CVE-2022-34713	2022-08-09 19h55 +00:00	Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability	7.8	High
CVE-2022-35820	2022-08-09 18h11 +00:00	Windows Bluetooth Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-35793	2022-08-09 18h06 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.3	High
CVE-2022-35769	2022-08-09 17h58 +00:00	Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability	7.5	High
CVE-2022-35768	2022-08-09 17h57 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2022-35767	2022-08-09 17h57 +00:00	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	8.1	High
CVE-2022-35760	2022-08-09 17h56 +00:00	Microsoft ATA Port Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-34714	2022-08-09 17h55 +00:00	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	8.1	High
CVE-2022-34708	2022-08-09 17h54 +00:00	Windows Kernel Information Disclosure Vulnerability	5.5	Medium
CVE-2022-34707	2022-08-09 17h54 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2022-34706	2022-08-09 17h53 +00:00	Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability	7.8	High
CVE-2022-34702	2022-08-09 17h52 +00:00	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	8.1	High
CVE-2022-34701	2022-08-09 17h52 +00:00	Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability	7.5	High
CVE-2022-34691	2022-08-09 17h51 +00:00	Active Directory Domain Services Elevation of Privilege Vulnerability	8.8	High
CVE-2022-34690	2022-08-09 17h51 +00:00	Windows Fax Service Elevation of Privilege Vulnerability	7.1	High
CVE-2022-30194	2022-08-09 17h49 +00:00	Windows WebBrowser Control Remote Code Execution Vulnerability	7.5	High
CVE-2022-30133	2022-08-09 17h48 +00:00	Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability	9.8	Critical
CVE-2022-30226	2022-07-12 20h37 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.1	High
CVE-2022-30225	2022-07-12 20h37 +00:00	Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability	7.1	High
CVE-2022-30224	2022-07-12 20h37 +00:00	Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability	7	High
CVE-2022-30223	2022-07-12 20h37 +00:00	Windows Hyper-V Information Disclosure Vulnerability	5.7	Medium
CVE-2022-30221	2022-07-12 20h37 +00:00	Windows Graphics Component Remote Code Execution Vulnerability	8.8	High
CVE-2022-30220	2022-07-12 20h37 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-30213	2022-07-12 20h37 +00:00	Windows GDI+ Information Disclosure Vulnerability	5.5	Medium
CVE-2022-30211	2022-07-12 20h37 +00:00	Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability	7.5	High
CVE-2022-30209	2022-07-12 20h37 +00:00	Windows IIS Server Elevation of Privilege Vulnerability	7.4	High
CVE-2022-30208	2022-07-12 20h37 +00:00	Windows Security Account Manager (SAM) Denial of Service Vulnerability	6.5	Medium
CVE-2022-30206	2022-07-12 20h37 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-30205	2022-07-12 20h37 +00:00	Windows Group Policy Elevation of Privilege Vulnerability	6.6	Medium
CVE-2022-30203	2022-07-12 20h37 +00:00	Windows Boot Manager Security Feature Bypass Vulnerability	7.4	High
CVE-2022-30202	2022-07-12 20h37 +00:00	Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability	7	High
CVE-2022-22050	2022-07-12 20h37 +00:00	Windows Fax Service Elevation of Privilege Vulnerability	7.8	High
CVE-2022-22049	2022-07-12 20h37 +00:00	Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability	7.8	High
CVE-2022-22048	2022-07-12 20h37 +00:00	BitLocker Security Feature Bypass Vulnerability	6.1	Medium
CVE-2022-22047	2022-07-12 20h37 +00:00	Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability	7.8	High
CVE-2022-22043	2022-07-12 20h37 +00:00	Windows Fast FAT File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-22042	2022-07-12 20h37 +00:00	Windows Hyper-V Information Disclosure Vulnerability	6.5	Medium
CVE-2022-22040	2022-07-12 20h37 +00:00	Internet Information Services Dynamic Compression Module Denial of Service Vulnerability	7.3	High
CVE-2022-22039	2022-07-12 20h37 +00:00	Windows Network File System Remote Code Execution Vulnerability	7.5	High
CVE-2022-22037	2022-07-12 20h37 +00:00	Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability	7.5	High
CVE-2022-22036	2022-07-12 20h37 +00:00	Performance Counters for Windows Elevation of Privilege Vulnerability	7	High
CVE-2022-22034	2022-07-12 20h37 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2022-22029	2022-07-12 20h36 +00:00	Windows Network File System Remote Code Execution Vulnerability	8.1	High
CVE-2022-22028	2022-07-12 20h36 +00:00	Windows Network File System Information Disclosure Vulnerability	5.9	Medium
CVE-2022-22027	2022-07-12 20h36 +00:00	Windows Fax Service Remote Code Execution Vulnerability	7.8	High
CVE-2022-22026	2022-07-12 20h36 +00:00	Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability	8.8	High
CVE-2022-22025	2022-07-12 20h36 +00:00	Windows Internet Information Services Cachuri Module Denial of Service Vulnerability	7.5	High
CVE-2022-22024	2022-07-12 20h36 +00:00	Windows Fax Service Remote Code Execution Vulnerability	7.8	High
CVE-2022-22023	2022-07-12 20h36 +00:00	Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability	6.6	Medium
CVE-2022-22022	2022-07-12 20h36 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.1	High
CVE-2022-21845	2022-07-12 20h36 +00:00	Windows Kernel Information Disclosure Vulnerability	4.7	Medium
CVE-2022-30166	2022-06-15 19h52 +00:00	Local Security Authority Subsystem Service Elevation of Privilege Vulnerability	7.8	High
CVE-2022-30164	2022-06-15 19h51 +00:00	Kerberos AppContainer Security Feature Bypass Vulnerability	7.8	High
CVE-2022-30163	2022-06-15 19h51 +00:00	Windows Hyper-V Remote Code Execution Vulnerability	8.5	High
CVE-2022-30161	2022-06-15 19h51 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.8	High
CVE-2022-30160	2022-06-15 19h51 +00:00	Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability	7.8	High
CVE-2022-30155	2022-06-15 19h51 +00:00	Windows Kernel Denial of Service Vulnerability	5.5	Medium
CVE-2022-30153	2022-06-15 19h51 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.8	High
CVE-2022-30152	2022-06-15 19h51 +00:00	Windows Network Address Translation (NAT) Denial of Service Vulnerability	7.5	High
CVE-2022-30151	2022-06-15 19h51 +00:00	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	7	High
CVE-2022-30149	2022-06-15 19h51 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	7.5	High
CVE-2022-30147	2022-06-15 19h51 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2022-30146	2022-06-15 19h51 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	7.5	High
CVE-2022-30143	2022-06-15 19h51 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	7.5	High
CVE-2022-30142	2022-06-15 19h51 +00:00	Windows File History Remote Code Execution Vulnerability	7.5	High
CVE-2022-30141	2022-06-15 19h51 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.1	High
CVE-2022-30140	2022-06-15 19h51 +00:00	Windows iSCSI Discovery Service Remote Code Execution Vulnerability	7.5	High
CVE-2022-30135	2022-06-15 19h51 +00:00	Windows Media Center Elevation of Privilege Vulnerability	7.8	High
CVE-2022-30190	2022-06-01 20h10 +00:00	A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.	7.8	High
CVE-2022-30138	2022-05-18 21h10 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26925	2022-05-10 20h33 +00:00	Windows LSA Spoofing Vulnerability	8.1	High
CVE-2022-30130	2022-05-10 18h35 +00:00	.NET Framework Denial of Service Vulnerability	5.5	Medium
CVE-2022-29141	2022-05-10 18h34 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.8	High
CVE-2022-29139	2022-05-10 18h34 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.8	High
CVE-2022-29137	2022-05-10 18h34 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.8	High
CVE-2022-29132	2022-05-10 18h34 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-29131	2022-05-10 18h34 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.8	High
CVE-2022-29130	2022-05-10 18h34 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	9.8	Critical
CVE-2022-29129	2022-05-10 18h34 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.8	High
CVE-2022-29128	2022-05-10 18h34 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.8	High
CVE-2022-29127	2022-05-10 18h34 +00:00	BitLocker Security Feature Bypass Vulnerability	4.2	Medium
CVE-2022-29121	2022-05-10 18h34 +00:00	Windows WLAN AutoConfig Service Denial of Service Vulnerability	6.5	Medium
CVE-2022-29115	2022-05-10 18h34 +00:00	Windows Fax Service Remote Code Execution Vulnerability	7.8	High
CVE-2022-29112	2022-05-10 18h34 +00:00	Windows Graphics Component Information Disclosure Vulnerability	6.5	Medium
CVE-2022-29105	2022-05-10 18h34 +00:00	Microsoft Windows Media Foundation Remote Code Execution Vulnerability	7.8	High
CVE-2022-29104	2022-05-10 18h34 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-29103	2022-05-10 18h34 +00:00	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26937	2022-05-10 18h33 +00:00	Windows Network File System Remote Code Execution Vulnerability	9.8	Critical
CVE-2022-26936	2022-05-10 18h33 +00:00	Windows Server Service Information Disclosure Vulnerability	6.5	Medium
CVE-2022-26935	2022-05-10 18h33 +00:00	Windows WLAN AutoConfig Service Information Disclosure Vulnerability	6.5	Medium
CVE-2022-26934	2022-05-10 18h33 +00:00	Windows Graphics Component Information Disclosure Vulnerability	6.5	Medium
CVE-2022-26931	2022-05-10 18h33 +00:00	Windows Kerberos Elevation of Privilege Vulnerability	7.5	High
CVE-2022-26926	2022-05-10 18h33 +00:00	Windows Address Book Remote Code Execution Vulnerability	7.8	High
CVE-2022-23270	2022-05-10 18h33 +00:00	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2022-22019	2022-05-10 18h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2022-22015	2022-05-10 18h33 +00:00	Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability	6.5	Medium
CVE-2022-22014	2022-05-10 18h33 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.8	High
CVE-2022-22013	2022-05-10 18h33 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.8	High
CVE-2022-22012	2022-05-10 18h33 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	9.8	Critical
CVE-2022-22011	2022-05-10 18h33 +00:00	Windows Graphics Component Information Disclosure Vulnerability	5.5	Medium
CVE-2022-21972	2022-05-10 18h33 +00:00	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability	8.1	High
CVE-2022-26904	2022-04-15 19h05 +00:00	Windows User Profile Service Elevation of Privilege Vulnerability	7	High
CVE-2022-24521	2022-04-15 19h03 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26919	2022-04-15 17h05 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.1	High
CVE-2022-26918	2022-04-15 17h05 +00:00	Windows Fax Compose Form Remote Code Execution Vulnerability	7.8	High
CVE-2022-26917	2022-04-15 17h05 +00:00	Windows Fax Compose Form Remote Code Execution Vulnerability	7.8	High
CVE-2022-26916	2022-04-15 17h05 +00:00	Windows Fax Compose Form Remote Code Execution Vulnerability	7.8	High
CVE-2022-26915	2022-04-15 17h05 +00:00	Windows Secure Channel Denial of Service Vulnerability	7.5	High
CVE-2022-26903	2022-04-15 17h05 +00:00	Windows Graphics Component Remote Code Execution Vulnerability	7.8	High
CVE-2022-26832	2022-04-15 17h05 +00:00	.NET Framework Denial of Service Vulnerability	7.5	High
CVE-2022-26831	2022-04-15 17h05 +00:00	Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability	7.5	High
CVE-2022-26827	2022-04-15 17h05 +00:00	Windows File Server Resource Management Service Elevation of Privilege Vulnerability	7	High
CVE-2022-26821	2022-04-15 17h05 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2022-26820	2022-04-15 17h05 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2022-26819	2022-04-15 17h05 +00:00	Windows DNS Server Remote Code Execution Vulnerability	6.6	Medium
CVE-2022-26815	2022-04-15 17h04 +00:00	Windows DNS Server Remote Code Execution Vulnerability	7.2	High
CVE-2022-26813	2022-04-15 17h04 +00:00	Windows DNS Server Remote Code Execution Vulnerability	7.2	High
CVE-2022-26812	2022-04-15 17h04 +00:00	Windows DNS Server Remote Code Execution Vulnerability	7.2	High
CVE-2022-26810	2022-04-15 17h04 +00:00	Windows File Server Resource Management Service Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26809	2022-04-15 17h04 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	9.8	Critical
CVE-2022-26807	2022-04-15 17h04 +00:00	Windows Work Folder Service Elevation of Privilege Vulnerability	7	High
CVE-2022-26803	2022-04-15 17h04 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26802	2022-04-15 17h04 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26801	2022-04-15 17h04 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26798	2022-04-15 17h04 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26797	2022-04-15 17h04 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26796	2022-04-15 17h04 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26794	2022-04-15 17h04 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26792	2022-04-15 17h04 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26790	2022-04-15 17h04 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26788	2022-04-15 17h04 +00:00	PowerShell Elevation of Privilege Vulnerability	7.8	High
CVE-2022-26787	2022-04-15 17h04 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-24544	2022-04-15 17h04 +00:00	Windows Kerberos Elevation of Privilege Vulnerability	7.8	High
CVE-2022-24542	2022-04-15 17h04 +00:00	Windows Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2022-24541	2022-04-15 17h04 +00:00	Windows Server Service Remote Code Execution Vulnerability	8.8	High
CVE-2022-24540	2022-04-15 17h03 +00:00	Windows ALPC Elevation of Privilege Vulnerability	7	High
CVE-2022-24536	2022-04-15 17h03 +00:00	Windows DNS Server Remote Code Execution Vulnerability	7.2	High
CVE-2022-24534	2022-04-15 17h03 +00:00	Win32 Stream Enumeration Remote Code Execution Vulnerability	7.5	High
CVE-2022-24533	2022-04-15 17h03 +00:00	Remote Desktop Protocol Remote Code Execution Vulnerability	8	High
CVE-2022-24530	2022-04-15 17h03 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2022-24528	2022-04-15 17h03 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2022-24500	2022-04-15 17h03 +00:00	Windows SMB Remote Code Execution Vulnerability	8.8	High
CVE-2022-24499	2022-04-15 17h03 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2022-24498	2022-04-15 17h03 +00:00	Windows iSCSI Target Service Information Disclosure Vulnerability	6.5	Medium
CVE-2022-24494	2022-04-15 17h03 +00:00	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	7.8	High
CVE-2022-24493	2022-04-15 17h03 +00:00	Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability	5.5	Medium
CVE-2022-24492	2022-04-15 17h03 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2022-24485	2022-04-15 17h03 +00:00	Win32 File Enumeration Remote Code Execution Vulnerability	7.5	High
CVE-2022-24481	2022-04-15 17h03 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-24474	2022-04-15 17h03 +00:00	Windows Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21983	2022-04-15 17h02 +00:00	Win32 Stream Enumeration Remote Code Execution Vulnerability	7.5	High
CVE-2022-24503	2022-03-09 16h07 +00:00	Remote Desktop Protocol Client Information Disclosure Vulnerability	5.4	Medium
CVE-2022-24502	2022-03-09 16h07 +00:00	Windows HTML Platforms Security Feature Bypass Vulnerability	6.5	Medium
CVE-2022-24459	2022-03-09 16h07 +00:00	Windows Fax and Scan Service Elevation of Privilege Vulnerability	7.8	High
CVE-2022-24454	2022-03-09 16h07 +00:00	Windows Security Support Provider Interface Elevation of Privilege Vulnerability	7.8	High
CVE-2022-23299	2022-03-09 16h07 +00:00	Windows PDEV Elevation of Privilege Vulnerability	7.8	High
CVE-2022-23298	2022-03-09 16h07 +00:00	Windows NT OS Kernel Elevation of Privilege Vulnerability	7	High
CVE-2022-23297	2022-03-09 16h07 +00:00	Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2022-23296	2022-03-09 16h07 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2022-23293	2022-03-09 16h07 +00:00	Windows Fast FAT File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-23290	2022-03-09 16h07 +00:00	Windows Inking COM Elevation of Privilege Vulnerability	7.8	High
CVE-2022-23285	2022-03-09 16h07 +00:00	Remote Desktop Client Remote Code Execution Vulnerability	8.8	High
CVE-2022-23283	2022-03-09 16h07 +00:00	Windows ALPC Elevation of Privilege Vulnerability	7	High
CVE-2022-23281	2022-03-09 16h06 +00:00	Windows Common Log File System Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2022-23253	2022-03-09 16h06 +00:00	Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability	6.5	Medium
CVE-2022-21990	2022-03-09 16h06 +00:00	Remote Desktop Client Remote Code Execution Vulnerability	8.8	High
CVE-2022-22718	2022-02-09 16h37 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21999	2022-02-09 16h36 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2022-22717	2022-02-09 15h37 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7	High
CVE-2022-22710	2022-02-09 15h37 +00:00	Windows Common Log File System Driver Denial of Service Vulnerability	5.5	Medium
CVE-2022-22000	2022-02-09 15h36 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21998	2022-02-09 15h36 +00:00	Windows Common Log File System Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2022-21997	2022-02-09 15h36 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.1	High
CVE-2022-21989	2022-02-09 15h36 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21985	2022-02-09 15h36 +00:00	Windows Remote Access Connection Manager Information Disclosure Vulnerability	5.5	Medium
CVE-2022-21981	2022-02-09 15h36 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21919	2022-01-11 20h23 +00:00	Windows User Profile Service Elevation of Privilege Vulnerability	7	High
CVE-2022-21924	2022-01-11 19h23 +00:00	Workstation Service Remote Protocol Security Feature Bypass Vulnerability	5.3	Medium
CVE-2022-21925	2022-01-11 19h23 +00:00	Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability	5.3	Medium
CVE-2022-21922	2022-01-11 19h23 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2022-21920	2022-01-11 19h23 +00:00	Windows Kerberos Elevation of Privilege Vulnerability	8.8	High
CVE-2022-21916	2022-01-11 19h23 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21915	2022-01-11 19h23 +00:00	Windows GDI+ Information Disclosure Vulnerability	6.5	Medium
CVE-2022-21913	2022-01-11 19h23 +00:00	Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass	7.5	High
CVE-2022-21914	2022-01-11 19h23 +00:00	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21911	2022-01-11 19h23 +00:00	.NET Framework Denial of Service Vulnerability	7.5	High
CVE-2022-21908	2022-01-11 19h23 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21904	2022-01-11 19h23 +00:00	Windows GDI Information Disclosure Vulnerability	7.5	High
CVE-2022-21905	2022-01-11 19h23 +00:00	Windows Hyper-V Security Feature Bypass Vulnerability	8	High
CVE-2022-21903	2022-01-11 19h23 +00:00	Windows GDI Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21900	2022-01-11 19h23 +00:00	Windows Hyper-V Security Feature Bypass Vulnerability	4.6	Medium
CVE-2022-21899	2022-01-11 19h23 +00:00	Windows Extensible Firmware Interface Security Feature Bypass Vulnerability	5.5	Medium
CVE-2022-21897	2022-01-11 19h23 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21884	2022-01-11 19h22 +00:00	Local Security Authority Subsystem Service Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21885	2022-01-11 19h22 +00:00	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21883	2022-01-11 19h22 +00:00	Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability	7.5	High
CVE-2022-21880	2022-01-11 19h22 +00:00	Windows GDI+ Information Disclosure Vulnerability	7.5	High
CVE-2022-21862	2022-01-11 19h22 +00:00	Windows Application Model Core API Elevation of Privilege Vulnerability	7	High
CVE-2022-21857	2022-01-11 19h22 +00:00	Active Directory Domain Services Elevation of Privilege Vulnerability	8.8	High
CVE-2022-21851	2022-01-11 19h22 +00:00	Remote Desktop Client Remote Code Execution Vulnerability	8.8	High
CVE-2022-21850	2022-01-11 19h22 +00:00	Remote Desktop Client Remote Code Execution Vulnerability	8.8	High
CVE-2022-21848	2022-01-11 19h22 +00:00	Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability	7.5	High
CVE-2022-21843	2022-01-11 19h22 +00:00	Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability	7.5	High
CVE-2022-21838	2022-01-11 19h22 +00:00	Windows Cleanup Manager Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21836	2022-01-11 19h22 +00:00	Windows Certificate Spoofing Vulnerability	7.8	High
CVE-2022-21835	2022-01-11 19h22 +00:00	Microsoft Cryptographic Services Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21834	2022-01-11 19h22 +00:00	Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2022-21833	2022-01-11 19h22 +00:00	Virtual Machine IDE Drive Elevation of Privilege Vulnerability	7.8	High
CVE-2021-43893	2021-12-15 13h15 +00:00	Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability	7.5	High
CVE-2021-43883	2021-12-15 13h15 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2021-43248	2021-12-15 13h15 +00:00	Windows Digital Media Receiver Elevation of Privilege Vulnerability	7.8	High
CVE-2021-43245	2021-12-15 13h15 +00:00	Windows Digital TV Tuner Elevation of Privilege Vulnerability	7.8	High
CVE-2021-43238	2021-12-15 13h15 +00:00	Windows Remote Access Elevation of Privilege Vulnerability	7.8	High
CVE-2021-43236	2021-12-15 13h15 +00:00	Microsoft Message Queuing Information Disclosure Vulnerability	7.5	High
CVE-2021-43234	2021-12-15 13h15 +00:00	Windows Fax Service Remote Code Execution Vulnerability	7.8	High
CVE-2021-43233	2021-12-15 13h15 +00:00	Remote Desktop Client Remote Code Execution Vulnerability	7.5	High
CVE-2021-43230	2021-12-15 13h15 +00:00	Windows NTFS Elevation of Privilege Vulnerability	7.8	High
CVE-2021-43229	2021-12-15 13h15 +00:00	Windows NTFS Elevation of Privilege Vulnerability	7.8	High
CVE-2021-43226	2021-12-15 13h15 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2021-43224	2021-12-15 13h15 +00:00	Windows Common Log File System Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2021-43222	2021-12-15 13h15 +00:00	Microsoft Message Queuing Information Disclosure Vulnerability	7.5	High
CVE-2021-43217	2021-12-15 13h15 +00:00	Windows Encrypting File System (EFS) Remote Code Execution Vulnerability	9.8	Critical
CVE-2021-43216	2021-12-15 13h15 +00:00	Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability	6.5	Medium
CVE-2021-43215	2021-12-15 13h15 +00:00	iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution	9.8	Critical
CVE-2021-43207	2021-12-15 13h15 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2021-41333	2021-12-15 13h14 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2021-40441	2021-12-15 13h14 +00:00	Windows Media Center Elevation of Privilege Vulnerability	7.8	High
CVE-2021-42287	2021-11-10 00h47 +00:00	Active Directory Domain Services Elevation of Privilege Vulnerability	8.8	High
CVE-2021-42278	2021-11-10 00h47 +00:00	Active Directory Domain Services Elevation of Privilege Vulnerability	7.5	High
CVE-2021-41379	2021-11-10 00h46 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2021-42291	2021-11-09 23h47 +00:00	Active Directory Domain Services Elevation of Privilege Vulnerability	8.8	High
CVE-2021-42285	2021-11-09 23h47 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2021-42283	2021-11-09 23h47 +00:00	NTFS Elevation of Privilege Vulnerability	8.8	High
CVE-2021-42282	2021-11-09 23h47 +00:00	Active Directory Domain Services Elevation of Privilege Vulnerability	8.8	High
CVE-2021-42275	2021-11-09 23h46 +00:00	Microsoft COM for Windows Remote Code Execution Vulnerability	8.8	High
CVE-2021-41377	2021-11-09 23h46 +00:00	Windows Fast FAT File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2021-41371	2021-11-09 23h46 +00:00	Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability	4.4	Medium
CVE-2021-41370	2021-11-09 23h46 +00:00	NTFS Elevation of Privilege Vulnerability	7.8	High
CVE-2021-41367	2021-11-09 23h46 +00:00	NTFS Elevation of Privilege Vulnerability	7.8	High
CVE-2021-38666	2021-11-09 23h46 +00:00	Remote Desktop Client Remote Code Execution Vulnerability	8.8	High
CVE-2021-38665	2021-11-09 23h46 +00:00	Remote Desktop Protocol Client Information Disclosure Vulnerability	7.4	High
CVE-2021-38631	2021-11-09 23h46 +00:00	Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability	4.4	Medium
CVE-2021-40449	2021-10-13 00h26 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2021-41343	2021-10-12 22h28 +00:00	Windows Fast FAT File System Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2021-41342	2021-10-12 22h28 +00:00	Windows MSHTML Platform Remote Code Execution Vulnerability	8.8	High
CVE-2021-41340	2021-10-12 22h27 +00:00	Windows Graphics Component Remote Code Execution Vulnerability	7.8	High
CVE-2021-41335	2021-10-12 22h27 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2021-41332	2021-10-12 22h27 +00:00	Windows Print Spooler Information Disclosure Vulnerability	6.5	Medium
CVE-2021-41331	2021-10-12 22h27 +00:00	Windows Media Audio Decoder Remote Code Execution Vulnerability	7.8	High
CVE-2021-40489	2021-10-12 22h27 +00:00	Storage Spaces Controller Elevation of Privilege Vulnerability	7.8	High
CVE-2021-40469	2021-10-12 22h27 +00:00	Windows DNS Server Remote Code Execution Vulnerability	7.2	High
CVE-2021-40467	2021-10-12 22h27 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2021-40466	2021-10-12 22h27 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2021-40465	2021-10-12 22h27 +00:00	Windows Text Shaping Remote Code Execution Vulnerability	7.8	High
CVE-2021-40460	2021-10-12 22h26 +00:00	Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability	6.5	Medium
CVE-2021-40455	2021-10-12 22h26 +00:00	Windows Installer Spoofing Vulnerability	5.5	Medium
CVE-2021-40443	2021-10-12 22h26 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2021-38663	2021-10-12 22h26 +00:00	Windows exFAT File System Information Disclosure Vulnerability	5.5	Medium
CVE-2021-38662	2021-10-12 22h26 +00:00	Windows Fast FAT File System Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2021-36970	2021-10-12 22h26 +00:00	Windows Print Spooler Spoofing Vulnerability	8.8	High
CVE-2021-36953	2021-10-12 22h26 +00:00	Windows TCP/IP Denial of Service Vulnerability	7.5	High
CVE-2021-26442	2021-10-12 22h26 +00:00	Windows HTTP.sys Elevation of Privilege Vulnerability	7.8	High
CVE-2021-40444	2021-09-15 11h24 +00:00	Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability. UPDATE September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.	8.8	High
CVE-2021-36955	2021-09-15 11h23 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2021-40447	2021-09-15 09h24 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2021-38671	2021-09-15 09h24 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2021-38667	2021-09-15 09h24 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2021-38639	2021-09-15 09h24 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2021-38638	2021-09-15 09h23 +00:00	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	7.8	High
CVE-2021-38636	2021-09-15 09h23 +00:00	Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2021-38635	2021-09-15 09h23 +00:00	Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2021-38633	2021-09-15 09h23 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2021-38630	2021-09-15 09h23 +00:00	Windows Event Tracing Elevation of Privilege Vulnerability	7.8	High
CVE-2021-38629	2021-09-15 09h23 +00:00	Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability	6.5	Medium
CVE-2021-38628	2021-09-15 09h23 +00:00	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	7.8	High
CVE-2021-36969	2021-09-15 09h23 +00:00	Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2021-36968	2021-09-15 09h23 +00:00	Windows DNS Elevation of Privilege Vulnerability	7.8	High
CVE-2021-36965	2021-09-15 09h23 +00:00	Windows WLAN AutoConfig Service Remote Code Execution Vulnerability	9.8	Critical
CVE-2021-36964	2021-09-15 09h23 +00:00	Windows Event Tracing Elevation of Privilege Vulnerability	7.8	High
CVE-2021-36963	2021-09-15 09h23 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2021-36962	2021-09-15 09h23 +00:00	Windows Installer Information Disclosure Vulnerability	5.5	Medium
CVE-2021-36961	2021-09-15 09h23 +00:00	Windows Installer Denial of Service Vulnerability	6.1	Medium
CVE-2021-36960	2021-09-15 09h23 +00:00	Windows SMB Information Disclosure Vulnerability	7.5	High
CVE-2021-36959	2021-09-15 09h23 +00:00	Windows Authenticode Spoofing Vulnerability	5.5	Medium
CVE-2021-26435	2021-09-15 09h23 +00:00	Windows Scripting Engine Memory Corruption Vulnerability	8.1	High
CVE-2021-36942	2021-08-12 18h12 +00:00	Windows LSA Spoofing Vulnerability	7.5	High
CVE-2021-34484	2021-08-12 18h11 +00:00	Windows User Profile Service Elevation of Privilege Vulnerability	7.8	High
CVE-2021-36947	2021-08-12 16h12 +00:00	Windows Print Spooler Remote Code Execution Vulnerability	8.8	High
CVE-2021-36937	2021-08-12 16h12 +00:00	Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability	7.8	High
CVE-2021-36936	2021-08-12 16h12 +00:00	Windows Print Spooler Remote Code Execution Vulnerability	9.8	Critical
CVE-2021-36932	2021-08-12 16h12 +00:00	Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability	7.5	High
CVE-2021-36927	2021-08-12 16h12 +00:00	Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability	7.8	High
CVE-2021-34537	2021-08-12 16h12 +00:00	Windows Bluetooth Driver Elevation of Privilege Vulnerability	8	High
CVE-2021-34535	2021-08-12 16h12 +00:00	Remote Desktop Client Remote Code Execution Vulnerability	8.8	High
CVE-2021-34533	2021-08-12 16h12 +00:00	Windows Graphics Component Font Parsing Remote Code Execution Vulnerability	7.8	High
CVE-2021-34483	2021-08-12 16h11 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2021-34480	2021-08-12 16h11 +00:00	Scripting Engine Memory Corruption Vulnerability	8.8	High
CVE-2021-26425	2021-08-12 16h11 +00:00	Windows Event Tracing Elevation of Privilege Vulnerability	7.8	High
CVE-2021-26424	2021-08-12 16h11 +00:00	Windows TCP/IP Remote Code Execution Vulnerability	9.9	Critical
CVE-2021-34448	2021-07-16 20h19 +00:00	Scripting Engine Memory Corruption Vulnerability	8.8	High
CVE-2021-34481	2021-07-16 18h19 +00:00	A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. UPDATE August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see KB5005652.	9.8	Critical
CVE-2021-34457	2021-07-16 18h19 +00:00	Windows Remote Access Connection Manager Information Disclosure Vulnerability	5.5	Medium
CVE-2021-34456	2021-07-16 18h19 +00:00	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	7.8	High
CVE-2021-34447	2021-07-16 18h19 +00:00	Windows MSHTML Platform Remote Code Execution Vulnerability	8.8	High
CVE-2021-34446	2021-07-16 18h19 +00:00	Windows HTML Platforms Security Feature Bypass Vulnerability	8.8	High
CVE-2021-34444	2021-07-16 18h19 +00:00	Windows DNS Server Denial of Service Vulnerability	6.5	Medium
CVE-2021-34441	2021-07-16 18h19 +00:00	Microsoft Windows Media Foundation Remote Code Execution Vulnerability	7.8	High
CVE-2021-34442	2021-07-16 18h19 +00:00	Windows DNS Server Remote Code Execution Vulnerability	8.8	High
CVE-2021-34440	2021-07-16 18h19 +00:00	GDI+ Information Disclosure Vulnerability	5.5	Medium
CVE-2021-31979	2021-07-14 17h53 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2021-34516	2021-07-14 15h54 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2021-34514	2021-07-14 15h54 +00:00	Windows Kernel Elevation of Privilege Vulnerability	7.8	High
CVE-2021-34511	2021-07-14 15h54 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2021-34507	2021-07-14 15h54 +00:00	Windows Remote Assistance Information Disclosure Vulnerability	6.5	Medium
CVE-2021-34504	2021-07-14 15h54 +00:00	Windows Address Book Remote Code Execution Vulnerability	7.8	High
CVE-2021-34500	2021-07-14 15h54 +00:00	Windows Kernel Memory Information Disclosure Vulnerability	7.7	High
CVE-2021-34499	2021-07-14 15h54 +00:00	Windows DNS Server Denial of Service Vulnerability	6.5	Medium
CVE-2021-34498	2021-07-14 15h54 +00:00	Windows GDI Elevation of Privilege Vulnerability	7.8	High
CVE-2021-34497	2021-07-14 15h54 +00:00	Windows MSHTML Platform Remote Code Execution Vulnerability	8.8	High
CVE-2021-34496	2021-07-14 15h54 +00:00	Windows GDI Information Disclosure Vulnerability	5.5	Medium
CVE-2021-34494	2021-07-14 15h54 +00:00	Windows DNS Server Remote Code Execution Vulnerability	8.8	High
CVE-2021-34492	2021-07-14 15h54 +00:00	Windows Certificate Spoofing Vulnerability	8.1	High
CVE-2021-34476	2021-07-14 15h54 +00:00	Bowser.sys Denial of Service Vulnerability	7.5	High
CVE-2021-33788	2021-07-14 15h53 +00:00	Windows LSA Denial of Service Vulnerability	7.5	High
CVE-2021-33786	2021-07-14 15h53 +00:00	Windows LSA Security Feature Bypass Vulnerability	8.8	High
CVE-2021-33752	2021-07-14 15h53 +00:00	Windows DNS Snap-in Remote Code Execution Vulnerability	8.8	High
CVE-2021-33750	2021-07-14 15h53 +00:00	Windows DNS Snap-in Remote Code Execution Vulnerability	8.8	High
CVE-2021-33749	2021-07-14 15h53 +00:00	Windows DNS Snap-in Remote Code Execution Vulnerability	8.8	High
CVE-2021-33746	2021-07-14 15h53 +00:00	Windows DNS Server Remote Code Execution Vulnerability	8.8	High
CVE-2021-33745	2021-07-14 15h53 +00:00	Windows DNS Server Denial of Service Vulnerability	6.5	Medium
CVE-2021-31183	2021-07-14 15h53 +00:00	Windows TCP/IP Driver Denial of Service Vulnerability	7.5	High
CVE-2021-34527	2021-07-02 19h25 +00:00	A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ): HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting) UpdatePromptSettings = 0 (DWORD) or not defined (default setting) Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design. UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates. Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.	8.8	High
CVE-2021-33742	2021-06-08 22h46 +00:00	Windows MSHTML Platform Remote Code Execution Vulnerability	8.8	High
CVE-2021-31199	2021-06-08 22h46 +00:00	Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability	7.8	High
CVE-2021-31201	2021-06-08 22h46 +00:00	Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability	7.8	High
CVE-2021-31973	2021-06-08 20h46 +00:00	Windows GPSVC Elevation of Privilege Vulnerability	7.8	High
CVE-2021-31971	2021-06-08 20h46 +00:00	Windows HTML Platforms Security Feature Bypass Vulnerability	8.8	High
CVE-2021-31968	2021-06-08 20h46 +00:00	Windows Remote Desktop Services Denial of Service Vulnerability	7.5	High
CVE-2021-31962	2021-06-08 20h46 +00:00	Kerberos AppContainer Security Feature Bypass Vulnerability	9.8	Critical
CVE-2021-31958	2021-06-08 20h46 +00:00	Windows NTLM Elevation of Privilege Vulnerability	8.8	High
CVE-2021-31959	2021-06-08 20h46 +00:00	Scripting Engine Memory Corruption Vulnerability	7.8	High
CVE-2021-31956	2021-06-08 20h46 +00:00	Windows NTFS Elevation of Privilege Vulnerability	7.8	High
CVE-2021-31954	2021-06-08 20h46 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2021-31953	2021-06-08 20h46 +00:00	Windows Filter Manager Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1675	2021-06-08 20h46 +00:00	Windows Print Spooler Remote Code Execution Vulnerability	7.8	High
CVE-2021-26414	2021-06-08 20h46 +00:00	Windows DCOM Server Security Feature Bypass	6.5	Medium
CVE-2021-31194	2021-05-11 17h11 +00:00	OLE Automation Remote Code Execution Vulnerability	8.8	High
CVE-2021-31193	2021-05-11 17h11 +00:00	Windows SSDP Service Elevation of Privilege Vulnerability	7.8	High
CVE-2021-31188	2021-05-11 17h11 +00:00	Windows Graphics Component Elevation of Privilege Vulnerability	7.8	High
CVE-2021-31186	2021-05-11 17h11 +00:00	Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability	7.4	High
CVE-2021-31184	2021-05-11 17h11 +00:00	Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability	5.5	Medium
CVE-2021-28476	2021-05-11 17h11 +00:00	Windows Hyper-V Remote Code Execution Vulnerability	9.9	Critical
CVE-2021-26419	2021-05-11 17h11 +00:00	Scripting Engine Memory Corruption Vulnerability	7.5	High
CVE-2020-24588	2021-05-10 22h00 +00:00	The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.	3.5	Low
CVE-2021-28446	2021-04-13 19h33 +00:00	Windows Portmapping Information Disclosure Vulnerability	7.1	High
CVE-2021-28445	2021-04-13 17h33 +00:00	Windows Network File System Remote Code Execution Vulnerability	8.8	High
CVE-2021-28443	2021-04-13 17h33 +00:00	Windows Console Driver Denial of Service Vulnerability	5.5	Medium
CVE-2021-28440	2021-04-13 17h33 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2021-28439	2021-04-13 17h33 +00:00	Windows TCP/IP Driver Denial of Service Vulnerability	7.5	High
CVE-2021-28437	2021-04-13 17h33 +00:00	Windows Installer Information Disclosure Vulnerability	5.5	Medium
CVE-2021-28434	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28357	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28358	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28356	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28354	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28355	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28353	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28352	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28350	2021-04-13 17h33 +00:00	Windows GDI+ Remote Code Execution Vulnerability	7.8	High
CVE-2021-28349	2021-04-13 17h33 +00:00	Windows GDI+ Remote Code Execution Vulnerability	7.8	High
CVE-2021-28348	2021-04-13 17h33 +00:00	Windows GDI+ Remote Code Execution Vulnerability	7.8	High
CVE-2021-28346	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28344	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28345	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28343	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28341	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28342	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28340	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28338	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28339	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28337	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28336	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28334	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28335	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28333	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28332	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28330	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28331	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28329	2021-04-13 17h33 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28328	2021-04-13 17h33 +00:00	Windows DNS Information Disclosure Vulnerability	6.5	Medium
CVE-2021-28327	2021-04-13 17h32 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-28323	2021-04-13 17h32 +00:00	Windows DNS Information Disclosure Vulnerability	6.5	Medium
CVE-2021-28318	2021-04-13 17h32 +00:00	Windows GDI+ Information Disclosure Vulnerability	5.5	Medium
CVE-2021-28317	2021-04-13 17h32 +00:00	Microsoft Windows Codecs Library Information Disclosure Vulnerability	5.5	Medium
CVE-2021-28315	2021-04-13 17h32 +00:00	Windows Media Video Decoder Remote Code Execution Vulnerability	7.8	High
CVE-2021-28316	2021-04-13 17h32 +00:00	Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability	4.6	Medium
CVE-2021-27096	2021-04-13 17h32 +00:00	NTFS Elevation of Privilege Vulnerability	7.8	High
CVE-2021-28309	2021-04-13 17h32 +00:00	Windows Kernel Information Disclosure Vulnerability	5.5	Medium
CVE-2021-27095	2021-04-13 17h32 +00:00	Windows Media Video Decoder Remote Code Execution Vulnerability	7.8	High
CVE-2021-27093	2021-04-13 17h32 +00:00	Windows Kernel Information Disclosure Vulnerability	5.5	Medium
CVE-2021-27091	2021-04-13 17h32 +00:00	RPC Endpoint Mapper Service Elevation of Privilege Vulnerability	7.8	High
CVE-2021-27089	2021-04-13 17h32 +00:00	Microsoft Internet Messaging API Remote Code Execution Vulnerability	7.8	High
CVE-2021-26415	2021-04-13 17h32 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2021-26413	2021-04-13 17h32 +00:00	Windows Installer Spoofing Vulnerability	6.2	Medium
CVE-2021-26411	2021-03-11 15h07 +00:00	Internet Explorer Memory Corruption Vulnerability	8.8	High
CVE-2021-27077	2021-03-11 14h50 +00:00	Windows Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2021-27063	2021-03-11 14h49 +00:00	Windows DNS Server Denial of Service Vulnerability	7.5	High
CVE-2021-26901	2021-03-11 14h44 +00:00	Windows Event Tracing Elevation of Privilege Vulnerability	7.8	High
CVE-2021-26899	2021-03-11 14h43 +00:00	Windows UPnP Device Host Elevation of Privilege Vulnerability	7.8	High
CVE-2021-26898	2021-03-11 14h43 +00:00	Windows Event Tracing Elevation of Privilege Vulnerability	7.8	High
CVE-2021-26897	2021-03-11 14h43 +00:00	Windows DNS Server Remote Code Execution Vulnerability	9.8	Critical
CVE-2021-26896	2021-03-11 14h43 +00:00	Windows DNS Server Denial of Service Vulnerability	7.5	High
CVE-2021-26895	2021-03-11 14h43 +00:00	Windows DNS Server Remote Code Execution Vulnerability	9.8	Critical
CVE-2021-26894	2021-03-11 14h43 +00:00	Windows DNS Server Remote Code Execution Vulnerability	9.8	Critical
CVE-2021-26893	2021-03-11 14h42 +00:00	Windows DNS Server Remote Code Execution Vulnerability	9.8	Critical
CVE-2021-26887	2021-03-11 14h42 +00:00	An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder. To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data. This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the FAQ section of this CVE for configuration guidance.	7.8	High
CVE-2021-26882	2021-03-11 14h41 +00:00	Remote Access API Elevation of Privilege Vulnerability	7.8	High
CVE-2021-26881	2021-03-11 14h41 +00:00	Microsoft Windows Media Foundation Remote Code Execution Vulnerability	8.8	High
CVE-2021-26878	2021-03-11 14h40 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2021-26877	2021-03-11 14h40 +00:00	Windows DNS Server Remote Code Execution Vulnerability	9.8	Critical
CVE-2021-26875	2021-03-11 14h39 +00:00	Windows Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2021-26873	2021-03-11 14h39 +00:00	Windows User Profile Service Elevation of Privilege Vulnerability	7.8	High
CVE-2021-26872	2021-03-11 14h39 +00:00	Windows Event Tracing Elevation of Privilege Vulnerability	7.8	High
CVE-2021-26869	2021-03-11 14h39 +00:00	Windows ActiveX Installer Service Information Disclosure Vulnerability	5.5	Medium
CVE-2021-26862	2021-03-11 14h37 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2021-26861	2021-03-11 14h37 +00:00	Windows Graphics Component Remote Code Execution Vulnerability	7.8	High
CVE-2021-24107	2021-03-11 14h03 +00:00	Windows Event Tracing Information Disclosure Vulnerability	5.5	Medium
CVE-2021-1640	2021-03-10 15h27 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2021-25195	2021-02-25 22h01 +00:00	Windows PKU2U Elevation of Privilege Vulnerability	7.8	High
CVE-2021-24111	2021-02-25 22h01 +00:00	.NET Framework Denial of Service Vulnerability	7.5	High
CVE-2021-24103	2021-02-25 22h01 +00:00	Windows Event Tracing Elevation of Privilege Vulnerability	7.8	High
CVE-2021-24102	2021-02-25 22h01 +00:00	Windows Event Tracing Elevation of Privilege Vulnerability	7.8	High
CVE-2021-24094	2021-02-25 22h01 +00:00	Windows TCP/IP Remote Code Execution Vulnerability	9.8	Critical
CVE-2021-24092	2021-02-25 22h01 +00:00	Microsoft Defender Elevation of Privilege Vulnerability	7.8	High
CVE-2021-24088	2021-02-25 22h01 +00:00	Windows Local Spooler Remote Code Execution Vulnerability	8.8	High
CVE-2021-24086	2021-02-25 22h01 +00:00	Windows TCP/IP Denial of Service Vulnerability	7.5	High
CVE-2021-24083	2021-02-25 22h01 +00:00	Windows Address Book Remote Code Execution Vulnerability	7.8	High
CVE-2021-24077	2021-02-25 22h01 +00:00	Windows Fax Service Remote Code Execution Vulnerability	9.8	Critical
CVE-2021-24078	2021-02-25 22h01 +00:00	Windows DNS Server Remote Code Execution Vulnerability	9.8	Critical
CVE-2021-24074	2021-02-25 22h01 +00:00	Windows TCP/IP Remote Code Execution Vulnerability	9.8	Critical
CVE-2021-1734	2021-02-25 22h01 +00:00	Windows Remote Procedure Call Information Disclosure Vulnerability	7.5	High
CVE-2021-1726	2021-02-25 22h01 +00:00	Microsoft SharePoint Server Spoofing Vulnerability	8	High
CVE-2021-1727	2021-02-25 22h01 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1722	2021-02-25 22h01 +00:00	Windows Fax Service Remote Code Execution Vulnerability	9.8	Critical
CVE-2021-1647	2021-01-12 19h42 +00:00	Microsoft Defender Remote Code Execution Vulnerability	7.8	High
CVE-2021-1708	2021-01-12 18h42 +00:00	Windows GDI+ Information Disclosure Vulnerability	5.7	Medium
CVE-2021-1709	2021-01-12 18h42 +00:00	Windows Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1706	2021-01-12 18h42 +00:00	Windows LUAFV Elevation of Privilege Vulnerability	8.8	High
CVE-2021-1704	2021-01-12 18h42 +00:00	Windows Hyper-V Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1702	2021-01-12 18h42 +00:00	Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1700	2021-01-12 18h42 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-1701	2021-01-12 18h42 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-1699	2021-01-12 18h42 +00:00	Windows (modem.sys) Information Disclosure Vulnerability	5.5	Medium
CVE-2021-1696	2021-01-12 18h42 +00:00	Windows Graphics Component Information Disclosure Vulnerability	5.5	Medium
CVE-2021-1694	2021-01-12 18h42 +00:00	Windows Update Stack Elevation of Privilege Vulnerability	9.8	Critical
CVE-2021-1695	2021-01-12 18h42 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1693	2021-01-12 18h42 +00:00	Windows CSC Service Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1688	2021-01-12 18h42 +00:00	Windows CSC Service Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1679	2021-01-12 18h42 +00:00	Windows CryptoAPI Denial of Service Vulnerability	6.5	Medium
CVE-2021-1678	2021-01-12 18h42 +00:00	Windows Print Spooler Spoofing Vulnerability	8.8	High
CVE-2021-1676	2021-01-12 18h42 +00:00	Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2021-1673	2021-01-12 18h42 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-1674	2021-01-12 18h42 +00:00	Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability	8.8	High
CVE-2021-1671	2021-01-12 18h42 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-1668	2021-01-12 18h42 +00:00	Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability	7.8	High
CVE-2021-1666	2021-01-12 18h42 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-1667	2021-01-12 18h42 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-1664	2021-01-12 18h42 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-1665	2021-01-12 18h42 +00:00	GDI+ Remote Code Execution Vulnerability	7.8	High
CVE-2021-1660	2021-01-12 18h42 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-1661	2021-01-12 18h42 +00:00	Windows Installer Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1658	2021-01-12 18h42 +00:00	Remote Procedure Call Runtime Remote Code Execution Vulnerability	8.8	High
CVE-2021-1659	2021-01-12 18h42 +00:00	Windows CSC Service Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1657	2021-01-12 18h42 +00:00	Windows Fax Compose Form Remote Code Execution Vulnerability	7.8	High
CVE-2021-1655	2021-01-12 18h42 +00:00	Windows CSC Service Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1656	2021-01-12 18h42 +00:00	TPM Device Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2021-1654	2021-01-12 18h42 +00:00	Windows CSC Service Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1652	2021-01-12 18h42 +00:00	Windows CSC Service Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1653	2021-01-12 18h42 +00:00	Windows CSC Service Elevation of Privilege Vulnerability	7.8	High
CVE-2021-1649	2021-01-12 18h42 +00:00	Active Template Library Elevation of Privilege Vulnerability	7.8	High
CVE-2020-17140	2020-12-09 22h36 +00:00	Windows SMB Information Disclosure Vulnerability	8.1	High
CVE-2020-17098	2020-12-09 22h36 +00:00	Windows GDI+ Information Disclosure Vulnerability	5.5	Medium
CVE-2020-1599	2020-11-11 05h48 +00:00	Windows Spoofing Vulnerability	5.5	Medium
CVE-2020-17088	2020-11-11 05h48 +00:00	Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8	High
CVE-2020-17069	2020-11-11 05h48 +00:00	Windows NDIS Information Disclosure Vulnerability	5.5	Medium
CVE-2020-17068	2020-11-11 05h48 +00:00	Windows GDI+ Remote Code Execution Vulnerability	7.8	High
CVE-2020-17051	2020-11-11 05h48 +00:00	Windows Network File System Remote Code Execution Vulnerability	9.8	Critical
CVE-2020-17052	2020-11-11 05h48 +00:00	Scripting Engine Memory Corruption Vulnerability	8.1	High
CVE-2020-17047	2020-11-11 05h48 +00:00	Windows Network File System Denial of Service Vulnerability	7.5	High
CVE-2020-17045	2020-11-11 05h48 +00:00	Windows KernelStream Information Disclosure Vulnerability	5.5	Medium
CVE-2020-17042	2020-11-11 05h48 +00:00	Windows Print Spooler Remote Code Execution Vulnerability	8.8	High
CVE-2020-17038	2020-11-11 05h48 +00:00	Win32k Elevation of Privilege Vulnerability	7.8	High
CVE-2020-17036	2020-11-11 05h48 +00:00	Windows Function Discovery SSDP Provider Information Disclosure Vulnerability	5.5	Medium
CVE-2020-17029	2020-11-11 05h48 +00:00	Windows Canonical Display Driver Information Disclosure Vulnerability	5.5	Medium
CVE-2020-17014	2020-11-11 05h48 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2020-17011	2020-11-11 05h48 +00:00	Windows Port Class Library Elevation of Privilege Vulnerability	7.8	High
CVE-2020-17000	2020-11-11 05h47 +00:00	Remote Desktop Protocol Client Information Disclosure Vulnerability	5.5	Medium
CVE-2020-17001	2020-11-11 05h47 +00:00	Windows Print Spooler Elevation of Privilege Vulnerability	7.8	High
CVE-2020-17004	2020-11-11 05h47 +00:00	Windows Graphics Component Information Disclosure Vulnerability	5.5	Medium
CVE-2020-16997	2020-11-11 05h47 +00:00	Remote Desktop Protocol Server Information Disclosure Vulnerability	7.7	High
CVE-2020-16975	2020-10-16 20h18 +00:00	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations.	7.8	High
CVE-2020-16976	2020-10-16 20h18 +00:00	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations.	7.8	High
CVE-2020-16974	2020-10-16 20h18 +00:00	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations.	7.8	High
CVE-2020-16972	2020-10-16 20h18 +00:00	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations.	7.8	High
CVE-2020-16949	2020-10-16 20h18 +00:00	A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server. The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.	7.5	High
CVE-2020-16939	2020-10-16 20h17 +00:00	An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how Group Policy checks access.	7.8	High
CVE-2020-16940	2020-10-16 20h17 +00:00	An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing. The security update addresses the vulnerability by correcting how the Windows User Profile Service handles junction points.	7.8	High
CVE-2020-16937	2020-10-16 20h17 +00:00	An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory. To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application. The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory.	5.5	Medium
CVE-2020-16935	2020-10-16 20h17 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how the Windows COM Server creates COM objects.	7.8	High
CVE-2020-16933	2020-10-16 20h17 +00:00	A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Word handles these files.	8.8	High
CVE-2020-16924	2020-10-16 20h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.	7.8	High
CVE-2020-16922	2020-10-16 20h17 +00:00	A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.	5.5	Medium
CVE-2020-16923	2020-10-16 20h17 +00:00	A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.	7.8	High
CVE-2020-16920	2020-10-16 20h17 +00:00	An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Application Compatibility Client Library properly handles registry operations.	7.8	High
CVE-2020-16916	2020-10-16 20h17 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how the Windows COM Server creates COM objects.	7.8	High
CVE-2020-16914	2020-10-16 20h17 +00:00	An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how GDI+ handles memory addresses.	5.5	Medium
CVE-2020-16912	2020-10-16 20h17 +00:00	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations.	7.8	High
CVE-2020-16902	2020-10-16 20h17 +00:00	An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.	7.8	High
CVE-2020-16900	2020-10-16 20h17 +00:00	An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Event System handles objects in memory.	7.8	High
CVE-2020-16897	2020-10-16 20h17 +00:00	An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how a NetBT handles objects in memory.	5.5	Medium
CVE-2020-16896	2020-10-16 20h17 +00:00	An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services. The update addresses the vulnerability by correcting how RDP handles connection requests.	7.5	High
CVE-2020-16891	2020-10-16 20h17 +00:00	A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.	8.8	High
CVE-2020-16887	2020-10-16 20h17 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Network Connections Service properly handles objects in memory.	7.8	High
CVE-2020-16889	2020-10-16 20h17 +00:00	An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows KernelStream handles objects in memory.	5.5	Medium
CVE-2020-16863	2020-10-16 20h17 +00:00	A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the Remote Desktop Service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Service. The update addresses the vulnerability by correcting how Remote Desktop Service handles connection requests.	7.5	High
CVE-2020-0878	2020-09-11 17h08 +00:00	A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.	7.5	High
CVE-2020-1508	2020-09-11 15h09 +00:00	A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Decoder handles objects.	8.8	High
CVE-2020-1491	2020-09-11 15h09 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Function Discovery Service properly handles objects in memory.	7.8	High
CVE-2020-1376	2020-09-11 15h09 +00:00	An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the ssdpsrv.dll properly handles objects in memory.	7.8	High
CVE-2020-1285	2020-09-11 15h09 +00:00	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to open an email attachment or click a link in an email or instant message. In a file-sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file. The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory.	8.8	High
CVE-2020-1252	2020-09-11 15h09 +00:00	A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The updates address the vulnerability by correcting how Windows handles objects in memory.	7.8	High
CVE-2020-1256	2020-09-11 15h09 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.	6.5	Medium
CVE-2020-1250	2020-09-11 15h09 +00:00	An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory.	5.5	Medium
CVE-2020-1228	2020-09-11 15h09 +00:00	A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service. The update addresses the vulnerability by correcting how Windows DNS processes queries.	7.5	High
CVE-2020-1245	2020-09-11 15h09 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.	7.8	High
CVE-2020-1115	2020-09-11 15h08 +00:00	An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how CLFS handles objects in memory.	7.8	High
CVE-2020-1097	2020-09-11 15h08 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.	6.5	Medium
CVE-2020-1083	2020-09-11 15h08 +00:00	An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.	5.5	Medium
CVE-2020-1091	2020-09-11 15h08 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.	6.5	Medium
CVE-2020-1074	2020-09-11 15h08 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.	7.8	High
CVE-2020-1052	2020-09-11 15h08 +00:00	An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the ssdpsrv.dll properly handles objects in memory.	7.8	High
CVE-2020-1039	2020-09-11 15h08 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.	7.8	High
CVE-2020-1038	2020-09-11 15h08 +00:00	A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.	5.5	Medium
CVE-2020-1031	2020-09-11 15h08 +00:00	An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory. To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by correcting how DHCP servers initializes memory.	7.5	High
CVE-2020-1013	2020-09-11 15h08 +00:00	An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine. To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. An attacker could then create a group policy to grant administrator rights to a standard user. The security update addresses the vulnerability by enforcing Kerberos authentication for certain calls over LDAP.	8.1	High
CVE-2020-1030	2020-09-11 15h08 +00:00	An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.	7.8	High
CVE-2020-1012	2020-09-11 15h08 +00:00	An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerability by ensuring the Wininit.dll properly handles objects in memory.	8.8	High
CVE-2020-1472	2020-08-17 19h13 +00:00	An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.	10	Critical
CVE-2020-1464	2020-08-17 19h13 +00:00	A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.	7.8	High
CVE-2020-1380	2020-08-17 19h13 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.	8.8	High
CVE-2020-1587	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Ancillary Function Driver for WinSock handles memory.	7.8	High
CVE-2020-1584	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory.	7.8	High
CVE-2020-1579	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory.	7.8	High
CVE-2020-1554	2020-08-17 17h13 +00:00	A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.	7.8	High
CVE-2020-1520	2020-08-17 17h13 +00:00	A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory.	7.8	High
CVE-2020-1518	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory.	7.8	High
CVE-2020-1519	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory.	7.8	High
CVE-2020-1516	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory.	7.8	High
CVE-2020-1517	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory.	7.8	High
CVE-2020-1513	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CSC Service handles memory.	7.8	High
CVE-2020-1515	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Telephony Server handles memory.	7.8	High
CVE-2020-1509	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.	8.8	High
CVE-2020-1492	2020-08-17 17h13 +00:00	A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.	7.8	High
CVE-2020-1489	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CSC Service handles memory.	7.8	High
CVE-2020-1485	2020-08-17 17h13 +00:00	An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information. The security update addresses the vulnerability by correcting how the WIA Service handles objects in memory.	5.5	Medium
CVE-2020-1486	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.	7.8	High
CVE-2020-1484	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory.	7.8	High
CVE-2020-1477	2020-08-17 17h13 +00:00	A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.	7.8	High
CVE-2020-1478	2020-08-17 17h13 +00:00	A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.	7.8	High
CVE-2020-1475	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the srmsvc.dll properly handles objects in memory.	7.8	High
CVE-2020-1476	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET handle requests.	5.5	Medium
CVE-2020-1473	2020-08-17 17h13 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.	7.8	High
CVE-2020-1474	2020-08-17 17h13 +00:00	An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information. The security update addresses the vulnerability by correcting how the WIA Service handles objects in memory.	7.8	High
CVE-2020-1467	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows handles hard links.	10	Critical
CVE-2020-1470	2020-08-17 17h13 +00:00	An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory.	7.8	High
CVE-2020-1383	2020-08-17 17h13 +00:00	An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable. The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.	5.5	Medium
CVE-2020-1379	2020-08-17 17h13 +00:00	A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.	7.8	High
CVE-2020-1377	2020-08-17 17h12 +00:00	An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.	7.8	High
CVE-2020-1378	2020-08-17 17h12 +00:00	An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.	7.8	High
CVE-2020-1337	2020-08-17 17h12 +00:00	An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.	7.8	High
CVE-2020-1339	2020-08-17 17h12 +00:00	A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects.	8.8	High
CVE-2020-1046	2020-08-17 17h12 +00:00	A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input.	7.8	High
CVE-2020-1350	2020-07-14 22h54 +00:00	A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.	10	Critical
CVE-2020-1147	2020-07-14 22h54 +00:00	A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.	7.8	High
CVE-2020-1040	2020-07-14 22h53 +00:00	A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.	9	Critical
CVE-2020-1468	2020-07-14 20h54 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.	6.5	Medium
CVE-2020-1461	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.	7.1	High
CVE-2020-1438	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428.	7.8	High
CVE-2020-1436	2020-07-14 20h54 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.	8.8	High
CVE-2020-1437	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1435	2020-07-14 20h54 +00:00	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.	8.8	High
CVE-2020-1432	2020-07-14 20h54 +00:00	An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'.	4.3	Medium
CVE-2020-1430	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1354.	7.8	High
CVE-2020-1428	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1438.	7.8	High
CVE-2020-1427	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1428, CVE-2020-1438.	7.8	High
CVE-2020-1407	2020-07-14 20h54 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1401.	7.8	High
CVE-2020-1402	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1403	2020-07-14 20h54 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.	7.5	High
CVE-2020-1400	2020-07-14 20h54 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407.	7.8	High
CVE-2020-1401	2020-07-14 20h54 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1407.	7.8	High
CVE-2020-1399	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.	7.8	High
CVE-2020-1396	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1397	2020-07-14 20h54 +00:00	An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'.	6.5	Medium
CVE-2020-1390	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438.	7.8	High
CVE-2020-1389	2020-07-14 20h54 +00:00	An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1419, CVE-2020-1426.	5.5	Medium
CVE-2020-1384	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1359.	7.8	High
CVE-2020-1373	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438.	7.8	High
CVE-2020-1374	2020-07-14 20h54 +00:00	A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.	7.5	High
CVE-2020-1371	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1365.	7.8	High
CVE-2020-1365	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1371.	7.8	High
CVE-2020-1360	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations, aka 'Windows Profile Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1359	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1384.	7.8	High
CVE-2020-1354	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1430.	7.8	High
CVE-2020-1351	2020-07-14 20h54 +00:00	An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.	5.5	Medium
CVE-2020-1346	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1333	2020-07-14 20h54 +00:00	An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege Vulnerability'.	6.7	Medium
CVE-2020-1267	2020-07-14 20h54 +00:00	This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.	4.9	Medium
CVE-2020-1042	2020-07-14 20h53 +00:00	A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1043.	9	Critical
CVE-2020-1043	2020-07-14 20h53 +00:00	A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042.	9	Critical
CVE-2020-1085	2020-07-14 20h53 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1041	2020-07-14 20h53 +00:00	A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1042, CVE-2020-1043.	9	Critical
CVE-2020-1032	2020-07-14 20h53 +00:00	A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.	9	Critical
CVE-2020-1036	2020-07-14 20h53 +00:00	A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.	9	Critical
CVE-2020-1348	2020-06-09 17h44 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.	6.5	Medium
CVE-2020-1317	2020-06-09 17h44 +00:00	An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka 'Group Policy Elevation of Privilege Vulnerability'.	8.8	High
CVE-2020-1315	2020-06-09 17h44 +00:00	An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'.	5.3	Medium
CVE-2020-1314	2020-06-09 17h44 +00:00	An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server fails to properly handle messages sent from TSF clients, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1311	2020-06-09 17h44 +00:00	An elevation of privilege vulnerability exists when Component Object Model (COM) client uses special case IIDs, aka 'Component Object Model Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1301	2020-06-09 17h44 +00:00	A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.	8.8	High
CVE-2020-1302	2020-06-09 17h44 +00:00	An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1272, CVE-2020-1277, CVE-2020-1312.	7.8	High
CVE-2020-1299	2020-06-09 17h43 +00:00	A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.	8.8	High
CVE-2020-1300	2020-06-09 17h43 +00:00	A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver.The update addresses the vulnerability by correcting how Windows handles cabinet files., aka 'Windows Remote Code Execution Vulnerability'.	8.8	High
CVE-2020-1291	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1287	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1294.	7.8	High
CVE-2020-1281	2020-06-09 17h43 +00:00	A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.	8.8	High
CVE-2020-1271	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1272	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1277, CVE-2020-1302, CVE-2020-1312.	7.8	High
CVE-2020-1269	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.	7.8	High
CVE-2020-1270	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1263	2020-06-09 17h43 +00:00	An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1261.	5.5	Medium
CVE-2020-1262	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.	7.8	High
CVE-2020-1260	2020-06-09 17h43 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230.	7.5	High
CVE-2020-1253	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1310.	6.7	Medium
CVE-2020-1254	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Modules Installer Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1255	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.	8.8	High
CVE-2020-1251	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1253, CVE-2020-1310.	6.7	Medium
CVE-2020-1246	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.	7.8	High
CVE-2020-1247	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310.	7.8	High
CVE-2020-1239	2020-06-09 17h43 +00:00	A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1238.	8.8	High
CVE-2020-1236	2020-06-09 17h43 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1208.	7.8	High
CVE-2020-1230	2020-06-09 17h43 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1260.	7.5	High
CVE-2020-1219	2020-06-09 17h43 +00:00	A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.	7.5	High
CVE-2020-1220	2020-06-09 17h43 +00:00	A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'.	6.1	Medium
CVE-2020-1216	2020-06-09 17h43 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1230, CVE-2020-1260.	7.5	High
CVE-2020-1214	2020-06-09 17h43 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260.	7.5	High
CVE-2020-1215	2020-06-09 17h43 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260.	7.5	High
CVE-2020-1212	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists when an OLE Automation component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'OLE Automation Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1213	2020-06-09 17h43 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260.	7.5	High
CVE-2020-1207	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1247, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310.	7.8	High
CVE-2020-1208	2020-06-09 17h43 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1236.	7.8	High
CVE-2020-1194	2020-06-09 17h43 +00:00	A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations, aka 'Windows Registry Denial of Service Vulnerability'.	5.5	Medium
CVE-2020-1196	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory, aka 'Windows Print Configuration Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1163	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1170.	7.8	High
CVE-2020-1170	2020-06-09 17h43 +00:00	An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163.	7.8	High
CVE-2020-1160	2020-06-09 17h43 +00:00	An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.	5.5	Medium
CVE-2020-1054	2020-05-21 22h52 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143.	7.8	High
CVE-2020-1179	2020-05-21 20h53 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1145.	6.5	Medium
CVE-2020-1176	2020-05-21 20h53 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1175.	7.8	High
CVE-2020-1174	2020-05-21 20h53 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1175, CVE-2020-1176.	7.8	High
CVE-2020-1175	2020-05-21 20h53 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1176.	7.8	High
CVE-2020-1154	2020-05-21 20h53 +00:00	An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1153	2020-05-21 20h53 +00:00	A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.	7.8	High
CVE-2020-1150	2020-05-21 20h53 +00:00	A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1136.	7.8	High
CVE-2020-1141	2020-05-21 20h53 +00:00	An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1145, CVE-2020-1179.	5.5	Medium
CVE-2020-1114	2020-05-21 20h53 +00:00	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1087.	7.8	High
CVE-2020-1116	2020-05-21 20h53 +00:00	An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Information Disclosure Vulnerability'.	5.5	Medium
CVE-2020-1112	2020-05-21 20h53 +00:00	An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.	9.9	Critical
CVE-2020-1093	2020-05-21 20h53 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1060.	7.5	High
CVE-2020-1092	2020-05-21 20h53 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1062.	7.5	High
CVE-2020-1081	2020-05-21 20h53 +00:00	An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1078	2020-05-21 20h53 +00:00	An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1076	2020-05-21 20h52 +00:00	A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.	5.5	Medium
CVE-2020-1071	2020-05-21 20h52 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog, aka 'Windows Remote Access Common Dialog Elevation of Privilege Vulnerability'.	6.8	Medium
CVE-2020-1072	2020-05-21 20h52 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'.	5.5	Medium
CVE-2020-1070	2020-05-21 20h52 +00:00	An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1048.	7.8	High
CVE-2020-1067	2020-05-21 20h52 +00:00	A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.	8.8	High
CVE-2020-1066	2020-05-21 20h52 +00:00	An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1064	2020-05-21 20h52 +00:00	A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'.	7.5	High
CVE-2020-1061	2020-05-21 20h52 +00:00	A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory, aka 'Microsoft Script Runtime Remote Code Execution Vulnerability'.	8.8	High
CVE-2020-1062	2020-05-21 20h52 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1092.	7.5	High
CVE-2020-1060	2020-05-21 20h52 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1093.	7.5	High
CVE-2020-1058	2020-05-21 20h52 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1060, CVE-2020-1093.	7.5	High
CVE-2020-1048	2020-05-21 20h52 +00:00	An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070.	7.8	High
CVE-2020-1051	2020-05-21 20h52 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1174, CVE-2020-1175, CVE-2020-1176.	7.8	High
CVE-2020-1035	2020-05-21 20h52 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1058, CVE-2020-1060, CVE-2020-1093.	7.5	High
CVE-2020-1010	2020-05-21 20h52 +00:00	An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1068, CVE-2020-1079.	7.8	High
CVE-2020-0909	2020-05-21 20h52 +00:00	A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets., aka 'Windows Hyper-V Denial of Service Vulnerability'.	7.5	High
CVE-2020-0963	2020-05-21 20h52 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1141, CVE-2020-1145, CVE-2020-1179.	6.5	Medium
CVE-2020-1027	2020-04-15 15h13 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003.	7.8	High
CVE-2020-1020	2020-04-15 15h13 +00:00	A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.	8.8	High
CVE-2020-0968	2020-04-15 15h13 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.	7.5	High
CVE-2020-0938	2020-04-15 15h12 +00:00	A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.	7.8	High
CVE-2020-1094	2020-04-15 13h13 +00:00	An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1014	2020-04-15 13h13 +00:00	An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1015	2020-04-15 13h13 +00:00	An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1009, CVE-2020-1011.	7.8	High
CVE-2020-1009	2020-04-15 13h13 +00:00	An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1011, CVE-2020-1015.	7.8	High
CVE-2020-1007	2020-04-15 13h13 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0821.	5.5	Medium
CVE-2020-1008	2020-04-15 13h13 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999.	7.8	High
CVE-2020-1005	2020-04-15 13h13 +00:00	An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0982, CVE-2020-0987.	5.5	Medium
CVE-2020-1004	2020-04-15 13h13 +00:00	An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-1000	2020-04-15 13h13 +00:00	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1003, CVE-2020-1027.	7.8	High
CVE-2020-1002	2020-04-15 13h13 +00:00	An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.	7.1	High
CVE-2020-0999	2020-04-15 13h13 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-1008.	7.8	High
CVE-2020-0994	2020-04-15 13h13 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.	7.8	High
CVE-2020-0995	2020-04-15 13h13 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0999, CVE-2020-1008.	7.8	High
CVE-2020-0992	2020-04-15 13h13 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.	7.8	High
CVE-2020-0993	2020-04-15 13h13 +00:00	A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'.	6.5	Medium
CVE-2020-0988	2020-04-15 13h13 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.	7.8	High
CVE-2020-0987	2020-04-15 13h13 +00:00	An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0982, CVE-2020-1005.	5.5	Medium
CVE-2020-0982	2020-04-15 13h13 +00:00	An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0987, CVE-2020-1005.	5.5	Medium
CVE-2020-0967	2020-04-15 13h13 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0966.	8.8	High
CVE-2020-0964	2020-04-15 13h13 +00:00	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.	8.8	High
CVE-2020-0965	2020-04-15 13h13 +00:00	A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'.	7.8	High
CVE-2020-0966	2020-04-15 13h13 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0967.	8.8	High
CVE-2020-0962	2020-04-15 13h13 +00:00	An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0699.	5.5	Medium
CVE-2020-0959	2020-04-15 13h13 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.	7.8	High
CVE-2020-0960	2020-04-15 13h13 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.	7.8	High
CVE-2020-0957	2020-04-15 13h13 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0956, CVE-2020-0958.	7.8	High
CVE-2020-0958	2020-04-15 13h13 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0956, CVE-2020-0957.	7.8	High
CVE-2020-0955	2020-04-15 13h13 +00:00	An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'.	5.5	Medium
CVE-2020-0956	2020-04-15 13h13 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0957, CVE-2020-0958.	7.8	High
CVE-2020-0953	2020-04-15 13h13 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.	7.8	High
CVE-2020-0952	2020-04-15 13h13 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.	6.5	Medium
CVE-2020-0946	2020-04-15 13h12 +00:00	An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0937, CVE-2020-0939, CVE-2020-0945, CVE-2020-0947.	5.5	Medium
CVE-2020-0907	2020-04-15 13h12 +00:00	A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.	7.8	High
CVE-2020-0889	2020-04-15 13h12 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.	7.8	High
CVE-2020-0895	2020-04-15 13h12 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.	7.5	High
CVE-2020-0821	2020-04-15 13h12 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1007.	5.5	Medium
CVE-2020-0687	2020-04-15 13h12 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'.	8.8	High
CVE-2020-0787	2020-03-12 15h48 +00:00	An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-0885	2020-03-12 14h48 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'.	4.3	Medium
CVE-2020-0887	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0877.	7.8	High
CVE-2020-0883	2020-03-12 14h48 +00:00	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0881.	8.8	High
CVE-2020-0881	2020-03-12 14h48 +00:00	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0883.	8.8	High
CVE-2020-0882	2020-03-12 14h48 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0880.	6.5	Medium
CVE-2020-0879	2020-03-12 14h48 +00:00	An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0880, CVE-2020-0882.	5.5	Medium
CVE-2020-0880	2020-03-12 14h48 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0882.	6.5	Medium
CVE-2020-0877	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0887.	7.8	High
CVE-2020-0874	2020-03-12 14h48 +00:00	An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882.	5.5	Medium
CVE-2020-0871	2020-03-12 14h48 +00:00	An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Network Connections Service Information Disclosure Vulnerability'.	5.5	Medium
CVE-2020-0860	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0770, CVE-2020-0773.	7.8	High
CVE-2020-0853	2020-03-12 14h48 +00:00	An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'.	6.5	Medium
CVE-2020-0849	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0896.	7.8	High
CVE-2020-0845	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804.	7.8	High
CVE-2020-0847	2020-03-12 14h48 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.	7.5	High
CVE-2020-0843	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0842.	7.8	High
CVE-2020-0844	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-0842	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0843.	7.8	High
CVE-2020-0832	2020-03-12 14h48 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848.	7.5	High
CVE-2020-0833	2020-03-12 14h48 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848.	7.5	High
CVE-2020-0830	2020-03-12 14h48 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.	7.5	High
CVE-2020-0824	2020-03-12 14h48 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.	7.5	High
CVE-2020-0822	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-0814	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0842, CVE-2020-0843.	7.8	High
CVE-2020-0806	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0772.	7.8	High
CVE-2020-0803	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0804, CVE-2020-0845.	7.8	High
CVE-2020-0804	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0845.	7.8	High
CVE-2020-0802	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845.	7.8	High
CVE-2020-0791	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0898.	7.8	High
CVE-2020-0788	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0877, CVE-2020-0887.	7.8	High
CVE-2020-0785	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.	7.1	High
CVE-2020-0781	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0783.	7.8	High
CVE-2020-0783	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0781.	7.8	High
CVE-2020-0779	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843.	5.5	Medium
CVE-2020-0777	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897.	7.8	High
CVE-2020-0778	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845.	7.8	High
CVE-2020-0774	2020-03-12 14h48 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0874, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882.	6.5	Medium
CVE-2020-0772	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0806.	7.8	High
CVE-2020-0773	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0770, CVE-2020-0860.	7.8	High
CVE-2020-0770	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0773, CVE-2020-0860.	7.8	High
CVE-2020-0771	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0769.	7.8	High
CVE-2020-0768	2020-03-12 14h48 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.	7.5	High
CVE-2020-0769	2020-03-12 14h48 +00:00	An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0771.	7.8	High
CVE-2020-0645	2020-03-12 14h48 +00:00	A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'.	7.5	High
CVE-2020-0684	2020-03-12 14h48 +00:00	A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.	8.8	High
CVE-2020-0683	2020-02-11 21h22 +00:00	An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.	7.8	High
CVE-2020-0674	2020-02-11 21h22 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.	7.5	High
CVE-2020-0756	2020-02-11 20h23 +00:00	An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755.	5.5	Medium
CVE-2020-0753	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0754.	7.8	High
CVE-2020-0754	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0753.	7.8	High
CVE-2020-0755	2020-02-11 20h23 +00:00	An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0756.	5.5	Medium
CVE-2020-0752	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0735.	7.8	High
CVE-2020-0748	2020-02-11 20h23 +00:00	An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0755, CVE-2020-0756.	5.5	Medium
CVE-2020-0745	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0715, CVE-2020-0792.	7.8	High
CVE-2020-0744	2020-02-11 20h23 +00:00	An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'.	5.5	Medium
CVE-2020-0736	2020-02-11 20h23 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'.	5.5	Medium
CVE-2020-0737	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in the way that the tapisrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0739.	7.8	High
CVE-2020-0738	2020-02-11 20h23 +00:00	A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.	8.8	High
CVE-2020-0734	2020-02-11 20h23 +00:00	A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0681.	8.8	High
CVE-2020-0735	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0752.	7.8	High
CVE-2020-0730	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.	7.1	High
CVE-2020-0731	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726.	7.8	High
CVE-2020-0729	2020-02-11 20h23 +00:00	A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.	8.8	High
CVE-2020-0726	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0731.	7.8	High
CVE-2020-0724	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731.	7.8	High
CVE-2020-0725	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0726, CVE-2020-0731.	7.8	High
CVE-2020-0721	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731.	7.8	High
CVE-2020-0722	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731.	7.8	High
CVE-2020-0723	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731.	7.8	High
CVE-2020-0719	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731.	7.8	High
CVE-2020-0720	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731.	7.8	High
CVE-2020-0715	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0745, CVE-2020-0792.	7.8	High
CVE-2020-0708	2020-02-11 20h23 +00:00	A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory.To exploit this vulnerability, an attacker would first have to coerce a victim to open a specially crafted file.The security update addresses the vulnerability by correcting how the Windows Imaging Library handles memory., aka 'Windows Imaging Library Remote Code Execution Vulnerability'.	7.8	High
CVE-2020-0705	2020-02-11 20h23 +00:00	An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'.	5.5	Medium
CVE-2020-0703	2020-02-11 20h23 +00:00	An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-0698	2020-02-11 20h23 +00:00	An information disclosure vulnerability exists when the Telephony Service improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'.	5.5	Medium
CVE-2020-0691	2020-02-11 20h22 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731.	7.8	High
CVE-2020-0686	2020-02-11 20h22 +00:00	An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0683.	7.8	High
CVE-2020-0682	2020-02-11 20h22 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0679, CVE-2020-0680.	7.8	High
CVE-2020-0680	2020-02-11 20h22 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0679, CVE-2020-0682.	7.8	High
CVE-2020-0681	2020-02-11 20h22 +00:00	A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0734.	7.5	High
CVE-2020-0677	2020-02-11 20h22 +00:00	An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756.	5.5	Medium
CVE-2020-0678	2020-02-11 20h22 +00:00	An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-0675	2020-02-11 20h22 +00:00	An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756.	5.5	Medium
CVE-2020-0676	2020-02-11 20h22 +00:00	An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756.	5.5	Medium
CVE-2020-0673	2020-02-11 20h22 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.	7.5	High
CVE-2020-0668	2020-02-11 20h22 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.	7.8	High
CVE-2020-0666	2020-02-11 20h22 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0667, CVE-2020-0735, CVE-2020-0752.	7.8	High
CVE-2020-0667	2020-02-11 20h22 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0735, CVE-2020-0752.	7.8	High
CVE-2020-0665	2020-02-11 20h22 +00:00	An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.	8.1	High
CVE-2020-0662	2020-02-11 20h22 +00:00	A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.	8.8	High
CVE-2020-0658	2020-02-11 20h22 +00:00	An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.	5.5	Medium
CVE-2020-0655	2020-02-11 20h22 +00:00	A remote code execution vulnerability exists in Remote Desktop Services â€“ formerly known as Terminal Services â€“ when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop ServicesÂ Remote Code Execution Vulnerability'.	8	High
CVE-2020-0657	2020-02-11 20h22 +00:00	An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1454	2020-01-24 19h50 +00:00	An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.	5.5	Medium
CVE-2020-0646	2020-01-14 23h11 +00:00	A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.	9.8	Critical
CVE-2020-0642	2020-01-14 22h11 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0624.	7.8	High
CVE-2020-0643	2020-01-14 22h11 +00:00	An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'.	5.5	Medium
CVE-2020-0640	2020-01-14 22h11 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.	7.5	High
CVE-2020-0637	2020-01-14 22h11 +00:00	An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'.	6.5	Medium
CVE-2020-0639	2020-01-14 22h11 +00:00	An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0615.	5.5	Medium
CVE-2020-0635	2020-01-14 22h11 +00:00	An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0644.	7.8	High
CVE-2020-0634	2020-01-14 22h11 +00:00	An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-0630	2020-01-14 22h11 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633.	7.8	High
CVE-2020-0631	2020-01-14 22h11 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0632, CVE-2020-0633.	7.8	High
CVE-2020-0632	2020-01-14 22h11 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0633.	7.8	High
CVE-2020-0628	2020-01-14 22h11 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633.	7.8	High
CVE-2020-0629	2020-01-14 22h11 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633.	7.8	High
CVE-2020-0626	2020-01-14 22h11 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633.	7.8	High
CVE-2020-0627	2020-01-14 22h11 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633.	7.8	High
CVE-2020-0625	2020-01-14 22h11 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633.	7.8	High
CVE-2020-0620	2020-01-14 22h11 +00:00	An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka 'Microsoft Cryptographic Services Elevation of Privilege Vulnerability'.	7.8	High
CVE-2020-0615	2020-01-14 22h11 +00:00	An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0639.	5.5	Medium
CVE-2020-0611	2020-01-14 22h11 +00:00	A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.	7.5	High
CVE-2020-0608	2020-01-14 22h11 +00:00	An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.	5.5	Medium
CVE-2020-0606	2020-01-14 22h11 +00:00	A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.	8.8	High
CVE-2020-0607	2020-01-14 22h11 +00:00	An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.	5.5	Medium
CVE-2020-0605	2020-01-14 22h11 +00:00	A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.	8.8	High
CVE-2019-1488	2019-12-10 20h41 +00:00	A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'.	3.3	Low
CVE-2019-1485	2019-12-10 20h41 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.	7.5	High
CVE-2019-1484	2019-12-10 20h41 +00:00	A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.	7.8	High
CVE-2019-1478	2019-12-10 20h41 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1474	2019-12-10 20h41 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1472.	5.5	Medium
CVE-2019-1469	2019-12-10 20h41 +00:00	An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1470	2019-12-10 20h41 +00:00	An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.	6	Medium
CVE-2019-1467	2019-12-10 20h41 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1466.	6.5	Medium
CVE-2019-1468	2019-12-10 20h41 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-1465	2019-12-10 20h40 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467.	6.5	Medium
CVE-2019-1466	2019-12-10 20h40 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1467.	6.5	Medium
CVE-2019-1429	2019-11-12 18h53 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.	7.5	High
CVE-2019-1405	2019-11-12 18h53 +00:00	An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1388	2019-11-12 18h52 +00:00	An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1456	2019-11-12 17h53 +00:00	A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1419.	8.8	High
CVE-2019-1441	2019-11-12 17h53 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-1439	2019-11-12 17h53 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.	6.5	Medium
CVE-2019-1438	2019-11-12 17h53 +00:00	An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1437.	7.8	High
CVE-2019-1435	2019-11-12 17h53 +00:00	An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1437, CVE-2019-1438.	7.8	High
CVE-2019-1432	2019-11-12 17h53 +00:00	An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1411.	6.5	Medium
CVE-2019-1433	2019-11-12 17h53 +00:00	An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438.	7.8	High
CVE-2019-1434	2019-11-12 17h53 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408.	7.8	High
CVE-2019-1424	2019-11-12 17h53 +00:00	A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'.	8.1	High
CVE-2019-1422	2019-11-12 17h53 +00:00	An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1423.	7.8	High
CVE-2019-1419	2019-11-12 17h53 +00:00	A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1456.	8.8	High
CVE-2019-1418	2019-11-12 17h53 +00:00	An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.	3.3	Low
CVE-2019-1415	2019-11-12 17h53 +00:00	An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1412	2019-11-12 17h53 +00:00	An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1408	2019-11-12 17h53 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1434.	7.8	High
CVE-2019-1409	2019-11-12 17h53 +00:00	An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1411	2019-11-12 17h53 +00:00	An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1432.	6.5	Medium
CVE-2019-1406	2019-11-12 17h53 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.	7.8	High
CVE-2019-1407	2019-11-12 17h53 +00:00	An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1433, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438.	7.8	High
CVE-2019-1399	2019-11-12 17h52 +00:00	A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1310.	6.2	Medium
CVE-2019-1396	2019-11-12 17h52 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1408, CVE-2019-1434.	7.8	High
CVE-2019-1394	2019-11-12 17h52 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434.	7.8	High
CVE-2019-1395	2019-11-12 17h52 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434.	7.8	High
CVE-2019-1393	2019-11-12 17h52 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434.	7.8	High
CVE-2019-1390	2019-11-12 17h52 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.	7.5	High
CVE-2019-1391	2019-11-12 17h52 +00:00	A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2018-12207.	5.5	Medium
CVE-2019-1384	2019-11-12 17h52 +00:00	A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'.	9.9	Critical
CVE-2019-1382	2019-11-12 17h52 +00:00	An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability'.	5.5	Medium
CVE-2019-0719	2019-11-12 17h52 +00:00	A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721.	9.1	Critical
CVE-2019-0712	2019-11-12 17h52 +00:00	A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1309, CVE-2019-1310, CVE-2019-1399.	6.8	Medium
CVE-2019-1315	2019-10-10 13h28 +00:00	An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.	7.8	High
CVE-2019-1346	2019-10-10 11h28 +00:00	A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347.	6.5	Medium
CVE-2019-1358	2019-10-10 11h28 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359.	7.8	High
CVE-2019-1359	2019-10-10 11h28 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358.	7.8	High
CVE-2019-1361	2019-10-10 11h28 +00:00	An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1362	2019-10-10 11h28 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1364.	7.8	High
CVE-2019-1363	2019-10-10 11h28 +00:00	An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1364	2019-10-10 11h28 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362.	7.8	High
CVE-2019-1365	2019-10-10 11h28 +00:00	An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka 'Microsoft IIS Server Elevation of Privilege Vulnerability'.	9.9	Critical
CVE-2019-1371	2019-10-10 11h28 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.	7.5	High
CVE-2019-1318	2019-10-10 11h28 +00:00	A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'.	5.9	Medium
CVE-2019-1319	2019-10-10 11h28 +00:00	An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1325	2019-10-10 11h28 +00:00	An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka 'Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability'.	5.5	Medium
CVE-2019-1326	2019-10-10 11h28 +00:00	A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.	7.5	High
CVE-2019-1333	2019-10-10 11h28 +00:00	A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-1338	2019-10-10 11h28 +00:00	A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka 'Windows NTLM Security Feature Bypass Vulnerability'.	5.9	Medium
CVE-2019-1339	2019-10-10 11h28 +00:00	An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342.	7.8	High
CVE-2019-1341	2019-10-10 11h28 +00:00	An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1342	2019-10-10 11h28 +00:00	An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339.	7.8	High
CVE-2019-1344	2019-10-10 11h28 +00:00	An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1166	2019-10-10 11h28 +00:00	A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.	5.9	Medium
CVE-2019-1238	2019-10-10 11h28 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239.	6.4	Medium
CVE-2019-1367	2019-09-23 19h14 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.	7.5	High
CVE-2019-1255	2019-09-23 17h14 +00:00	A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.	7.5	High
CVE-2019-1214	2019-09-11 21h24 +00:00	An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1215	2019-09-11 21h24 +00:00	An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.	7.8	High
CVE-2019-1290	2019-09-11 19h25 +00:00	A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1291.	8.8	High
CVE-2019-1291	2019-09-11 19h25 +00:00	A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1290.	8.8	High
CVE-2019-1293	2019-09-11 19h25 +00:00	An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1268	2019-09-11 19h25 +00:00	An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1271	2019-09-11 19h25 +00:00	An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1274	2019-09-11 19h25 +00:00	An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1280	2019-09-11 19h25 +00:00	A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.	7.8	High
CVE-2019-1282	2019-09-11 19h25 +00:00	An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1283	2019-09-11 19h25 +00:00	An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1284	2019-09-11 19h25 +00:00	An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1285	2019-09-11 19h25 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256.	7.8	High
CVE-2019-1286	2019-09-11 19h25 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1252.	6.5	Medium
CVE-2019-1246	2019-09-11 19h24 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.	7.8	High
CVE-2019-1247	2019-09-11 19h24 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.	7.8	High
CVE-2019-1248	2019-09-11 19h24 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1249, CVE-2019-1250.	7.8	High
CVE-2019-1249	2019-09-11 19h24 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1250.	7.8	High
CVE-2019-1250	2019-09-11 19h24 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249.	7.8	High
CVE-2019-1252	2019-09-11 19h24 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286.	6.5	Medium
CVE-2019-1256	2019-09-11 19h24 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285.	7.8	High
CVE-2019-1267	2019-09-11 19h24 +00:00	An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1216	2019-09-11 19h24 +00:00	An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1219	2019-09-11 19h24 +00:00	An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1220	2019-09-11 19h24 +00:00	A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'.	4.3	Medium
CVE-2019-1221	2019-09-11 19h24 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.	7.5	High
CVE-2019-1235	2019-09-11 19h24 +00:00	An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1236	2019-09-11 19h24 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208.	7.5	High
CVE-2019-1240	2019-09-11 19h24 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.	7.8	High
CVE-2019-1241	2019-09-11 19h24 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.	7.8	High
CVE-2019-1242	2019-09-11 19h24 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.	7.8	High
CVE-2019-1243	2019-09-11 19h24 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.	7.8	High
CVE-2019-1244	2019-09-11 19h24 +00:00	An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251.	6.5	Medium
CVE-2019-1245	2019-09-11 19h24 +00:00	An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251.	6.5	Medium
CVE-2019-1208	2019-09-11 19h24 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236.	7.5	High
CVE-2019-1125	2019-09-03 15h52 +00:00	An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.	5.6	Medium
CVE-2019-1228	2019-08-14 18h55 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.	5.5	Medium
CVE-2019-1212	2019-08-14 18h55 +00:00	A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. To exploit the vulnerability, a remote unauthenticated attacker could send a specially crafted packet to an affected DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets.	9.8	Critical
CVE-2019-1178	2019-08-14 18h55 +00:00	An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the ssdpsrv.dll properly handles objects in memory.	7	High
CVE-2019-1192	2019-08-14 18h55 +00:00	A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how affected Microsoft browsers handle different-origin requests.	4.3	Medium
CVE-2019-1193	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.	6.4	Medium
CVE-2019-1194	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.	7.5	High
CVE-2019-1151	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.	8.8	High
CVE-2019-1152	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.	8.8	High
CVE-2019-1153	2019-08-14 18h55 +00:00	An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.	5.5	Medium
CVE-2019-1154	2019-08-14 18h55 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.	5.5	Medium
CVE-2019-1155	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.	7.8	High
CVE-2019-1156	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.	7.8	High
CVE-2019-1157	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.	7.8	High
CVE-2019-1158	2019-08-14 18h55 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.	5.5	Medium
CVE-2019-1159	2019-08-14 18h55 +00:00	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.	7.8	High
CVE-2019-1161	2019-08-14 18h55 +00:00	An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again. The update addresses the vulnerability and blocks the arbitrary deletion.	7.1	High
CVE-2019-1162	2019-08-14 18h55 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC.	7.8	High
CVE-2019-1164	2019-08-14 18h55 +00:00	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.	7.8	High
CVE-2019-1168	2019-08-14 18h55 +00:00	An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the p2pimsvc service handles processes these requests.	7.8	High
CVE-2019-1169	2019-08-14 18h55 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.	7.8	High
CVE-2019-0720	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Windows Hyper-V Network Switch validates guest operating system network traffic.	8	High
CVE-2019-0723	2019-08-14 18h55 +00:00	A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.	5.8	Medium
CVE-2019-0736	2019-08-14 18h55 +00:00	A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client. The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.	9.8	Critical
CVE-2019-1057	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.	7.5	High
CVE-2019-1078	2019-08-14 18h55 +00:00	An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory.	5.5	Medium
CVE-2019-1133	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.	7.5	High
CVE-2019-1143	2019-08-14 18h55 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.	5.5	Medium
CVE-2019-1144	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.	8.8	High
CVE-2019-1145	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.	8.8	High
CVE-2019-1146	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.	7.8	High
CVE-2019-1147	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.	7.8	High
CVE-2019-1148	2019-08-14 18h55 +00:00	An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.	5.5	Medium
CVE-2019-1149	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.	8.8	High
CVE-2019-1150	2019-08-14 18h55 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.	8.8	High
CVE-2019-0714	2019-08-14 18h55 +00:00	A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.	5.8	Medium
CVE-2019-0715	2019-08-14 18h55 +00:00	A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.	5.8	Medium
CVE-2019-0716	2019-08-14 18h55 +00:00	A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.	5.8	Medium
CVE-2019-1132	2019-07-29 14h13 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1116	2019-07-29 12h10 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101.	6.5	Medium
CVE-2019-1113	2019-07-29 12h09 +00:00	A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-1108	2019-07-29 12h08 +00:00	An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'.	6.5	Medium
CVE-2019-1104	2019-07-29 12h06 +00:00	A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.	7.5	High
CVE-2019-1102	2019-07-29 11h57 +00:00	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-1083	2019-07-15 16h56 +00:00	A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.	7.5	High
CVE-2019-1085	2019-07-15 16h56 +00:00	An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1088	2019-07-15 16h56 +00:00	An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1087.	7.8	High
CVE-2019-1089	2019-07-15 16h56 +00:00	An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application. The security update addresses this vulnerability by correcting how rpcss.dll handles these requests., aka 'Windows RPCSS Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1093	2019-07-15 16h56 +00:00	An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097.	5.5	Medium
CVE-2019-1096	2019-07-15 16h56 +00:00	An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1097	2019-07-15 16h56 +00:00	An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093.	5.5	Medium
CVE-2019-1001	2019-07-15 16h56 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056, CVE-2019-1059.	7.5	High
CVE-2019-1004	2019-07-15 16h56 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1056, CVE-2019-1059.	7.5	High
CVE-2019-1006	2019-07-15 16h56 +00:00	An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.	7.5	High
CVE-2019-1056	2019-07-15 16h56 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1059.	7.5	High
CVE-2019-1059	2019-07-15 16h56 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1056.	7.5	High
CVE-2019-1063	2019-07-15 16h56 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.	7.5	High
CVE-2019-1071	2019-07-15 16h56 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1073.	5.5	Medium
CVE-2019-1073	2019-07-15 16h56 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071.	5.5	Medium
CVE-2019-1082	2019-07-15 16h56 +00:00	An elevation of privilege vulnerability exists in Microsoft Windows where a certain DLL, with Local Service privilege, is vulnerable to race planting a customized DLL.An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.The update addresses this vulnerability by requiring SYSTEM privileges for a certain DLL., aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1074.	7.8	High
CVE-2019-0887	2019-07-15 16h56 +00:00	A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.	8	High
CVE-2019-1049	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1050.	6.5	Medium
CVE-2019-1053	2019-06-12 11h49 +00:00	An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka 'Windows Shell Elevation of Privilege Vulnerability'.	8.8	High
CVE-2019-1055	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1080.	7.5	High
CVE-2019-1080	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1055.	7.5	High
CVE-2019-1081	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka 'Microsoft Browser Information Disclosure Vulnerability'.	6.5	Medium
CVE-2019-1025	2019-06-12 11h49 +00:00	A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.	7.5	High
CVE-2019-1028	2019-06-12 11h49 +00:00	An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1007, CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1027.	7.8	High
CVE-2019-1038	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.	7.5	High
CVE-2019-1039	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-1040	2019-06-12 11h49 +00:00	A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.	5.9	Medium
CVE-2019-1043	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'.	6.8	Medium
CVE-2019-1045	2019-06-12 11h49 +00:00	An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory, aka 'Windows Network File System Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-1046	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.	5.5	Medium
CVE-2019-1047	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.	6.5	Medium
CVE-2019-1048	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1049, CVE-2019-1050.	6.5	Medium
CVE-2019-0986	2019-06-12 11h49 +00:00	An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.	7.1	High
CVE-2019-0988	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080.	7.5	High
CVE-2019-1005	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1055, CVE-2019-1080.	7.5	High
CVE-2019-1009	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.	6.5	Medium
CVE-2019-1010	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.	6.5	Medium
CVE-2019-1011	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.	6.5	Medium
CVE-2019-1012	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.	6.5	Medium
CVE-2019-1013	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.	6.5	Medium
CVE-2019-1014	2019-06-12 11h49 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0960, CVE-2019-1017.	7.8	High
CVE-2019-1015	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.	6.5	Medium
CVE-2019-1016	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.	6.5	Medium
CVE-2019-1017	2019-06-12 11h49 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0960, CVE-2019-1014.	7.8	High
CVE-2019-1019	2019-06-12 11h49 +00:00	A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'.	8.5	High
CVE-2019-0713	2019-06-12 11h49 +00:00	A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0710, CVE-2019-0711.	6.8	Medium
CVE-2019-0722	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0620, CVE-2019-0709.	8.8	High
CVE-2019-0888	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory, aka 'ActiveX Data Objects (ADO) Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-0904	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974.	8.8	High
CVE-2019-0905	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974.	8.8	High
CVE-2019-0906	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974.	8.8	High
CVE-2019-0907	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974.	8.8	High
CVE-2019-0908	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0909, CVE-2019-0974.	8.8	High
CVE-2019-0909	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0974.	8.8	High
CVE-2019-0920	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0988, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080.	7.5	High
CVE-2019-0941	2019-06-12 11h49 +00:00	A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests, aka 'Microsoft IIS Server Denial of Service Vulnerability'.	7.5	High
CVE-2019-0943	2019-06-12 11h49 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-0948	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity, aka 'Windows Event Viewer Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-0960	2019-06-12 11h49 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1014, CVE-2019-1017.	7.8	High
CVE-2019-0968	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.	6.5	Medium
CVE-2019-0972	2019-06-12 11h49 +00:00	This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.	6.5	Medium
CVE-2019-0973	2019-06-12 11h49 +00:00	An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-0974	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909.	8.8	High
CVE-2019-0977	2019-06-12 11h49 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.	6.5	Medium
CVE-2019-0984	2019-06-12 11h49 +00:00	An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0959.	7.8	High
CVE-2019-0985	2019-06-12 11h49 +00:00	A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input, aka 'Microsoft Speech API Remote Code Execution Vulnerability'.	7.8	High
CVE-2019-0903	2019-05-16 18h17 +00:00	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-0708	2019-05-16 18h17 +00:00	A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.	9.8	Critical
CVE-2019-0863	2019-05-16 18h17 +00:00	An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-0980	2019-05-16 16h24 +00:00	A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.	7.5	High
CVE-2019-0981	2019-05-16 16h24 +00:00	A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.	7.5	High
CVE-2019-0961	2019-05-16 16h24 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0758, CVE-2019-0882.	6.5	Medium
CVE-2019-0936	2019-05-16 16h17 +00:00	An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0734.	7.8	High
CVE-2019-0940	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.	7.5	High
CVE-2019-0902	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901.	8.8	High
CVE-2019-0911	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0884, CVE-2019-0918.	7.5	High
CVE-2019-0918	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0884, CVE-2019-0911.	7.5	High
CVE-2019-0930	2019-05-16 16h17 +00:00	An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'.	6.5	Medium
CVE-2019-0881	2019-05-16 16h17 +00:00	An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-0882	2019-05-16 16h17 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0758, CVE-2019-0961.	6.5	Medium
CVE-2019-0884	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0911, CVE-2019-0918.	7.5	High
CVE-2019-0885	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.	7.8	High
CVE-2019-0889	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.	7.8	High
CVE-2019-0890	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.	7.8	High
CVE-2019-0891	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.	7.8	High
CVE-2019-0893	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.	7.8	High
CVE-2019-0894	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.	7.8	High
CVE-2019-0895	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.	7.8	High
CVE-2019-0896	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.	7.8	High
CVE-2019-0897	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.	7.8	High
CVE-2019-0898	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.	7.8	High
CVE-2019-0899	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.	7.8	High
CVE-2019-0900	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0901, CVE-2019-0902.	7.8	High
CVE-2019-0901	2019-05-16 16h17 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0902.	7.8	High
CVE-2019-0725	2019-05-16 16h17 +00:00	A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.	9.8	Critical
CVE-2019-0734	2019-05-16 16h17 +00:00	An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how these requests are validated., aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0936.	8.1	High
CVE-2019-0758	2019-05-16 16h17 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0882, CVE-2019-0961.	6.5	Medium
CVE-2019-0820	2019-05-16 16h17 +00:00	A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.	7.5	High
CVE-2019-0864	2019-05-16 16h17 +00:00	A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'.	5.5	Medium
CVE-2019-0859	2019-04-09 20h19 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.	7.8	High
CVE-2019-0803	2019-04-09 20h15 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.	7.8	High
CVE-2019-0752	2019-04-09 20h15 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.	7.5	High
CVE-2019-0853	2019-04-09 18h19 +00:00	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-0856	2019-04-09 18h19 +00:00	A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.	7.2	High
CVE-2019-0862	2019-04-09 18h19 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0753.	7.5	High
CVE-2019-0839	2019-04-09 18h18 +00:00	An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0838.	4.4	Medium
CVE-2019-0842	2019-04-09 18h18 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-0844	2019-04-09 18h18 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0840.	5.5	Medium
CVE-2019-0845	2019-04-09 18h18 +00:00	A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content, aka 'Windows IOleCvt Interface Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-0846	2019-04-09 18h18 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879.	7.8	High
CVE-2019-0847	2019-04-09 18h18 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879.	7.8	High
CVE-2019-0848	2019-04-09 18h18 +00:00	An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0814.	5.5	Medium
CVE-2019-0849	2019-04-09 18h18 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0802.	6.5	Medium
CVE-2019-0851	2019-04-09 18h18 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0877, CVE-2019-0879.	7.8	High
CVE-2019-0835	2019-04-09 18h16 +00:00	An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory, aka 'Microsoft Scripting Engine Information Disclosure Vulnerability'.	6.5	Medium
CVE-2019-0836	2019-04-09 18h16 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841.	7.8	High
CVE-2019-0838	2019-04-09 18h16 +00:00	An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0839.	7.8	High
CVE-2019-0791	2019-04-09 18h15 +00:00	A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795.	8.8	High
CVE-2019-0792	2019-04-09 18h15 +00:00	A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795.	8.8	High
CVE-2019-0793	2019-04-09 18h15 +00:00	A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795.	8.8	High
CVE-2019-0794	2019-04-09 18h15 +00:00	A remote code execution vulnerability exists when OLE automation improperly handles objects in memory, aka 'OLE Automation Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-0795	2019-04-09 18h15 +00:00	A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793.	8.8	High
CVE-2019-0796	2019-04-09 18h15 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.	5.5	Medium
CVE-2019-0802	2019-04-09 18h15 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0849.	6.5	Medium
CVE-2019-0805	2019-04-09 18h15 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841.	7.8	High
CVE-2019-0730	2019-04-09 18h15 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.	7.8	High
CVE-2019-0731	2019-04-09 18h15 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.	7.8	High
CVE-2019-0732	2019-04-09 18h15 +00:00	A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'.	7.8	High
CVE-2019-0735	2019-04-09 18h15 +00:00	An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-0753	2019-04-09 18h15 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0862.	7.5	High
CVE-2019-0764	2019-04-09 18h15 +00:00	A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka 'Microsoft Browsers Tampering Vulnerability'.	6.5	Medium
CVE-2019-0808	2019-04-09 02h31 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.	7.8	High
CVE-2019-0782	2019-04-09 00h39 +00:00	An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0775.	5.5	Medium
CVE-2019-0783	2019-04-09 00h37 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773.	7.5	High
CVE-2019-0784	2019-04-09 00h36 +00:00	A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka 'Windows ActiveX Remote Code Execution Vulnerability'.	7.5	High
CVE-2019-0821	2019-04-09 00h27 +00:00	An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0704.	6.5	Medium
CVE-2019-0772	2019-04-09 00h18 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0667.	8.8	High
CVE-2019-0774	2019-04-09 00h15 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0614.	6.5	Medium
CVE-2019-0775	2019-04-09 00h11 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0782.	4.7	Medium
CVE-2019-0780	2019-04-09 00h04 +00:00	A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.	7.5	High
CVE-2019-0756	2019-04-08 23h52 +00:00	A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-0759	2019-04-08 23h50 +00:00	An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory, aka 'Windows Print Spooler Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-0761	2019-04-08 23h49 +00:00	A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0768.	6.5	Medium
CVE-2019-0762	2019-04-08 23h47 +00:00	A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.	4.3	Medium
CVE-2019-0763	2019-04-08 23h46 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.	7.5	High
CVE-2019-0765	2019-04-08 23h45 +00:00	A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-0767	2019-04-08 23h42 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0775, CVE-2019-0782.	5.5	Medium
CVE-2019-0703	2019-04-08 23h41 +00:00	An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.	6.5	Medium
CVE-2019-0702	2019-04-08 21h43 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0755, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782.	5.5	Medium
CVE-2019-0704	2019-04-08 21h40 +00:00	An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0821.	6.5	Medium
CVE-2019-0746	2019-04-08 21h37 +00:00	An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'.	6.5	Medium
CVE-2019-0754	2019-04-08 21h34 +00:00	A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.	5.5	Medium
CVE-2019-0755	2019-04-08 21h32 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782.	5.5	Medium
CVE-2019-0680	2019-04-08 21h23 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.	7.5	High
CVE-2019-0683	2019-04-08 21h20 +00:00	An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.	5.9	Medium
CVE-2019-0667	2019-04-08 20h44 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.	7.5	High
CVE-2019-0666	2019-04-08 20h42 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772.	7.5	High
CVE-2019-0665	2019-04-08 20h41 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0666, CVE-2019-0667, CVE-2019-0772.	7.5	High
CVE-2019-0617	2019-04-08 20h38 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.	7.8	High
CVE-2019-0614	2019-04-08 20h36 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0774.	6.5	Medium
CVE-2019-0609	2019-04-08 20h31 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.	7.5	High
CVE-2019-0603	2019-04-08 20h25 +00:00	A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Deployment Services TFTP Server handles objects in memory, aka 'Windows Deployment Services TFTP Server Remote Code Execution Vulnerability'.	7.5	High
CVE-2019-0676	2019-03-06 00h00 +00:00	An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.	6.5	Medium
CVE-2019-0595	2019-03-05 23h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625.	7.8	High
CVE-2019-0596	2019-03-05 23h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625.	7.8	High
CVE-2019-0597	2019-03-05 23h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625.	7.8	High
CVE-2019-0598	2019-03-05 23h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0599, CVE-2019-0625.	7.8	High
CVE-2019-0599	2019-03-05 23h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0625.	7.8	High
CVE-2019-0600	2019-03-05 23h00 +00:00	An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0601.	4.7	Medium
CVE-2019-0601	2019-03-05 23h00 +00:00	An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0600.	4.7	Medium
CVE-2019-0606	2019-03-05 23h00 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.	7.5	High
CVE-2019-0613	2019-03-05 23h00 +00:00	A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'.	8.8	High
CVE-2019-0615	2019-03-05 23h00 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664.	6.5	Medium
CVE-2019-0616	2019-03-05 23h00 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664.	6.5	Medium
CVE-2019-0618	2019-03-05 23h00 +00:00	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0662.	8.8	High
CVE-2019-0619	2019-03-05 23h00 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0660, CVE-2019-0664.	6.5	Medium
CVE-2019-0621	2019-03-05 23h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0661, CVE-2019-0663.	5.5	Medium
CVE-2019-0623	2019-03-05 23h00 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.	7.8	High
CVE-2019-0625	2019-03-05 23h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599.	7.8	High
CVE-2019-0628	2019-03-05 23h00 +00:00	An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-0630	2019-03-05 23h00 +00:00	A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633.	8.8	High
CVE-2019-0633	2019-03-05 23h00 +00:00	A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630.	8.8	High
CVE-2019-0635	2019-03-05 23h00 +00:00	An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.	6.2	Medium
CVE-2019-0636	2019-03-05 23h00 +00:00	An information vulnerability exists when Windows improperly discloses file information, aka 'Windows Information Disclosure Vulnerability'.	5.5	Medium
CVE-2019-0657	2019-03-05 23h00 +00:00	A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.	5.9	Medium
CVE-2019-0660	2019-03-05 23h00 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0664.	6.5	Medium
CVE-2019-0661	2019-03-05 23h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0621, CVE-2019-0663.	5.5	Medium
CVE-2019-0662	2019-03-05 23h00 +00:00	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0618.	8.8	High
CVE-2019-0663	2019-03-05 23h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0621, CVE-2019-0661.	5.5	Medium
CVE-2019-0664	2019-03-05 23h00 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660.	6.5	Medium
CVE-2019-0543	2019-01-08 21h00 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7.8	High
CVE-2019-0536	2019-01-08 20h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0549, CVE-2019-0554, CVE-2019-0569.	5.5	Medium
CVE-2019-0538	2019-01-08 20h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.	7.8	High
CVE-2019-0545	2019-01-08 20h00 +00:00	An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.	7.5	High
CVE-2019-0549	2019-01-08 20h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0554, CVE-2019-0569.	5.5	Medium
CVE-2019-0554	2019-01-08 20h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0569.	5.5	Medium
CVE-2019-0569	2019-01-08 20h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0554.	5.5	Medium
CVE-2019-0575	2019-01-08 20h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.	7.8	High
CVE-2019-0576	2019-01-08 20h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.	7.8	High
CVE-2019-0577	2019-01-08 20h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.	7.8	High
CVE-2019-0578	2019-01-08 20h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.	7.8	High
CVE-2019-0579	2019-01-08 20h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.	7.8	High
CVE-2019-0580	2019-01-08 20h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.	7.8	High
CVE-2019-0581	2019-01-08 20h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.	7.8	High
CVE-2019-0582	2019-01-08 20h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0583, CVE-2019-0584.	7.8	High
CVE-2019-0583	2019-01-08 20h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0584.	7.8	High
CVE-2019-0584	2019-01-08 20h00 +00:00	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583.	7.8	High
CVE-2018-18999	2018-12-19 17h00 +00:00	WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.	7.3	High
CVE-2018-8611	2018-12-12 00h00 +00:00	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7.8	High
CVE-2018-8477	2018-12-11 23h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8621, CVE-2018-8622.	5.5	Medium
CVE-2018-8514	2018-12-11 23h00 +00:00	An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka "Remote Procedure Call runtime Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.5	Medium
CVE-2018-8517	2018-12-11 23h00 +00:00	A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.	7.5	High
CVE-2018-8540	2018-12-11 23h00 +00:00	A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2.	9.8	Critical
CVE-2018-8595	2018-12-11 23h00 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8596.	6.5	Medium
CVE-2018-8596	2018-12-11 23h00 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8595.	6.5	Medium
CVE-2018-8621	2018-12-11 23h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8622.	5.5	Medium
CVE-2018-8622	2018-12-11 23h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8621.	5.5	Medium
CVE-2018-8639	2018-12-11 23h00 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8641.	7.8	High
CVE-2018-8641	2018-12-11 23h00 +00:00	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8639.	7.8	High
CVE-2018-8643	2018-12-11 23h00 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.	7.5	High
CVE-2018-8589	2018-11-14 01h00 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.	7.8	High
CVE-2018-8256	2018-11-14 00h00 +00:00	A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1.	8.8	High
CVE-2018-8407	2018-11-14 00h00 +00:00	An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.5	Medium
CVE-2018-8408	2018-11-14 00h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.5	Medium
CVE-2018-8415	2018-11-14 00h00 +00:00	A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7.8	High
CVE-2018-8450	2018-11-14 00h00 +00:00	A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	8.8	High
CVE-2018-8476	2018-11-14 00h00 +00:00	A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers.	9.8	Critical
CVE-2018-8552	2018-11-14 00h00 +00:00	An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.	7.5	High
CVE-2018-8553	2018-11-14 00h00 +00:00	A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10.	7.8	High
CVE-2018-8562	2018-11-14 00h00 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7.8	High
CVE-2018-8563	2018-11-14 00h00 +00:00	An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2008 R2.	5.5	Medium
CVE-2018-8565	2018-11-14 00h00 +00:00	An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.5	Medium
CVE-2018-17612	2018-11-09 20h00 +00:00	Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted.	7.5	High
CVE-2018-8453	2018-10-10 13h00 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7.8	High
CVE-2018-8330	2018-10-10 11h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.5	Medium
CVE-2018-8333	2018-10-10 11h00 +00:00	An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka "Microsoft Filter Manager Elevation Of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7	High
CVE-2018-8411	2018-10-10 11h00 +00:00	An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7.8	High
CVE-2018-8413	2018-10-10 11h00 +00:00	A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7.8	High
CVE-2018-8432	2018-10-10 11h00 +00:00	A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.	7.8	High
CVE-2018-8460	2018-10-10 11h00 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8491.	7.5	High
CVE-2018-8472	2018-10-10 11h00 +00:00	An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.5	Medium
CVE-2018-8481	2018-10-10 11h00 +00:00	An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8482.	3.1	Low
CVE-2018-8482	2018-10-10 11h00 +00:00	An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8481.	3.1	Low
CVE-2018-8486	2018-10-10 11h00 +00:00	An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.5	Medium
CVE-2018-8489	2018-10-10 11h00 +00:00	A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8490.	8.4	High
CVE-2018-8491	2018-10-10 11h00 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8460.	7.5	High
CVE-2018-8494	2018-10-10 11h00 +00:00	A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	8.8	High
CVE-2018-8440	2018-09-13 00h00 +00:00	An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7.8	High
CVE-2018-8271	2018-09-12 22h00 +00:00	An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.5	Medium
CVE-2018-8315	2018-09-12 22h00 +00:00	An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.	4.2	Medium
CVE-2018-8392	2018-09-12 22h00 +00:00	A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393.	7.8	High
CVE-2018-8393	2018-09-12 22h00 +00:00	A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8392.	7.8	High
CVE-2018-8421	2018-09-12 22h00 +00:00	A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0.	9.8	Critical
CVE-2018-8424	2018-09-12 22h00 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8422.	6.5	Medium
CVE-2018-8433	2018-09-12 22h00 +00:00	An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	4.7	Medium
CVE-2018-8442	2018-09-12 22h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446.	5.5	Medium
CVE-2018-8443	2018-09-12 22h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8445, CVE-2018-8446.	5.5	Medium
CVE-2018-8446	2018-09-12 22h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445.	5.5	Medium
CVE-2018-8447	2018-09-12 22h00 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8461.	7.5	High
CVE-2018-8452	2018-09-12 22h00 +00:00	An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.	4.3	Medium
CVE-2018-8457	2018-09-12 22h00 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8459.	7.5	High
CVE-2018-8468	2018-09-12 22h00 +00:00	An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	4.7	Medium
CVE-2018-8475	2018-09-12 22h00 +00:00	A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	8.8	High
CVE-2018-5391	2018-09-06 19h00 +00:00	The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.	7.5	High
CVE-2018-8373	2018-08-15 17h00 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.	7.5	High
CVE-2018-8316	2018-08-15 15h00 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 11, Internet Explorer 10.	7.5	High
CVE-2018-8339	2018-08-15 15h00 +00:00	An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows Installer Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7	High
CVE-2018-8341	2018-08-15 15h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8348.	4.7	Medium
CVE-2018-8342	2018-08-15 15h00 +00:00	An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8343.	7.8	High
CVE-2018-8343	2018-08-15 15h00 +00:00	An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8342.	7.8	High
CVE-2018-8344	2018-08-15 15h00 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	8.8	High
CVE-2018-8345	2018-08-15 15h00 +00:00	A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8346.	7.5	High
CVE-2018-8346	2018-08-15 15h00 +00:00	A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345.	8.8	High
CVE-2018-8348	2018-08-15 15h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8341.	4.7	Medium
CVE-2018-8349	2018-08-15 15h00 +00:00	A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	8.8	High
CVE-2018-8351	2018-08-15 15h00 +00:00	An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.	6.5	Medium
CVE-2018-8353	2018-08-15 15h00 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.	7.5	High
CVE-2018-8355	2018-08-15 15h00 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.	7.5	High
CVE-2018-8360	2018-08-15 15h00 +00:00	An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.	7.5	High
CVE-2018-8371	2018-08-15 15h00 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.	7.5	High
CVE-2018-8372	2018-08-15 15h00 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.	7.5	High
CVE-2018-8385	2018-08-15 15h00 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8389, CVE-2018-8390.	7.5	High
CVE-2018-8389	2018-08-15 15h00 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8390.	7.5	High
CVE-2018-8394	2018-08-15 15h00 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8396, CVE-2018-8398.	6.5	Medium
CVE-2018-8396	2018-08-15 15h00 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8394, CVE-2018-8398.	4.7	Medium
CVE-2018-8397	2018-08-15 15h00 +00:00	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka "GDI+ Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.	8.8	High
CVE-2018-8398	2018-08-15 15h00 +00:00	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8394, CVE-2018-8396.	6.5	Medium
CVE-2018-8403	2018-08-15 15h00 +00:00	A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.	7.5	High
CVE-2018-8404	2018-08-15 15h00 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8399.	7	High
CVE-2018-0949	2018-07-10 22h00 +00:00	A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.	6.5	Medium
CVE-2018-8202	2018-07-10 22h00 +00:00	An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.	7.8	High
CVE-2018-8206	2018-07-10 22h00 +00:00	A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections, aka "Windows FTP Server Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7.5	High
CVE-2018-8242	2018-07-10 22h00 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.	7.5	High
CVE-2018-8260	2018-07-10 22h00 +00:00	A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2.	8.8	High
CVE-2018-8284	2018-07-10 22h00 +00:00	A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.	8.1	High
CVE-2018-8287	2018-07-10 22h00 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.	7.5	High
CVE-2018-8288	2018-07-10 22h00 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.	7.5	High
CVE-2018-8291	2018-07-10 22h00 +00:00	A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298.	7.5	High
CVE-2018-8296	2018-07-10 22h00 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8298.	7.5	High
CVE-2018-8304	2018-07-10 22h00 +00:00	A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.9	Medium
CVE-2018-8307	2018-07-10 22h00 +00:00	A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.3	Medium
CVE-2018-8308	2018-07-10 22h00 +00:00	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	6.6	Medium
CVE-2018-8309	2018-07-10 22h00 +00:00	A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.5	Medium
CVE-2018-8314	2018-07-10 22h00 +00:00	An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313.	4.7	Medium
CVE-2018-8356	2018-07-10 22h00 +00:00	A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.	5.5	Medium
CVE-2018-0978	2018-06-14 10h00 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8249.	7.5	High
CVE-2018-1036	2018-06-14 10h00 +00:00	An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7	High
CVE-2018-8169	2018-06-14 10h00 +00:00	An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka "HIDParser Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7	High
CVE-2018-8205	2018-06-14 10h00 +00:00	A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.5	Medium
CVE-2018-8224	2018-06-14 10h00 +00:00	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.	7	High
CVE-2018-8249	2018-06-14 10h00 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0978.	7.5	High
CVE-2018-8251	2018-06-14 10h00 +00:00	A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka "Media Foundation Memory Corruption Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7.5	High
CVE-2018-8267	2018-06-14 10h00 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8243.	7.5	High
CVE-2018-3639	2018-05-22 12h00 +00:00	Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.	5.5	Medium
CVE-2018-8120	2018-05-09 19h00 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.	7	High
CVE-2018-8174	2018-05-09 19h00 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7.5	High
CVE-2018-0765	2018-05-09 17h00 +00:00	A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.	7.5	High
CVE-2018-0824	2018-05-09 17h00 +00:00	A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	8.8	High
CVE-2018-0959	2018-05-09 17h00 +00:00	A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7.6	High
CVE-2018-1039	2018-05-09 17h00 +00:00	A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.	7.8	High
CVE-2018-8127	2018-05-09 17h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141.	5.5	Medium
CVE-2018-8136	2018-05-09 17h00 +00:00	A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7.8	High
CVE-2018-8145	2018-05-09 17h00 +00:00	An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.	7.5	High
CVE-2018-8164	2018-05-09 17h00 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8166.	7.8	High
CVE-2018-8166	2018-05-09 17h00 +00:00	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8164.	7	High
CVE-2018-8167	2018-05-09 17h00 +00:00	An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7	High
CVE-2018-8118	2018-04-19 14h00 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10.	7.5	High
CVE-2018-0887	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.	5.5	Medium
CVE-2018-0960	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.	5.5	Medium
CVE-2018-0967	2018-04-11 23h00 +00:00	A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.3	Medium
CVE-2018-0968	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.	5.5	Medium
CVE-2018-0969	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.	5.5	Medium
CVE-2018-0970	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.	5.5	Medium
CVE-2018-0971	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.	5.5	Medium
CVE-2018-0972	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.	5.5	Medium
CVE-2018-0973	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0974, CVE-2018-0975.	5.5	Medium
CVE-2018-0974	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0975.	5.5	Medium
CVE-2018-0975	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974.	5.5	Medium
CVE-2018-0976	2018-04-11 23h00 +00:00	A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.3	Medium
CVE-2018-0981	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0987, CVE-2018-0989, CVE-2018-1000.	5.3	Medium
CVE-2018-0987	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0989, CVE-2018-1000.	4.3	Medium
CVE-2018-0988	2018-04-11 23h00 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0996, CVE-2018-1001.	7.5	High
CVE-2018-0989	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-1000.	4.3	Medium
CVE-2018-0991	2018-04-11 23h00 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020.	7.5	High
CVE-2018-0996	2018-04-11 23h00 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-1001.	7.5	High
CVE-2018-0997	2018-04-11 23h00 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-1018, CVE-2018-1020.	7.5	High
CVE-2018-1000	2018-04-11 23h00 +00:00	An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-0989.	5.3	Medium
CVE-2018-1001	2018-04-11 23h00 +00:00	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-0996.	7.5	High
CVE-2018-1003	2018-04-11 23h00 +00:00	A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10.	7.8	High
CVE-2018-1004	2018-04-11 23h00 +00:00	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10.	8.8	High
CVE-2018-1008	2018-04-11 23h00 +00:00	An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	7	High
CVE-2018-1010	2018-04-11 23h00 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016.	8.8	High
CVE-2018-1012	2018-04-11 23h00 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016.	8.8	High
CVE-2018-1013	2018-04-11 23h00 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1015, CVE-2018-1016.	8.8	High
CVE-2018-1015	2018-04-11 23h00 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1016.	8.8	High
CVE-2018-1016	2018-04-11 23h00 +00:00	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015.	8.8	High
CVE-2018-1018	2018-04-11 23h00 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1020.	7.5	High
CVE-2018-1020	2018-04-11 23h00 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018.	7.5	High
CVE-2018-8116	2018-04-11 23h00 +00:00	A denial of service vulnerability exists in the way that Windows handles objects in memory, aka "Microsoft Graphics Component Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.	5.5	Medium
CVE-2018-0986	2018-04-04 15h00 +00:00	A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.	8.8	High
CVE-2018-1038	2018-04-02 13h00 +00:00	The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability."	7.8	High
CVE-2018-0811	2018-03-14 17h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.	5.5	Medium
CVE-2018-0813	2018-03-14 17h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.	5.5	Medium
CVE-2018-0814	2018-03-14 17h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.	5.5	Medium
CVE-2018-0815	2018-03-14 17h00 +00:00	The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0816, and CVE-2018-0817.	7	High
CVE-2018-0816	2018-03-14 17h00 +00:00	The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0817.	7	High
CVE-2018-0817	2018-03-14 17h00 +00:00	The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0816.	7	High
CVE-2018-0868	2018-03-14 17h00 +00:00	Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how input is sanitized, aka "Windows Installer Elevation of Privilege Vulnerability".	7	High
CVE-2018-0878	2018-03-14 17h00 +00:00	Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".	3.1	Low
CVE-2018-0881	2018-03-14 17h00 +00:00	The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka "Microsoft Video Control Elevation of Privilege Vulnerability".	7	High
CVE-2018-0883	2018-03-14 17h00 +00:00	Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka "Windows Shell Remote Code Execution Vulnerability".	7.5	High
CVE-2018-0885	2018-03-14 17h00 +00:00	The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka "Hyper-V Denial of Service Vulnerability".	5.8	Medium
CVE-2018-0886	2018-03-14 17h00 +00:00	The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".	7	High
CVE-2018-0888	2018-03-14 17h00 +00:00	The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how guest operating system input is validated, aka "Hyper-V Information Disclosure Vulnerability".	5.6	Medium
CVE-2018-0889	2018-03-14 17h00 +00:00	Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935.	7.5	High
CVE-2018-0891	2018-03-14 17h00 +00:00	ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0939.	4.3	Medium
CVE-2018-0894	2018-03-14 17h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.	4.7	Medium
CVE-2018-0895	2018-03-14 17h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.	4.7	Medium
CVE-2018-0896	2018-03-14 17h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.	4.7	Medium
CVE-2018-0897	2018-03-14 17h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.	4.7	Medium
CVE-2018-0898	2018-03-14 17h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.	4.7	Medium
CVE-2018-0899	2018-03-14 17h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.	4.7	Medium
CVE-2018-0900	2018-03-14 17h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0901 and CVE-2018-0926.	4.7	Medium
CVE-2018-0901	2018-03-14 17h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0926.	4.7	Medium
CVE-2018-0904	2018-03-14 17h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure vulnerability due to how memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability".	4.7	Medium
CVE-2018-0926	2018-03-14 17h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901.	5.5	Medium
CVE-2018-0927	2018-03-14 17h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".	4.3	Medium
CVE-2018-0929	2018-03-14 17h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".	4.3	Medium
CVE-2018-0932	2018-03-14 17h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".	4.3	Medium
CVE-2018-0935	2018-03-14 17h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0925.	7.5	High
CVE-2018-0942	2018-03-14 17h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka "Internet Explorer Elevation of Privilege Vulnerability".	2.6	Low
CVE-2018-0742	2018-02-15 02h00 +00:00	The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0756. CVE-2018-0809, CVE-2018-0820 and CVE-2018-0843.	7.8	High
CVE-2018-0755	2018-02-15 02h00 +00:00	The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0760, CVE-2018-0761, and CVE-2018-0855.	5.5	Medium
CVE-2018-0757	2018-02-15 02h00 +00:00	The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0810.	4.7	Medium
CVE-2018-0760	2018-02-15 02h00 +00:00	The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0755, CVE-2018-0761, and CVE-2018-0855.	5.5	Medium
CVE-2018-0761	2018-02-15 02h00 +00:00	The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0855.	5.5	Medium
CVE-2018-0810	2018-02-15 02h00 +00:00	The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0757.	4.7	Medium
CVE-2018-0825	2018-02-15 02h00 +00:00	StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how objects are handled in memory, aka "StructuredQuery Remote Code Execution Vulnerability".	7.5	High
CVE-2018-0829	2018-02-15 02h00 +00:00	The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0830 and CVE-2018-0832.	4.7	Medium
CVE-2018-0830	2018-02-15 02h00 +00:00	The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0832.	4.7	Medium
CVE-2018-0840	2018-02-15 02h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.	7.5	High
CVE-2018-0842	2018-02-15 02h00 +00:00	Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability".	7	High
CVE-2018-0844	2018-02-15 02h00 +00:00	The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0846.	7.8	High
CVE-2018-0846	2018-02-15 02h00 +00:00	The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0844.	7.8	High
CVE-2018-0847	2018-02-15 02h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".	4.3	Medium
CVE-2018-0855	2018-02-15 02h00 +00:00	The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0761.	4.3	Medium
CVE-2018-0866	2018-02-15 02h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0861.	7.5	High
CVE-2018-0820	2018-02-15 01h00 +00:00	The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0843.	7.8	High
CVE-2018-0764	2018-01-10 01h00 +00:00	Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.	7.5	High
CVE-2018-0786	2018-01-10 01h00 +00:00	Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."	7.5	High
CVE-2018-0741	2018-01-04 14h00 +00:00	The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Microsoft Color Management Information Disclosure Vulnerability".	5.3	Medium
CVE-2018-0747	2018-01-04 14h00 +00:00	The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746.	4.7	Medium
CVE-2018-0748	2018-01-04 14h00 +00:00	The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability".	7.8	High
CVE-2018-0749	2018-01-04 14h00 +00:00	The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka "Windows Elevation of Privilege Vulnerability".	7.8	High
CVE-2018-0750	2018-01-04 14h00 +00:00	The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".	5.5	Medium
CVE-2018-0754	2018-01-04 14h00 +00:00	The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability".	5.5	Medium
CVE-2018-0762	2018-01-04 14h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.	7.5	High
CVE-2018-0772	2018-01-04 14h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.	7.5	High
CVE-2018-0788	2018-01-04 14h00 +00:00	The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability".	7	High
CVE-2017-11885	2017-12-12 21h00 +00:00	Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".	6.6	Medium
CVE-2017-11886	2017-12-12 21h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.	7.5	High
CVE-2017-11887	2017-12-12 21h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919.	5.3	Medium
CVE-2017-11890	2017-12-12 21h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.	7.5	High
CVE-2017-11894	2017-12-12 21h00 +00:00	ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.	7.5	High
CVE-2017-11895	2017-12-12 21h00 +00:00	ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.	7.5	High
CVE-2017-11901	2017-12-12 21h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.	7.5	High
CVE-2017-11903	2017-12-12 21h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.	7.5	High
CVE-2017-11906	2017-12-12 21h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919.	5.3	Medium
CVE-2017-11907	2017-12-12 21h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.	7.5	High
CVE-2017-11912	2017-12-12 21h00 +00:00	ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.	7.5	High
CVE-2017-11913	2017-12-12 21h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.	7.5	High
CVE-2017-11919	2017-12-12 21h00 +00:00	ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.	5.3	Medium
CVE-2017-11927	2017-12-12 21h00 +00:00	Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability".	6.5	Medium
CVE-2017-11930	2017-12-12 21h00 +00:00	ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916.	7.5	High
CVE-2017-11768	2017-11-15 03h00 +00:00	Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability."	2.5	Low
CVE-2017-11788	2017-11-15 03h00 +00:00	Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability".	7.5	High
CVE-2017-11791	2017-11-15 03h00 +00:00	ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834.	3.1	Low
CVE-2017-11827	2017-11-15 03h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability".	7.5	High
CVE-2017-11831	2017-11-15 03h00 +00:00	Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11880.	4.7	Medium
CVE-2017-11832	2017-11-15 03h00 +00:00	The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-11835.	4.7	Medium
CVE-2017-11834	2017-11-15 03h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11791.	5.3	Medium
CVE-2017-11835	2017-11-15 03h00 +00:00	Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832.	5.5	Medium
CVE-2017-11837	2017-11-15 03h00 +00:00	ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.	7.5	High
CVE-2017-11838	2017-11-15 03h00 +00:00	ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.	7.5	High
CVE-2017-11843	2017-11-15 03h00 +00:00	ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.	7.5	High
CVE-2017-11846	2017-11-15 03h00 +00:00	ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.	7.5	High
CVE-2017-11851	2017-11-15 03h00 +00:00	The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11853.	4.7	Medium
CVE-2017-11852	2017-11-15 03h00 +00:00	Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability".	4.7	Medium
CVE-2017-11855	2017-11-15 03h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11856.	7.5	High
CVE-2017-11856	2017-11-15 03h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11855.	7.5	High
CVE-2017-11858	2017-11-15 03h00 +00:00	ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.	7.5	High
CVE-2017-11869	2017-11-15 03h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.	7.5	High
CVE-2017-11880	2017-11-15 03h00 +00:00	Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11831.	4.7	Medium
CVE-2017-11762	2017-10-13 13h00 +00:00	The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-11763.	8.8	High
CVE-2017-11763	2017-10-13 13h00 +00:00	The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-11763.	8.8	High
CVE-2017-11765	2017-10-13 13h00 +00:00	The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11784, CVE-2017-11785, and CVE-2017-11814.	5.5	Medium
CVE-2017-11771	2017-10-13 13h00 +00:00	The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows Search Remote Code Execution Vulnerability".	9.8	Critical
CVE-2017-11772	2017-10-13 13h00 +00:00	The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to properly handle objects in memory, aka "Microsoft Search Information Disclosure Vulnerability".	7.5	High
CVE-2017-11780	2017-10-13 13h00 +00:00	The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka "Windows SMB Remote Code Execution Vulnerability".	7	High
CVE-2017-11781	2017-10-13 13h00 +00:00	The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability".	7.5	High
CVE-2017-11784	2017-10-13 13h00 +00:00	The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11785, and CVE-2017-11814.	5.5	Medium
CVE-2017-11785	2017-10-13 13h00 +00:00	The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11814.	5.5	Medium
CVE-2017-11790	2017-10-13 13h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".	4.3	Medium
CVE-2017-11793	2017-10-13 13h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.	7.5	High
CVE-2017-11813	2017-10-13 13h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11822.	7.5	High
CVE-2017-11814	2017-10-13 13h00 +00:00	The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785.	5.5	Medium
CVE-2017-11815	2017-10-13 13h00 +00:00	The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka "Windows SMB Information Disclosure Vulnerability".	5.3	Medium
CVE-2017-11816	2017-10-13 13h00 +00:00	The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Windows GDI Information Disclosure Vulnerability".	5.5	Medium
CVE-2017-11817	2017-10-13 13h00 +00:00	The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly validates objects in memory, aka "Windows Information Disclosure Vulnerability".	4.7	Medium
CVE-2017-11822	2017-10-13 13h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11813.	7.5	High
CVE-2017-11824	2017-10-13 13h00 +00:00	The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability".	7	High
CVE-2017-8689	2017-10-13 13h00 +00:00	The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8694.	7	High
CVE-2017-8694	2017-10-13 13h00 +00:00	The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8689.	7	High
CVE-2017-8717	2017-10-13 13h00 +00:00	The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8718.	7.8	High
CVE-2017-8718	2017-10-13 13h00 +00:00	The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8717.	7.8	High
CVE-2017-8727	2017-10-13 13h00 +00:00	Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Windows Text Services Framework handles objects in memory, aka "Windows Shell Memory Corruption Vulnerability".	7.5	High
CVE-2017-0161	2017-09-13 01h00 +00:00	The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability".	8.1	High
CVE-2017-8675	2017-09-13 01h00 +00:00	The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".. This CVE ID is unique from CVE-2017-8720.	7	High
CVE-2017-8676	2017-09-13 01h00 +00:00	The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability."	3.3	Low
CVE-2017-8677	2017-09-13 01h00 +00:00	The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.	5.5	Medium
CVE-2017-8678	2017-09-13 01h00 +00:00	The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.	5.5	Medium
CVE-2017-8679	2017-09-13 01h00 +00:00	The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8719.	5.5	Medium
CVE-2017-8680	2017-09-13 01h00 +00:00	The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687.	5.5	Medium
CVE-2017-8681	2017-09-13 01h00 +00:00	The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687.	5.5	Medium
CVE-2017-8682	2017-09-13 01h00 +00:00	Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683.	8.8	High
CVE-2017-8683	2017-09-13 01h00 +00:00	Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8682.	5.5	Medium
CVE-2017-8684	2017-09-13 01h00 +00:00	Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8685 and CVE-2017-8688.	5.5	Medium
CVE-2017-8685	2017-09-13 01h00 +00:00	Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688.	5.5	Medium
CVE-2017-8687	2017-09-13 01h00 +00:00	The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681.	5.5	Medium
CVE-2017-8688	2017-09-13 01h00 +00:00	Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8685.	5.5	Medium
CVE-2017-8695	2017-09-13 01h00 +00:00	Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability."	5.3	Medium
CVE-2017-8699	2017-09-13 01h00 +00:00	Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to the way that Windows Shell validates file copy destinations, aka "Windows Shell Remote Code Execution Vulnerability".	7	High
CVE-2017-8707	2017-09-13 01h00 +00:00	The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713.	5.3	Medium
CVE-2017-8708	2017-09-13 01h00 +00:00	The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719.	4.7	Medium
CVE-2017-8709	2017-09-13 01h00 +00:00	The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719.	4.7	Medium
CVE-2017-8710	2017-09-13 01h00 +00:00	The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability".	5.5	Medium
CVE-2017-8719	2017-09-13 01h00 +00:00	The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679.	4.7	Medium
CVE-2017-8720	2017-09-13 01h00 +00:00	The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8675.	7.8	High
CVE-2017-8728	2017-09-13 01h00 +00:00	Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8737.	7.5	High
CVE-2017-8733	2017-09-13 01h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka "Internet Explorer Spoofing Vulnerability".	4.3	Medium
CVE-2017-8736	2017-09-13 01h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability".	4.3	Medium
CVE-2017-8741	2017-09-13 01h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.	7.5	High
CVE-2017-8747	2017-09-13 01h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8749.	7.5	High
CVE-2017-8748	2017-09-13 01h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.	7.5	High
CVE-2017-8749	2017-09-13 01h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8747.	7.5	High
CVE-2017-8750	2017-09-13 01h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability".	7.5	High
CVE-2017-8759	2017-09-13 01h00 +00:00	Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."	7.8	High
CVE-2017-8696	2017-09-12 23h00 +00:00	Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution."	7.5	High
CVE-2017-0174	2017-08-08 21h00 +00:00	Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka "Windows NetBIOS Denial of Service Vulnerability".	6.5	Medium
CVE-2017-0250	2017-08-08 21h00 +00:00	Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability".	7.8	High
CVE-2017-0293	2017-08-08 21h00 +00:00	Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability".	7.5	High
CVE-2017-8593	2017-08-08 21h00 +00:00	Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".	7	High
CVE-2017-8620	2017-08-08 21h00 +00:00	Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability".	8.1	High
CVE-2017-8624	2017-08-08 21h00 +00:00	CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".	7.8	High
CVE-2017-8633	2017-08-08 21h00 +00:00	Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability".	7.5	High
CVE-2017-8635	2017-08-08 21h00 +00:00	Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.	7.5	High
CVE-2017-8636	2017-08-08 21h00 +00:00	Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.	7.5	High
CVE-2017-8641	2017-08-08 21h00 +00:00	Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.	7.5	High
CVE-2017-8653	2017-08-08 21h00 +00:00	Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly accessing objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8669.	7.5	High
CVE-2017-8666	2017-08-08 21h00 +00:00	Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability".	5.5	Medium
CVE-2017-8668	2017-08-08 21h00 +00:00	The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability".	5.5	Medium
CVE-2017-8691	2017-08-08 21h00 +00:00	Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacker to execute code remotely on a target system when the Windows font library fails to properly handle specially crafted embedded fonts, aka "Express Compressed Fonts Remote Code Execution Vulnerability."	8.8	High
CVE-2017-0170	2017-07-11 21h00 +00:00	Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability".	6.5	Medium
CVE-2017-8463	2017-07-11 21h00 +00:00	Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka "Windows Explorer Remote Code Execution Vulnerability".	7.8	High
CVE-2017-8467	2017-07-11 21h00 +00:00	Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability".	7	High
CVE-2017-8486	2017-07-11 21h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k Information Disclosure Vulnerability".	4.7	Medium
CVE-2017-8495	2017-07-11 21h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability" or Orpheus' Lyre.	7.5	High
CVE-2017-8556	2017-07-11 21h00 +00:00	Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574.	7	High
CVE-2017-8557	2017-07-11 21h00 +00:00	Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability".	5.5	Medium
CVE-2017-8561	2017-07-11 21h00 +00:00	Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".	7	High
CVE-2017-8563	2017-07-11 21h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability".	8.1	High
CVE-2017-8564	2017-07-11 21h00 +00:00	Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability".	5.5	Medium
CVE-2017-8565	2017-07-11 21h00 +00:00	Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka "Windows PowerShell Remote Code Execution Vulnerability".	8.1	High
CVE-2017-8573	2017-07-11 21h00 +00:00	Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8574 and CVE-2017-8556.	7	High
CVE-2017-8577	2017-07-11 21h00 +00:00	Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467.	7	High
CVE-2017-8578	2017-07-11 21h00 +00:00	Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467.	7.8	High
CVE-2017-8580	2017-07-11 21h00 +00:00	Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467.	7	High
CVE-2017-8581	2017-07-11 21h00 +00:00	Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467.	7	High
CVE-2017-8582	2017-07-11 21h00 +00:00	HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when the component improperly handles objects in memory, aka "Https.sys Information Disclosure Vulnerability".	5.9	Medium
CVE-2017-8587	2017-07-11 21h00 +00:00	Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 allows a denial of service vulnerability when it attempts to open a non-existent file, aka "Windows Explorer Denial of Service Vulnerability".	6.5	Medium
CVE-2017-8588	2017-07-11 21h00 +00:00	Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially crafted files, aka "WordPad Remote Code Execution Vulnerability".	7	High
CVE-2017-8589	2017-07-11 21h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability".	9.8	Critical
CVE-2017-8590	2017-07-11 21h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".	8.8	High
CVE-2017-8592	2017-07-11 21h00 +00:00	Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass".	6.5	Medium
CVE-2017-8602	2017-07-11 21h00 +00:00	Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability."	6.5	Medium
CVE-2017-8606	2017-07-11 21h00 +00:00	Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609	7.5	High
CVE-2017-8607	2017-07-11 21h00 +00:00	Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609	7.5	High
CVE-2017-8618	2017-07-11 21h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609.	7.5	High
CVE-2017-8554	2017-06-29 11h00 +00:00	The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application.	4.7	Medium
CVE-2017-8464	2017-06-15 01h00 +00:00	Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."	8.8	High
CVE-2017-8543	2017-06-15 01h00 +00:00	Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".	9.8	Critical
CVE-2017-0193	2017-06-14 23h00 +00:00	Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability".	7.8	High
CVE-2017-0260	2017-06-14 23h00 +00:00	A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506.	7.8	High
CVE-2017-0282	2017-06-14 23h00 +00:00	Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0284, CVE-2017-0285, and CVE-2017-8534.	5	Medium
CVE-2017-0283	2017-06-14 23h00 +00:00	Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.	8.8	High
CVE-2017-0284	2017-06-14 23h00 +00:00	Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0285, and CVE-2017-8534.	5	Medium
CVE-2017-0285	2017-06-14 23h00 +00:00	Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft Office Word Viewer allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-8534.	5	Medium
CVE-2017-0286	2017-06-14 23h00 +00:00	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.	5	Medium
CVE-2017-0287	2017-06-14 23h00 +00:00	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.	5	Medium
CVE-2017-0288	2017-06-14 23h00 +00:00	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.	5	Medium
CVE-2017-0289	2017-06-14 23h00 +00:00	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.	5	Medium
CVE-2017-0294	2017-06-14 23h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute remote code when Windows fails to properly handle cabinet files, aka "Windows Remote Code Execution Vulnerability".	7.8	High
CVE-2017-0296	2017-06-14 23h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows TDX Elevation of Privilege Vulnerability".	7.8	High
CVE-2017-0297	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300.	5	Medium
CVE-2017-0298	2017-06-14 23h00 +00:00	A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka "Windows COM Session Elevation of Privilege Vulnerability."	7.3	High
CVE-2017-0299	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, and CVE-2017-0297.	5	Medium
CVE-2017-0300	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8462	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8469	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5.5	Medium
CVE-2017-8470	2017-06-14 23h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.	5	Medium
CVE-2017-8471	2017-06-14 23h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.	5	Medium
CVE-2017-8472	2017-06-14 23h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.	5	Medium
CVE-2017-8473	2017-06-14 23h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.	5	Medium
CVE-2017-8474	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8475	2017-06-14 23h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477, and CVE-2017-8484.	5	Medium
CVE-2017-8476	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8477	2017-06-14 23h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484.	5	Medium
CVE-2017-8478	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8479	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8480	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8481	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8482	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8483	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8484	2017-06-14 23h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477.	5	Medium
CVE-2017-8485	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8488	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8489	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8490	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8491	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8492	2017-06-14 23h00 +00:00	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	5	Medium
CVE-2017-8519	2017-06-14 23h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8547.	7.5	High
CVE-2017-8524	2017-06-14 23h00 +00:00	Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8522.	7.5	High
CVE-2017-8527	2017-06-14 23h00 +00:00	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability".	8.8	High
CVE-2017-8528	2017-06-14 23h00 +00:00	Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0283.	8.8	High
CVE-2017-8529	2017-06-14 23h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".	6.5	Medium
CVE-2017-8531	2017-06-14 23h00 +00:00	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8532, and CVE-2017-8533.	6.5	Medium
CVE-2017-8532	2017-06-14 23h00 +00:00	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533.	6.5	Medium
CVE-2017-8533	2017-06-14 23h00 +00:00	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532.	6.5	Medium
CVE-2017-8534	2017-06-14 23h00 +00:00	Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-0285.	6.5	Medium
CVE-2017-8544	2017-06-14 23h00 +00:00	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to obtain information to further compromise the user's system when Windows Search fails to handle objects in memory, aka "Windows Search Information Disclosure Vulnerability".	5.5	Medium
CVE-2017-8547	2017-06-14 23h00 +00:00	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8519.	7.5	High
CVE-2017-8552	2017-06-14 23h00 +00:00	A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of privilege when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE is unique from CVE-2017-0263.	7.8	High
CVE-2017-8553	2017-06-14 23h00 +00:00	An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability".	4.7	Medium
CVE-2017-8540	2017-05-26 20h00 +00:00	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.	7.8	High
CVE-2017-8535	2017-05-26 18h00 +00:00	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.	5.5	Medium
CVE-2017-8536	2017-05-26 18h00 +00:00	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.	5.5	Medium
CVE-2017-8537	2017-05-26 18h00 +00:00	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.	5.5	Medium
CVE-2017-8538	2017-05-26 18h00 +00:00	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541.	7.8	High
CVE-2017-8539	2017-05-26 18h00 +00:00	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542.	5.5	Medium
CVE-2017-8541	2017-05-26 18h00 +00:00	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540.	7.8	High
CVE-2017-8542	2017-05-26 18h00 +00:00	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539.	5.5	Medium
CVE-2017-0213	2017-05-12 14h00 +00:00	Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.	7.3	High
CVE-2017-0222	2017-05-12 14h00 +00:00	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226.	8.8	High
CVE-2017-0263	2017-05-12 14h00 +00:00	The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.8	High
CVE-2017-0077	2017-05-12 12h00 +00:00	The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow a local authenticated attacker to execute a specially crafted application to obtain information, or in Windows 7 and later, cause denial of service, aka "Win32k Information Disclosure Vulnerability."	7.8	High
CVE-2017-0171	2017-05-12 12h00 +00:00	Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer version queries, aka "Windows DNS Server Denial of Service Vulnerability".	5.9	Medium
CVE-2017-0175	2017-05-12 12h00 +00:00	The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0220, CVE-2017-0258, and CVE-2017-0259.	4.7	Medium
CVE-2017-0190	2017-05-12 12h00 +00:00	The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."	4.4	Medium
CVE-2017-0214	2017-05-12 12h00 +00:00	Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0213.	7	High
CVE-2017-0220	2017-05-12 12h00 +00:00	The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259.	4.7	Medium
CVE-2017-0242	2017-05-12 12h00 +00:00	An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability."	5.5	Medium
CVE-2017-0244	2017-05-12 12h00 +00:00	The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka "Windows Kernel Elevation of Privilege Vulnerability."	6.7	Medium
CVE-2017-0245	2017-05-12 12h00 +00:00	The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure Vulnerability."	4.7	Medium
CVE-2017-0246	2017-05-12 12h00 +00:00	The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka "Win32k Elevation of Privilege Vulnerability."	7	High
CVE-2017-0258	2017-05-12 12h00 +00:00	The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259.	4.7	Medium
CVE-2017-0267	2017-05-12 12h00 +00:00	Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.	5.9	Medium
CVE-2017-0268	2017-05-12 12h00 +00:00	Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.	5.9	Medium
CVE-2017-0269	2017-05-12 12h00 +00:00	The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280.	5.9	Medium
CVE-2017-0270	2017-05-12 12h00 +00:00	Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.	5.9	Medium
CVE-2017-0271	2017-05-12 12h00 +00:00	Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.	5.9	Medium
CVE-2017-0272	2017-05-12 12h00 +00:00	The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279.	8.1	High
CVE-2017-0273	2017-05-12 12h00 +00:00	The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280.	5.9	Medium
CVE-2017-0274	2017-05-12 12h00 +00:00	Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276.	5.9	Medium
CVE-2017-0275	2017-05-12 12h00 +00:00	Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0276.	5.9	Medium
CVE-2017-0276	2017-05-12 12h00 +00:00	Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0275.	5.9	Medium
CVE-2017-0277	2017-05-12 12h00 +00:00	The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279.	7	High
CVE-2017-0278	2017-05-12 12h00 +00:00	The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279.	7	High
CVE-2017-0279	2017-05-12 12h00 +00:00	The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278.	7	High
CVE-2017-0280	2017-05-12 12h00 +00:00	The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0273.	5.9	Medium
CVE-2017-0290	2017-05-09 04h03 +00:00	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability."	7.8	High
CVE-2017-0199	2017-04-12 14h00 +00:00	Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."	7.8	High
CVE-2017-0210	2017-04-12 14h00 +00:00	An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."	8.8	High
CVE-2017-0058	2017-04-12 12h00 +00:00	A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability."	4.7	Medium
CVE-2017-0155	2017-04-12 12h00 +00:00	The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Graphics Elevation of Privilege Vulnerability."	7	High
CVE-2017-0156	2017-04-12 12h00 +00:00	An elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability."	7	High
CVE-2017-0158	2017-04-12 12h00 +00:00	An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability."	7.5	High
CVE-2017-0163	2017-04-12 12h00 +00:00	A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181.	7.6	High
CVE-2017-0166	2017-04-12 12h00 +00:00	An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability."	8.1	High
CVE-2017-0168	2017-04-12 12h00 +00:00	An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0169.	5.8	Medium
CVE-2017-0180	2017-04-12 12h00 +00:00	A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0181.	7.6	High
CVE-2017-0181	2017-04-12 12h00 +00:00	A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180.	7.6	High
CVE-2017-0182	2017-04-12 12h00 +00:00	A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.	5.8	Medium
CVE-2017-0183	2017-04-12 12h00 +00:00	A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.	5.8	Medium
CVE-2017-0184	2017-04-12 12h00 +00:00	A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, and CVE-2017-0186.	5.4	Medium
CVE-2017-0191	2017-04-12 12h00 +00:00	A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability."	5.8	Medium
CVE-2017-0192	2017-04-12 12h00 +00:00	The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka "ATMFD.dll Information Disclosure Vulnerability."	4.3	Medium
CVE-2017-0001	2017-03-17 00h00 +00:00	The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047.	7.8	High
CVE-2017-0005	2017-03-17 00h00 +00:00	The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047.	7.8	High
CVE-2017-0022	2017-03-17 00h00 +00:00	Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."	6.5	Medium
CVE-2017-0059	2017-03-17 00h00 +00:00	Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.	4.3	Medium
CVE-2017-0143	2017-03-17 00h00 +00:00	The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.	8.8	High
CVE-2017-0144	2017-03-17 00h00 +00:00	The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.	8.8	High
CVE-2017-0145	2017-03-17 00h00 +00:00	The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.	8.8	High
CVE-2017-0146	2017-03-17 00h00 +00:00	The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.	8.8	High
CVE-2017-0147	2017-03-17 00h00 +00:00	The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."	7.5	High
CVE-2017-0148	2017-03-17 00h00 +00:00	The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.	8.1	High
CVE-2017-0149	2017-03-17 00h00 +00:00	Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037.	8.8	High
CVE-2017-0014	2017-03-16 23h00 +00:00	The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0108.	7.5	High
CVE-2017-0025	2017-03-16 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005, and CVE-2017-0047.	7.8	High
CVE-2017-0042	2017-03-16 23h00 +00:00	Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "Windows Media Player Information Disclosure Vulnerability."	3.1	Low
CVE-2017-0043	2017-03-16 23h00 +00:00	Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Federation Services Information Disclosure Vulnerability."	5.3	Medium
CVE-2017-0045	2017-03-16 23h00 +00:00	Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability."	5.5	Medium
CVE-2017-0047	2017-03-16 23h00 +00:00	The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005 and CVE-2017-0025.	7.8	High
CVE-2017-0050	2017-03-16 23h00 +00:00	The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."	7.8	High
CVE-2017-0055	2017-03-16 23h00 +00:00	Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft IIS Server XSS Elevation of Privilege Vulnerability."	6.1	Medium
CVE-2017-0056	2017-03-16 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082.	7.8	High
CVE-2017-0060	2017-03-16 23h00 +00:00	The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.	5.5	Medium
CVE-2017-0061	2017-03-16 23h00 +00:00	The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0063.	5.3	Medium
CVE-2017-0062	2017-03-16 23h00 +00:00	The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0073.	4.7	Medium
CVE-2017-0063	2017-03-16 23h00 +00:00	The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061.	6.5	Medium
CVE-2017-0072	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.	8.8	High
CVE-2017-0073	2017-03-16 23h00 +00:00	The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.	4.3	Medium
CVE-2017-0074	2017-03-16 23h00 +00:00	Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099.	5.4	Medium
CVE-2017-0075	2017-03-16 23h00 +00:00	Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0109.	7.6	High
CVE-2017-0076	2017-03-16 23h00 +00:00	Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0097, and CVE-2017-0099.	5.4	Medium
CVE-2017-0083	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.	8.8	High
CVE-2017-0084	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.	8.8	High
CVE-2017-0085	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0086	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.	8.8	High
CVE-2017-0087	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.	8.8	High
CVE-2017-0088	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."	8.8	High
CVE-2017-0089	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090.	8.8	High
CVE-2017-0090	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0089.	8.8	High
CVE-2017-0091	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0092	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0096	2017-03-16 23h00 +00:00	Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."	2.6	Low
CVE-2017-0097	2017-03-16 23h00 +00:00	Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0099.	5.4	Medium
CVE-2017-0099	2017-03-16 23h00 +00:00	Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0097.	5.4	Medium
CVE-2017-0100	2017-03-16 23h00 +00:00	A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows HelpPane Elevation of Privilege Vulnerability."	7.8	High
CVE-2017-0102	2017-03-16 23h00 +00:00	Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 let attackers with access to targets systems gain privileges when Windows fails to properly validate buffer lengths, aka "Windows Elevation of Privilege Vulnerability."	7.8	High
CVE-2017-0103	2017-03-16 23h00 +00:00	The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability."	7	High
CVE-2017-0104	2017-03-16 23h00 +00:00	The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability."	8.1	High
CVE-2017-0108	2017-03-16 23h00 +00:00	The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.	7.8	High
CVE-2017-0109	2017-03-16 23h00 +00:00	Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0075.	7.6	High
CVE-2017-0111	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0112	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0113	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0114	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0115	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0116	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0117	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0118	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0119	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0120	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Uniscribe Information Disclosure Vulnerability."	4.3	Medium
CVE-2017-0121	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0122	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0123	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0124	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0125	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0126	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0127, and CVE-2017-0128.	4.3	Medium
CVE-2017-0127	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0128.	4.3	Medium
CVE-2017-0128	2017-03-16 23h00 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0127.	4.3	Medium
CVE-2017-0038	2017-02-20 15h00 +00:00	gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.	5.5	Medium
CVE-2017-0004	2017-01-10 20h00 +00:00	The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."	7.5	High
CVE-2016-7219	2016-12-20 04h54 +00:00	The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Crypto Driver Information Disclosure Vulnerability."	5.5	Medium
CVE-2016-7257	2016-12-20 04h54 +00:00	The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."	6.5	Medium
CVE-2016-7259	2016-12-20 04h54 +00:00	The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-7260	2016-12-20 04h54 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-7272	2016-12-20 04h54 +00:00	The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability."	8.8	High
CVE-2016-7274	2016-12-20 04h54 +00:00	Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."	8.8	High
CVE-2016-7292	2016-12-20 04h54 +00:00	The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Installer Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-7295	2016-12-20 04h54 +00:00	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information from process memory via a crafted application, aka "Windows Common Log File System Driver Information Disclosure Vulnerability."	5.5	Medium
CVE-2016-7255	2016-11-10 06h16 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-7256	2016-11-10 06h16 +00:00	atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability."	8.8	High
CVE-2016-0026	2016-11-10 05h16 +00:00	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	7.8	High
CVE-2016-3332	2016-11-10 05h16 +00:00	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	7.8	High
CVE-2016-3333	2016-11-10 05h16 +00:00	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	7.8	High
CVE-2016-3334	2016-11-10 05h16 +00:00	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	7.8	High
CVE-2016-3335	2016-11-10 05h16 +00:00	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	7.8	High
CVE-2016-3338	2016-11-10 05h16 +00:00	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	7.8	High
CVE-2016-3340	2016-11-10 05h16 +00:00	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.	7.8	High
CVE-2016-3342	2016-11-10 05h16 +00:00	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3343, and CVE-2016-7184.	7.8	High
CVE-2016-3343	2016-11-10 05h16 +00:00	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-7184.	7.8	High
CVE-2016-7184	2016-11-10 05h16 +00:00	The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343.	7.8	High
CVE-2016-7205	2016-11-10 05h16 +00:00	Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Animation Manager Memory Corruption Vulnerability."	8.8	High
CVE-2016-7210	2016-11-10 05h16 +00:00	atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted Open Type font on a web site, aka "Open Type Font Information Disclosure Vulnerability."	6.5	Medium
CVE-2016-7212	2016-11-10 05h16 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka "Windows Remote Code Execution Vulnerability."	7.8	High
CVE-2016-7214	2016-11-10 05h16 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted application, aka "Win32k Information Disclosure Vulnerability."	3.3	Low
CVE-2016-7215	2016-11-10 05h16 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-7216	2016-11-10 05h16 +00:00	The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."	5.5	Medium
CVE-2016-7218	2016-11-10 05h16 +00:00	Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Bowser.sys Information Disclosure Vulnerability."	4.7	Medium
CVE-2016-7221	2016-11-10 05h16 +00:00	Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka "Windows IME Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-7237	2016-11-10 05h16 +00:00	Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."	6.5	Medium
CVE-2016-7238	2016-11-10 05h16 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandle caching for NTLM password-change requests, which allows local users to gain privileges via a crafted application, aka "Windows NTLM Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-7246	2016-11-10 05h16 +00:00	The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-3298	2016-10-14 01h00 +00:00	Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."	6.5	Medium
CVE-2016-3393	2016-10-14 01h00 +00:00	Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component RCE Vulnerability."	7.8	High
CVE-2016-0070	2016-10-13 23h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."	5.5	Medium
CVE-2016-3209	2016-10-13 23h00 +00:00	Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."	5.5	Medium
CVE-2016-3262	2016-10-13 23h00 +00:00	Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3263.	5.5	Medium
CVE-2016-3263	2016-10-13 23h00 +00:00	Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3262.	5.5	Medium
CVE-2016-3266	2016-10-13 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3376, CVE-2016-7185, and CVE-2016-7211.	7.8	High
CVE-2016-3270	2016-10-13 23h00 +00:00	The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-3376	2016-10-13 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." a different vulnerability than CVE-2016-3266, CVE-2016-7185, and CVE-2016-7211.	7.8	High
CVE-2016-3396	2016-10-13 23h00 +00:00	Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "GDI+ Remote Code Execution Vulnerability."	7.8	High
CVE-2016-7182	2016-10-13 23h00 +00:00	The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability."	9.8	Critical
CVE-2016-7185	2016-10-13 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." a different vulnerability than CVE-2016-3266, CVE-2016-3376, and CVE-2016-7211.	7.8	High
CVE-2016-7211	2016-10-13 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." a different vulnerability than CVE-2016-3266, CVE-2016-3376, and CVE-2016-7185.	7.3	High
CVE-2016-3351	2016-09-14 10h00 +00:00	Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."	6.5	Medium
CVE-2016-3305	2016-09-14 08h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3306.	7.8	High
CVE-2016-3306	2016-09-14 08h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3305.	7.8	High
CVE-2016-3345	2016-09-14 08h00 +00:00	The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Authenticated Remote Code Execution Vulnerability."	8.8	High
CVE-2016-3348	2016-09-14 08h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-3354	2016-09-14 08h00 +00:00	The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "GDI Information Disclosure Vulnerability."	3.3	Low
CVE-2016-3355	2016-09-14 08h00 +00:00	The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "GDI Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-3368	2016-09-14 08h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote authenticated users to execute arbitrary code by leveraging a domain account to make a crafted request, aka "Windows Remote Code Execution Vulnerability."	8.8	High
CVE-2016-3371	2016-09-14 08h00 +00:00	The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain sensitive information via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."	5.5	Medium
CVE-2016-3373	2016-09-14 08h00 +00:00	The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly implement registry access control, which allows local users to obtain sensitive account information via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."	5.5	Medium
CVE-2016-3375	2016-09-14 08h00 +00:00	The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."	7.5	High
CVE-2016-3309	2016-08-09 21h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311.	7.8	High
CVE-2016-3237	2016-08-09 19h00 +00:00	Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle attackers to bypass authentication via vectors related to a fallback to NTLM authentication during a domain account password change, aka "Kerberos Security Feature Bypass Vulnerability."	7.5	High
CVE-2016-3299	2016-08-09 19h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hijack network traffic or bypass intended Enhanced Protected Mode (EPM) or application container protection mechanisms, and consequently render untrusted content in a browser, by leveraging how NetBIOS validates responses, aka "NetBIOS Spoofing Vulnerability."	5.3	Medium
CVE-2016-3301	2016-08-09 19h00 +00:00	The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability."	7.8	High
CVE-2016-3303	2016-08-09 19h00 +00:00	The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3304.	7.8	High
CVE-2016-3304	2016-08-09 19h00 +00:00	The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3303.	7.8	High
CVE-2016-3308	2016-08-09 19h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3309, CVE-2016-3310, and CVE-2016-3311.	7.8	High
CVE-2016-3310	2016-08-09 19h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3309, and CVE-2016-3311.	7.8	High
CVE-2016-3311	2016-08-09 19h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3309, and CVE-2016-3310.	7.8	High
CVE-2016-3238	2016-07-12 23h00 +00:00	The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows man-in-the-middle attackers to execute arbitrary code by providing a crafted print driver during printer installation, aka "Windows Print Spooler Remote Code Execution Vulnerability."	8.1	High
CVE-2016-3239	2016-07-12 23h00 +00:00	The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via vectors involving filesystem write operations, aka "Windows Print Spooler Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-3249	2016-07-12 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3252, CVE-2016-3254, and CVE-2016-3286.	7.3	High
CVE-2016-3251	2016-07-12 23h00 +00:00	The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensitive kernel-address information via a crafted application, aka "Win32k Information Disclosure Vulnerability."	2.8	Low
CVE-2016-3252	2016-07-12 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3249, CVE-2016-3254, and CVE-2016-3286.	7.3	High
CVE-2016-3254	2016-07-12 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3249, CVE-2016-3252, and CVE-2016-3286.	7.8	High
CVE-2016-3286	2016-07-12 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3249, CVE-2016-3252, and CVE-2016-3254.	7.3	High
CVE-2016-3213	2016-06-15 23h00 +00:00	The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability."	8.8	High
CVE-2016-3216	2016-06-15 23h00 +00:00	GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability."	4.3	Medium
CVE-2016-3218	2016-06-15 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3221.	7.8	High
CVE-2016-3220	2016-06-15 23h00 +00:00	atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "ATMFD.dll Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-3221	2016-06-15 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3218.	7.8	High
CVE-2016-3223	2016-06-15 23h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain privileges by modifying group-policy update data within a domain-controller data stream, aka "Group Policy Elevation of Privilege Vulnerability."	8.1	High
CVE-2016-3225	2016-06-15 23h00 +00:00	The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-3226	2016-06-15 23h00 +00:00	Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability."	6.5	Medium
CVE-2016-3228	2016-06-15 23h00 +00:00	Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon Memory Corruption Remote Code Execution Vulnerability."	8.8	High
CVE-2016-3230	2016-06-15 23h00 +00:00	The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka "Windows Search Component Denial of Service Vulnerability."	5	Medium
CVE-2016-3236	2016-06-15 23h00 +00:00	The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability."	9.8	Critical
CVE-2016-0189	2016-05-11 01h00 +00:00	The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.	7.5	High
CVE-2016-0168	2016-05-10 23h00 +00:00	GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169.	6.5	Medium
CVE-2016-0169	2016-05-10 23h00 +00:00	GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168.	6.5	Medium
CVE-2016-0170	2016-05-10 23h00 +00:00	GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability."	8.8	High
CVE-2016-0171	2016-05-10 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0173, CVE-2016-0174, and CVE-2016-0196.	7.8	High
CVE-2016-0173	2016-05-10 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0174, and CVE-2016-0196.	7.8	High
CVE-2016-0174	2016-05-10 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0173, and CVE-2016-0196.	7.8	High
CVE-2016-0175	2016-05-10 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to obtain sensitive information about kernel-object addresses, and consequently bypass the KASLR protection mechanism, via a crafted application, aka "Win32k Information Disclosure Vulnerability."	3.3	Low
CVE-2016-0176	2016-05-10 23h00 +00:00	dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-0178	2016-05-10 23h00 +00:00	The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles free operations, which allows remote attackers to execute arbitrary code via malformed RPC requests, aka "RPC Network Data Representation Engine Elevation of Privilege Vulnerability."	8.8	High
CVE-2016-0180	2016-05-10 23h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles symbolic links, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-0184	2016-05-10 23h00 +00:00	Use-after-free vulnerability in GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Direct3D Use After Free Vulnerability."	8.8	High
CVE-2016-0195	2016-05-10 23h00 +00:00	The Imaging Component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Imaging Component Memory Corruption Vulnerability."	8.8	High
CVE-2016-0196	2016-05-10 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0173, and CVE-2016-0174.	7.8	High
CVE-2016-0197	2016-05-10 23h00 +00:00	dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-0162	2016-04-12 23h00 +00:00	Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."	4.3	Medium
CVE-2016-0165	2016-04-12 23h00 +00:00	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0167.	7.8	High
CVE-2016-0167	2016-04-12 23h00 +00:00	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165.	7.8	High
CVE-2016-0128	2016-04-12 21h00 +00:00	The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK."	6.8	Medium
CVE-2016-0143	2016-04-12 21h00 +00:00	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0165 and CVE-2016-0167.	7.8	High
CVE-2016-0145	2016-04-12 21h00 +00:00	The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."	8.8	High
CVE-2016-0153	2016-04-12 21h00 +00:00	OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability."	7.8	High
CVE-2016-0099	2016-03-09 11h00 +00:00	The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-0087	2016-03-09 10h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-0091	2016-03-09 10h00 +00:00	OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0092.	7.8	High
CVE-2016-0092	2016-03-09 10h00 +00:00	OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0091.	7.8	High
CVE-2016-0093	2016-03-09 10h00 +00:00	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096.	7.8	High
CVE-2016-0094	2016-03-09 10h00 +00:00	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0095, and CVE-2016-0096.	7.8	High
CVE-2016-0095	2016-03-09 10h00 +00:00	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096.	7.8	High
CVE-2016-0096	2016-03-09 10h00 +00:00	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0095.	7.8	High
CVE-2016-0098	2016-03-09 10h00 +00:00	Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."	8.8	High
CVE-2016-0101	2016-03-09 10h00 +00:00	Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."	8.8	High
CVE-2016-0120	2016-03-09 10h00 +00:00	The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."	6.5	Medium
CVE-2016-0121	2016-03-09 10h00 +00:00	The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."	8.8	High
CVE-2016-0133	2016-03-09 10h00 +00:00	The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows physically proximate attackers to execute arbitrary code by inserting a crafted USB device, aka "USB Mass Storage Elevation of Privilege Vulnerability."	6.8	Medium
CVE-2016-0040	2016-02-10 11h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-0038	2016-02-10 10h00 +00:00	Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Memory Corruption Vulnerability."	7.8	High
CVE-2016-0041	2016-02-10 10h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."	7.8	High
CVE-2016-0042	2016-02-10 10h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability."	7.8	High
CVE-2016-0048	2016-02-10 10h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-0049	2016-02-10 10h00 +00:00	Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."	6.2	Medium
CVE-2016-0050	2016-02-10 10h00 +00:00	Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS authentication outage) via crafted requests, aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability."	5.3	Medium
CVE-2016-0051	2016-02-10 10h00 +00:00	The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-0006	2016-01-13 01h00 +00:00	The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0007.	7.3	High
CVE-2016-0007	2016-01-13 01h00 +00:00	The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0006.	7.8	High
CVE-2016-0008	2016-01-13 01h00 +00:00	The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows GDI32.dll ASLR Bypass Vulnerability."	4.3	Medium
CVE-2016-0009	2016-01-13 01h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via unspecified vectors, aka "Win32k Remote Code Execution Vulnerability."	8.8	High
CVE-2016-0014	2016-01-13 01h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Elevation of Privilege Vulnerability."	7.8	High
CVE-2016-0015	2016-01-13 01h00 +00:00	DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "DirectShow Heap Corruption Remote Code Execution Vulnerability."	7.8	High
CVE-2016-0016	2016-01-13 01h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."	7.8	High
CVE-2016-0020	2016-01-13 01h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "MAPI DLL Loading Elevation of Privilege Vulnerability."	7.8	High
CVE-2015-6107	2015-12-09 10h00 +00:00	The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10 Gold and 1511, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."	9.3
CVE-2015-6108	2015-12-09 10h00 +00:00	The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."	9.3
CVE-2015-6125	2015-12-09 10h00 +00:00	Use-after-free vulnerability in the DNS server in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Use After Free Vulnerability."	9.3
CVE-2015-6126	2015-12-09 10h00 +00:00	Race condition in the Pragmatic General Multicast (PGM) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application, aka "Windows PGM UAF Elevation of Privilege Vulnerability."	7.2
CVE-2015-6128	2015-12-09 10h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."	7.2
CVE-2015-6130	2015-12-09 10h00 +00:00	Integer underflow in Uniscribe in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows remote attackers to execute arbitrary code via a crafted font, aka "Windows Integer Underflow Vulnerability."	9.3
CVE-2015-6132	2015-12-09 10h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."	7.2
CVE-2015-6152	2015-12-09 10h00 +00:00	Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6162.	9.3
CVE-2015-6171	2015-12-09 10h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6173 and CVE-2015-6174.	7.2
CVE-2015-6173	2015-12-09 10h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6171 and CVE-2015-6174.	7.2
CVE-2015-6174	2015-12-09 10h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6171 and CVE-2015-6173.	7.2
CVE-2015-2478	2015-11-11 10h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application that triggers a Winsock call referencing an invalid address, aka "Winsock Elevation of Privilege Vulnerability."	7.2
CVE-2015-6095	2015-11-11 10h00 +00:00	Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles password changes, which allows physically proximate attackers to bypass authentication, and conduct decryption attacks against certain BitLocker configurations, by connecting to an unintended Key Distribution Center (KDC), aka "Windows Kerberos Security Feature Bypass."	4.9
CVE-2015-6097	2015-11-11 10h00 +00:00	Heap-based buffer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted Journal (.jnt) file, aka "Windows Journal Heap Overflow Vulnerability."	9.3
CVE-2015-6098	2015-11-11 10h00 +00:00	Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows NDIS Elevation of Privilege Vulnerability."	7.2
CVE-2015-6100	2015-11-11 10h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6101.	6.9
CVE-2015-6101	2015-11-11 10h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6100.	6.9
CVE-2015-6102	2015-11-11 10h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability."	2.1
CVE-2015-6103	2015-11-11 10h00 +00:00	The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6104.	9.3
CVE-2015-6104	2015-11-11 10h00 +00:00	The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6103.	9.3
CVE-2015-6112	2015-11-11 10h00 +00:00	SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "Schannel TLS Triple Handshake Vulnerability."	5.8
CVE-2015-6113	2015-11-11 10h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass intended filesystem permissions by leveraging Low Integrity access, aka "Windows Kernel Security Feature Bypass Vulnerability."	2.1
CVE-2015-2515	2015-10-13 23h00 +00:00	Use-after-free vulnerability in Windows Shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted toolbar object, aka "Toolbar Use After Free Vulnerability."	9.3
CVE-2015-2549	2015-10-13 23h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."	7.2
CVE-2015-2550	2015-10-13 23h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."	7.2
CVE-2015-2552	2015-10-13 23h00 +00:00	The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows physically proximate attackers to bypass the Trusted Boot protection mechanism, and consequently interfere with the integrity of code, BitLocker, Device Encryption, and Device Health Attestation, via a crafted Boot Configuration Data (BCD) setting, aka "Trusted Boot Security Feature Bypass Vulnerability."	7.2
CVE-2015-2553	2015-10-13 23h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles junctions during mountpoint creation, which makes it easier for local users to gain privileges by leveraging certain sandbox access, aka "Windows Mount Point Elevation of Privilege Vulnerability."	7.2
CVE-2015-2554	2015-10-13 23h00 +00:00	The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability."	7.2
CVE-2015-2546	2015-09-09 00h00 +00:00	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518.	8.2	High
CVE-2015-2506	2015-09-08 22h00 +00:00	atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (system crash) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."	9.3
CVE-2015-2507	2015-09-08 22h00 +00:00	The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2512.	7.2
CVE-2015-2511	2015-09-08 22h00 +00:00	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2517, CVE-2015-2518, and CVE-2015-2546.	6.9
CVE-2015-2512	2015-09-08 22h00 +00:00	The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2507.	7.2
CVE-2015-2513	2015-09-08 22h00 +00:00	Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2514 and CVE-2015-2530.	9.3
CVE-2015-2514	2015-09-08 22h00 +00:00	Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2513 and CVE-2015-2530.	9.3
CVE-2015-2516	2015-09-08 22h00 +00:00	Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (data loss) via a crafted .jnt file, aka "Windows Journal DoS Vulnerability."	4.3
CVE-2015-2517	2015-09-08 22h00 +00:00	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2518, and CVE-2015-2546.	6.9
CVE-2015-2518	2015-09-08 22h00 +00:00	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2546.	6.9
CVE-2015-2519	2015-09-08 22h00 +00:00	Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal Integer Overflow RCE Vulnerability."	9.3
CVE-2015-2525	2015-09-08 22h00 +00:00	Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass intended filesystem restrictions and delete arbitrary files via unspecified vectors, aka "Windows Task File Deletion Elevation of Privilege Vulnerability."	7.2
CVE-2015-2528	2015-09-08 22h00 +00:00	Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2524.	7.2
CVE-2015-2530	2015-09-08 22h00 +00:00	Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2513 and CVE-2015-2514.	9.3
CVE-2015-2535	2015-09-08 22h00 +00:00	Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka "Active Directory Denial of Service Vulnerability."	4
CVE-2015-2502	2015-08-19 10h00 +00:00	Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015.	8.8	High
CVE-2015-1769	2015-08-15 00h00 +00:00	Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."	6.6	Medium
CVE-2015-2423	2015-08-14 22h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability."	4.3
CVE-2015-2428	2015-08-14 22h00 +00:00	Object Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels during interaction with object symbolic links that originated in a sandboxed process, which allows local users to gain privileges via a crafted application, aka "Windows Object Manager Elevation of Privilege Vulnerability."	2.1
CVE-2015-2429	2015-08-14 22h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified registry actions via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability."	9.3
CVE-2015-2430	2015-08-14 22h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified filesystem actions via a crafted application, aka "Windows Filesystem Elevation of Privilege Vulnerability."	9.3
CVE-2015-2432	2015-08-14 22h00 +00:00	ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."	9.3
CVE-2015-2433	2015-08-14 22h00 +00:00	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability."	2.1
CVE-2015-2435	2015-08-14 22h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Silverlight before 5.1.40728 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."	9.3
CVE-2015-2453	2015-08-14 22h00 +00:00	The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information via a crafted application that continues to execute during a subsequent user's login session, aka "Windows CSRSS Elevation of Privilege Vulnerability."	4.7
CVE-2015-2454	2015-08-14 22h00 +00:00	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows KMD Security Feature Bypass Vulnerability."	2.1
CVE-2015-2455	2015-08-14 22h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2456.	9.3
CVE-2015-2456	2015-08-14 22h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2455.	9.3
CVE-2015-2458	2015-08-14 22h00 +00:00	ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2459 and CVE-2015-2461.	9.3
CVE-2015-2459	2015-08-14 22h00 +00:00	ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2461.	9.3
CVE-2015-2460	2015-08-14 22h00 +00:00	ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."	9.3
CVE-2015-2461	2015-08-14 22h00 +00:00	ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2459.	9.3
CVE-2015-2462	2015-08-14 22h00 +00:00	ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."	9.3
CVE-2015-2463	2015-08-14 22h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2464.	9.3
CVE-2015-2464	2015-08-14 22h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463.	9.3
CVE-2015-2465	2015-08-14 22h00 +00:00	The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Shell Security Feature Bypass Vulnerability."	2.1
CVE-2015-2472	2015-08-14 22h00 +00:00	Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify certificates, which allows man-in-the-middle attackers to spoof clients via a crafted certificate with valid Issuer and Serial Number fields, aka "Remote Desktop Session Host Spoofing Vulnerability."	4.3
CVE-2015-2473	2015-08-14 22h00 +00:00	Untrusted search path vulnerability in the client in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability."	9.3
CVE-2015-2476	2015-08-14 22h00 +00:00	The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "WebDAV Client Information Disclosure Vulnerability."	2.6
CVE-2015-2426	2015-07-20 18h00 +00:00	Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."	8.8	High
CVE-2015-2387	2015-07-14 22h00 +00:00	ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."	7.8	High
CVE-2015-2419	2015-07-14 21h00 +00:00	JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."	8.8	High
CVE-2015-2425	2015-07-14 21h00 +00:00	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2384.	8.8	High
CVE-2015-2363	2015-07-14 20h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.2
CVE-2015-2364	2015-07-14 20h00 +00:00	The graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that leverages an incorrect bitmap conversion, aka "Graphics Component EOP Vulnerability."	7.2
CVE-2015-2365	2015-07-14 20h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.2
CVE-2015-2366	2015-07-14 20h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.2
CVE-2015-2367	2015-07-14 20h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from uninitialized kernel memory via a crafted application, aka "Win32k Information Disclosure Vulnerability."	2.1
CVE-2015-2370	2015-07-14 20h00 +00:00	The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection reflection, which allows local users to gain privileges via a crafted application, aka "Windows RPC Elevation of Privilege Vulnerability."	7.2
CVE-2015-2371	2015-07-14 20h00 +00:00	The Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a custom action script associated with a .msi package, aka "Windows Installer EoP Vulnerability."	6.9
CVE-2015-2416	2015-07-14 20h00 +00:00	OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2417.	5
CVE-2015-2417	2015-07-14 20h00 +00:00	OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2416.	5
CVE-2015-2362	2015-07-14 19h00 +00:00	Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS by leveraging guest OS privileges, aka "Hyper-V System Data Structure Vulnerability."	7.2
CVE-2015-2368	2015-07-14 19h00 +00:00	Untrusted search path vulnerability in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Windows DLL Remote Code Execution Vulnerability."	6.9
CVE-2015-2369	2015-07-14 19h00 +00:00	Untrusted search path vulnerability in Windows Media Device Manager in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rtf file, aka "DLL Planting Remote Code Execution Vulnerability."	6.9
CVE-2015-2374	2015-07-14 19h00 +00:00	The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly implement domain-controller communication, which allows remote attackers to discover credentials by leveraging certain PDC access and spoofing the BDC role in a PDC communication channel, aka "Elevation of Privilege Vulnerability in Netlogon."	3.3
CVE-2015-2360	2015-06-10 01h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	8.8	High
CVE-2015-1719	2015-06-09 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka "Microsoft Windows Kernel Information Disclosure Vulnerability."	2.1
CVE-2015-1720	2015-06-09 23h00 +00:00	Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Use After Free Vulnerability."	7.2
CVE-2015-1721	2015-06-09 23h00 +00:00	The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer Dereference Vulnerability."	7.2
CVE-2015-1722	2015-06-09 23h00 +00:00	Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability."	7.2
CVE-2015-1723	2015-06-09 23h00 +00:00	Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Station Use After Free Vulnerability."	7.2
CVE-2015-1724	2015-06-09 23h00 +00:00	Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Object Use After Free Vulnerability."	7.2
CVE-2015-1725	2015-06-09 23h00 +00:00	Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Buffer Overflow Vulnerability."	7.2
CVE-2015-1726	2015-06-09 23h00 +00:00	Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Brush Object Use After Free Vulnerability."	7.2
CVE-2015-1727	2015-06-09 23h00 +00:00	Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Pool Buffer Overflow Vulnerability."	7.2
CVE-2015-1756	2015-06-09 23h00 +00:00	Use-after-free vulnerability in Microsoft Common Controls in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted web site that is accessed with the F12 Developer Tools feature of Internet Explorer, aka "Microsoft Common Control Use After Free Vulnerability."	9.3
CVE-2015-1758	2015-06-09 23h00 +00:00	Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, aka "Windows LoadLibrary EoP Vulnerability."	6.9
CVE-2015-1671	2015-05-13 10h00 +00:00	The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."	7.8	High
CVE-2015-1675	2015-05-13 08h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.	9.3
CVE-2015-1676	2015-05-13 08h00 +00:00	The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680.	2.1
CVE-2015-1677	2015-05-13 08h00 +00:00	The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680.	2.1
CVE-2015-1678	2015-05-13 08h00 +00:00	The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1679, and CVE-2015-1680.	2.1
CVE-2015-1679	2015-05-13 08h00 +00:00	The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1680.	2.1
CVE-2015-1680	2015-05-13 08h00 +00:00	The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1679.	2.1
CVE-2015-1681	2015-05-13 08h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service via a crafted .msc file, aka "Microsoft Management Console File Format Denial of Service Vulnerability."	1.9
CVE-2015-1695	2015-05-13 08h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.	9.3
CVE-2015-1696	2015-05-13 08h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.	9.3
CVE-2015-1697	2015-05-13 08h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, and CVE-2015-1699.	9.3
CVE-2015-1698	2015-05-13 08h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1699.	9.3
CVE-2015-1699	2015-05-13 08h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698.	9.3
CVE-2015-1702	2015-05-13 08h00 +00:00	The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Service Control Manager Elevation of Privilege Vulnerability."	6.9
CVE-2015-1716	2015-05-13 08h00 +00:00	Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral (DHE) key lengths, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, aka "Schannel Information Disclosure Vulnerability."	5
CVE-2015-1635	2015-04-14 20h00 +00:00	HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."	9.8	Critical
CVE-2015-0098	2015-04-14 18h00 +00:00	Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka "Task Scheduler Elevation of Privilege Vulnerability."	7.2
CVE-2015-1643	2015-04-14 18h00 +00:00	Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "NtCreateTransactionManager Type Confusion Vulnerability."	7.2
CVE-2015-1644	2015-04-14 18h00 +00:00	Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows MS-DOS Device Name Vulnerability."	7.2
CVE-2015-1645	2015-04-14 18h00 +00:00	Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) image, aka "EMF Processing Remote Code Execution Vulnerability."	9.3
CVE-2015-2111	2015-04-03 23h00 +00:00	Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors.	2.1
CVE-2015-0005	2015-03-11 09h00 +00:00	The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability."	4.3
CVE-2015-0073	2015-03-11 09h00 +00:00	The Windows Registry Virtualization feature in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict changes to virtual stores, which allows local users to gain privileges via a crafted application, aka "Registry Virtualization Elevation of Privilege Vulnerability."	7.2
CVE-2015-0074	2015-03-11 09h00 +00:00	Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly allocate memory, which allows remote attackers to cause a denial of service via a crafted (1) web site or (2) file, aka "Adobe Font Driver Denial of Service Vulnerability."	4.3
CVE-2015-0075	2015-03-11 09h00 +00:00	The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Impersonation Level Check Elevation of Privilege Vulnerability."	7.2
CVE-2015-0076	2015-03-11 09h00 +00:00	The photo-decoder implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly initialize memory for rendering of JXR images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "JPEG XR Parser Information Disclosure Vulnerability."	4.3
CVE-2015-0077	2015-03-11 09h00 +00:00	The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain sensitive information from kernel memory, and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability."	2.1
CVE-2015-0080	2015-03-11 09h00 +00:00	Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for rendering of malformed PNG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Malformed PNG Parsing Information Disclosure Vulnerability."	4.3
CVE-2015-0081	2015-03-11 09h00 +00:00	Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability."	9.3
CVE-2015-0084	2015-03-11 09h00 +00:00	The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended restrictions on launching executable files via a crafted task, aka "Task Scheduler Security Feature Bypass Vulnerability."	2.1
CVE-2015-0087	2015-03-11 09h00 +00:00	Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font, aka "Adobe Font Driver Information Disclosure Vulnerability," a different vulnerability than CVE-2015-0089.	5
CVE-2015-0088	2015-03-11 09h00 +00:00	Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0090, CVE-2015-0091, CVE-2015-0092, and CVE-2015-0093.	9.3
CVE-2015-0089	2015-03-11 09h00 +00:00	Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font, aka "Adobe Font Driver Information Disclosure Vulnerability," a different vulnerability than CVE-2015-0087.	5
CVE-2015-0090	2015-03-11 09h00 +00:00	Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0091, CVE-2015-0092, and CVE-2015-0093.	9.3
CVE-2015-0091	2015-03-11 09h00 +00:00	Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0092, and CVE-2015-0093.	9.3
CVE-2015-0092	2015-03-11 09h00 +00:00	Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0093.	9.3
CVE-2015-0093	2015-03-11 09h00 +00:00	Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0092.	9.3
CVE-2015-0094	2015-03-11 09h00 +00:00	The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the availability of address information during a function call, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability."	2.1
CVE-2015-0095	2015-03-11 09h00 +00:00	The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service (NULL pointer dereference and blue screen), or obtain sensitive information from kernel memory and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability."	5.6
CVE-2015-0096	2015-03-11 09h00 +00:00	Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."	9.3
CVE-2015-1637	2015-03-06 16h00 +00:00	Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.	4.3
CVE-2015-0071	2015-02-11 02h00 +00:00	Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."	6.5	Medium
CVE-2015-0003	2015-02-11 01h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	6.9
CVE-2015-0008	2015-02-11 01h00 +00:00	The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability."	8.3
CVE-2015-0009	2015-02-11 01h00 +00:00	The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability."	3.3
CVE-2015-0010	2015-02-11 01h00 +00:00	The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka "CNG Security Feature Bypass Vulnerability" or MSRC ID 20707.	1.9
CVE-2015-0057	2015-02-11 01h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.2
CVE-2015-0059	2015-02-11 01h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted TrueType font, aka "TrueType Font Parsing Remote Code Execution Vulnerability."	6.9
CVE-2015-0060	2015-02-11 01h00 +00:00	The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability."	4.7
CVE-2015-0061	2015-02-11 01h00 +00:00	Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka "TIFF Processing Information Disclosure Vulnerability."	4.3
CVE-2015-0062	2015-02-11 01h00 +00:00	Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka "Windows Create Process Elevation of Privilege Vulnerability."	7.2
CVE-2015-0016	2015-01-13 22h00 +00:00	Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."	7.8	High
CVE-2015-0002	2015-01-13 21h00 +00:00	The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability."	7.2
CVE-2015-0004	2015-01-13 21h00 +00:00	The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability."	7.2
CVE-2015-0006	2015-01-13 21h00 +00:00	The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka "NLA Security Feature Bypass Vulnerability."	6.1
CVE-2015-0011	2015-01-13 21h00 +00:00	mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass an impersonation protection mechanism, and obtain privileges for redirection of WebDAV requests, via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."	4.7
CVE-2015-0014	2015-01-13 21h00 +00:00	Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability."	10
CVE-2015-0015	2015-01-13 21h00 +00:00	Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability."	7.8
CVE-2014-6355	2014-12-10 23h00 +00:00	The Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly process JPEG images, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Graphics Component Information Disclosure Vulnerability."	5
CVE-2014-6324	2014-11-18 23h00 +00:00	The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."	8.8	High
CVE-2014-4077	2014-11-11 22h00 +00:00	Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.	7.8	High
CVE-2014-6332	2014-11-11 22h00 +00:00	OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."	8.8	High
CVE-2014-4118	2014-11-11 21h00 +00:00	XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka "MSXML Remote Code Execution Vulnerability."	9.3
CVE-2014-6317	2014-11-11 21h00 +00:00	Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka "Denial of Service in Windows Kernel Mode Driver Vulnerability."	7.1
CVE-2014-6318	2014-11-11 21h00 +00:00	The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credentials, which makes it easier for remote attackers to bypass intended access restrictions via a series of attempts, aka "Remote Desktop Protocol (RDP) Failure to Audit Vulnerability."	4.3
CVE-2014-6321	2014-11-11 21h00 +00:00	Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability."	10
CVE-2014-6322	2014-11-11 21h00 +00:00	The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka "Windows Audio Service Vulnerability."	4.3
CVE-2014-6352	2014-10-22 14h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.	7.8	High
CVE-2014-4113	2014-10-15 10h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."	7.8	High
CVE-2014-4114	2014-10-15 10h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."	7.8	High
CVE-2014-4123	2014-10-15 10h00 +00:00	Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124.	8.8	High
CVE-2014-4148	2014-10-15 10h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."	8.8	High
CVE-2014-2817	2014-08-12 21h00 +00:00	Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."	8.8	High
CVE-2014-0316	2014-08-12 19h00 +00:00	Memory leak in the Local RPC (LRPC) server implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (memory consumption) and bypass the ASLR protection mechanism via a crafted client that sends messages with an invalid data view, aka "LRPC ASLR Bypass Vulnerability."	7.5
CVE-2014-0318	2014-08-12 19h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.2
CVE-2014-1814	2014-08-12 19h00 +00:00	The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that invokes the repair feature for a different application, aka "Windows Installer Repair Vulnerability."	7.2
CVE-2014-1819	2014-08-12 19h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to objects associated with font files, which allows local users to gain privileges via a crafted file, aka "Font Double-Fetch Vulnerability."	7.2
CVE-2014-4064	2014-08-12 19h00 +00:00	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly handle use of the paged kernel pool for allocation of uninitialized memory, which allows local users to obtain sensitive information about kernel addresses via a crafted application, aka "Windows Kernel Pool Allocation Vulnerability."	4.9
CVE-2014-1767	2014-07-08 20h00 +00:00	Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."	7.2
CVE-2014-1824	2014-07-08 20h00 +00:00	Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted Journal (aka .JNT) file, aka "Windows Journal Remote Code Execution Vulnerability."	9.3
CVE-2014-2780	2014-07-08 20h00 +00:00	DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka "DirectShow Elevation of Privilege Vulnerability."	6.9
CVE-2014-2781	2014-07-08 20h00 +00:00	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the exchange of keyboard and mouse data between programs at different integrity levels, which allows attackers to bypass intended access restrictions by leveraging control over a low-integrity process to launch the On-Screen Keyboard (OSK) and then upload a crafted application, aka "On-Screen Keyboard Elevation of Privilege Vulnerability."	7.6
CVE-2014-1811	2014-06-10 23h00 +00:00	The TCP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (non-paged pool memory consumption and system hang) via malformed data in the Options field of a TCP header, aka "TCP Denial of Service Vulnerability."	5
CVE-2014-1817	2014-06-10 23h00 +00:00	usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EMF+ record in a font file, aka "Unicode Scripts Processor Vulnerability."	9.3
CVE-2014-1818	2014-06-10 23h00 +00:00	GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code via a crafted EMF+ record in an image file, aka "GDI+ Image Parsing Vulnerability."	9.3
CVE-2014-1812	2014-05-14 10h00 +00:00	The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability."	8.8	High
CVE-2014-0255	2014-05-14 08h00 +00:00	Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability."	5
CVE-2014-0256	2014-05-14 08h00 +00:00	Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability."	5
CVE-2014-1807	2014-05-14 08h00 +00:00	The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local users to gain privileges via a crafted application, as exploited in the wild in May 2014, aka "Windows Shell File Association Vulnerability."	7.2
CVE-2014-1776	2014-04-27 10h00 +00:00	Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks."	9.8	Critical
CVE-2014-0315	2014-04-08 19h00 +00:00	Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability."	6.9
CVE-2014-0300	2014-03-12 00h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."	7.2
CVE-2014-0301	2014-03-12 00h00 +00:00	Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka "DirectShow Memory Corruption Vulnerability."	9.3
CVE-2014-0323	2014-03-12 00h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability."	6.6
CVE-2013-7331	2014-02-26 11h00 +00:00	The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.	6.5	Medium
CVE-2014-0322	2014-02-14 16h00 +00:00	Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.	8.8	High
CVE-2014-0263	2014-02-12 01h00 +00:00	The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a large 2D geometric figure that is encountered with Internet Explorer, aka "Microsoft Graphics Component Memory Corruption Vulnerability."	9.3
CVE-2014-0266	2014-02-12 01h00 +00:00	The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability."	7.1
CVE-2013-3900	2013-12-11 00h00 +00:00	Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, except for clarifications about how to configure the EnableCertPaddingCheck registry value, the information herein remains unchanged from the original text published on December 10, 2013, Microsoft does not plan to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. This behavior remains available as an opt-in feature via reg key setting, and is available on supported editions of Windows released since December 10, 2013. This includes all currently supported versions of Windows 10 and Windows 11. The supporting code for this reg key was incorporated at the time of release for Windows 10 and Windows 11, so no security update is required; however, the reg key must be set. See the Security Updates table for the list of affected software. Vulnerability Description A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable (PE) files. An anonymous attacker could exploit the vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of this vulnerability requires that a user or application run or install a specially crafted, signed PE file. An attacker could modify an... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900	8.8	High
CVE-2013-5056	2013-12-10 23h00 +00:00	Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library."	9.3
CVE-2013-5058	2013-12-10 23h00 +00:00	Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability."	6.9
CVE-2013-3876	2013-11-16 02h00 +00:00	DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate.	7.1
CVE-2013-3869	2013-11-12 23h00 +00:00	Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability."	5
CVE-2013-3940	2013-11-12 23h00 +00:00	Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability."	9.3
CVE-2013-3918	2013-11-12 00h00 +00:00	The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."	9.3
CVE-2013-3897	2013-10-09 14h44 +00:00	Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."	8.8	High
CVE-2013-3128	2013-10-09 12h44 +00:00	The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability."	9.3
CVE-2013-1712	2013-08-06 23h00 +00:00	Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory.	6.9
CVE-2013-3697	2013-07-31 10h00 +00:00	Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call.	7.2
CVE-2013-3956	2013-07-31 08h00 +00:00	The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.	7.2
CVE-2013-3163	2013-07-10 01h00 +00:00	Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.	8.8	High
CVE-2013-3660	2013-05-24 20h00 +00:00	The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."	7.8	High
CVE-2013-3661	2013-05-24 18h00 +00:00	The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.	4.9
CVE-2013-1347	2013-05-05 10h00 +00:00	Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.	8.8	High
CVE-2013-2551	2013-03-11 10h00 +00:00	Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.	8.8	High
CVE-2013-0005	2013-01-09 17h00 +00:00	The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."	7.8
CVE-2012-1537	2012-12-11 23h00 +00:00	Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."	9.3
CVE-2012-4774	2012-12-11 23h00 +00:00	Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."	9.3
CVE-2012-4786	2012-12-11 23h00 +00:00	The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."	10
CVE-2012-2532	2012-11-13 23h00 +00:00	Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."	5
CVE-2012-3324	2012-09-25 18h00 +00:00	Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.	9
CVE-2012-4969	2012-09-18 10h00 +00:00	Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.	8.1	High
CVE-2012-1889	2012-06-13 01h00 +00:00	Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.	8.8	High
CVE-2012-0159	2012-05-08 22h00 +00:00	Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."	9.3
CVE-2012-0174	2012-05-08 22h00 +00:00	Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."	1.7
CVE-2012-0179	2012-05-08 22h00 +00:00	Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."	7.2
CVE-2012-0181	2012-05-08 22h00 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."	7.2
CVE-2012-0151	2012-04-10 21h00 +00:00	The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."	7.8	High
CVE-2012-0168	2012-04-10 19h00 +00:00	Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability."	7.6
CVE-2012-0169	2012-04-10 19h00 +00:00	Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability."	9.3
CVE-2012-0171	2012-04-10 19h00 +00:00	Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability."	9.3
CVE-2012-0010	2012-02-14 21h00 +00:00	Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability."	4.3
CVE-2012-0011	2012-02-14 21h00 +00:00	Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability."	9.3
CVE-2012-0012	2012-02-14 21h00 +00:00	Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."	4.3
CVE-2012-0155	2012-02-14 21h00 +00:00	Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."	9.3
CVE-2011-5046	2011-12-30 18h00 +00:00	The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."	9.3
CVE-2011-1992	2011-12-13 23h00 +00:00	The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."	4.3
CVE-2011-2019	2011-12-13 23h00 +00:00	Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."	9.3
CVE-2011-3404	2011-12-13 23h00 +00:00	Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability."	4.3
CVE-2011-4434	2011-11-11 21h00 +00:00	Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.	3.6
CVE-2011-1993	2011-10-11 23h00 +00:00	Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability."	9.3
CVE-2011-1995	2011-10-11 23h00 +00:00	Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability."	9.3
CVE-2011-1996	2011-10-11 23h00 +00:00	Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."	9.3
CVE-2011-1998	2011-10-11 23h00 +00:00	Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability."	9.3
CVE-2011-1999	2011-10-11 23h00 +00:00	Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."	9.3
CVE-2011-2000	2011-10-11 23h00 +00:00	Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."	9.3
CVE-2011-2001	2011-10-11 23h00 +00:00	Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."	9.3
CVE-2011-1257	2011-08-10 19h16 +00:00	Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."	7.6
CVE-2011-1960	2011-08-10 19h16 +00:00	Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability."	4.3
CVE-2011-1961	2011-08-10 19h16 +00:00	The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability."	9.3
CVE-2011-1962	2011-08-10 19h16 +00:00	Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability."	4.3
CVE-2011-1963	2011-08-10 19h16 +00:00	Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability."	9.3
CVE-2011-1964	2011-08-10 19h16 +00:00	Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability."	9.3
CVE-2011-1246	2011-06-16 18h21 +00:00	Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability."	4.3
CVE-2011-1250	2011-06-16 18h21 +00:00	Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability."	9.3
CVE-2011-1251	2011-06-16 18h21 +00:00	Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."	9.3
CVE-2011-1254	2011-06-16 18h21 +00:00	Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."	9.3
CVE-2011-1255	2011-06-16 18h21 +00:00	The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."	9.3
CVE-2011-1256	2011-06-16 18h21 +00:00	Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."	9.3
CVE-2011-1258	2011-06-16 18h21 +00:00	Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."	4.3
CVE-2011-1261	2011-06-16 18h21 +00:00	Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability."	9.3
CVE-2011-1262	2011-06-16 18h21 +00:00	Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability."	9.3
CVE-2011-1266	2011-06-16 18h21 +00:00	The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."	9.3
CVE-2011-1229	2011-04-13 18h07 +00:00	win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."	7.2
CVE-2011-1244	2011-04-13 16h00 +00:00	Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."	5.8
CVE-2010-3345	2010-12-16 18h00 +00:00	Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."	9.3
CVE-2010-3346	2010-12-16 18h00 +00:00	Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."	9.3
CVE-2010-3348	2010-12-16 18h00 +00:00	Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342.	4.3
CVE-2010-4398	2010-12-03 20h00 +00:00	Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."	7.8	High
CVE-2010-3962	2010-11-05 15h28 +00:00	Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.	9.3
CVE-2010-3328	2010-10-13 16h00 +00:00	Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."	8.8	High
CVE-2010-2556	2010-08-11 16h00 +00:00	Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."	9.3
CVE-2010-2558	2010-08-11 16h00 +00:00	Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability."	9.3
CVE-2010-2559	2010-08-11 16h00 +00:00	Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.	9.3
CVE-2010-2560	2010-08-11 16h00 +00:00	Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."	9.3
CVE-2010-2568	2010-07-22 10h00 +00:00	Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.	7.8	High
CVE-2010-0017	2010-02-10 17h00 +00:00	Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."	9.3
CVE-2010-0555	2010-02-04 19h00 +00:00	Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.	9.3
CVE-2010-0255	2010-02-04 18h00 +00:00	Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.	4.3
CVE-2010-0249	2010-01-15 16h00 +00:00	Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."	8.8	High
CVE-2009-3676	2009-11-13 14h00 +00:00	The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."	7.1
CVE-2009-0555	2009-10-14 08h00 +00:00	Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability."	9.3
CVE-2009-2681	2009-09-29 17h00 +00:00	Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors.	6.8
CVE-2009-3294	2009-09-22 08h00 +00:00	The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function.	5
CVE-2009-3103	2009-09-08 20h00 +00:00	Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.	10
CVE-2009-1140	2009-06-10 16h00 +00:00	Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."	7.1
CVE-2009-1528	2009-06-10 16h00 +00:00	Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability."	9.3
CVE-2009-1529	2009-06-10 16h00 +00:00	Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability."	8.1	High
CVE-2009-1530	2009-06-10 16h00 +00:00	Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability."	9.3
CVE-2009-1531	2009-06-10 16h00 +00:00	Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability."	9.3
CVE-2009-0230	2009-06-10 15h37 +00:00	The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."	9
CVE-2009-0568	2009-06-10 15h37 +00:00	The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."	10
CVE-2009-0078	2009-04-15 01h49 +00:00	The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."	7.2
CVE-2009-0086	2009-04-15 01h49 +00:00	Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."	10
CVE-2009-0550	2009-04-15 01h49 +00:00	Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."	9.3
CVE-2009-0551	2009-04-15 01h49 +00:00	Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."	8.1	High
CVE-2009-0553	2009-04-15 01h49 +00:00	Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."	9.3
CVE-2009-0554	2009-04-15 01h49 +00:00	Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."	8.8	High
CVE-2009-1216	2009-04-01 15h00 +00:00	Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before 7.0.1701.48, 8.x before 8.0.1969.62, and 9.x before 9.0.3790.2076; allow remote attackers to execute arbitrary code via unknown vectors.	10
CVE-2009-0093	2009-03-11 13h00 +00:00	Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.	3.5
CVE-2009-0094	2009-03-11 13h00 +00:00	The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.	5.5
CVE-2009-0233	2009-03-11 13h00 +00:00	The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."	5.8
CVE-2009-0234	2009-03-11 13h00 +00:00	The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."	6.4
CVE-2009-0081	2009-03-10 19h00 +00:00	The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."	9.3
CVE-2009-0082	2009-03-10 19h00 +00:00	The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."	7.8	High
CVE-2009-0083	2009-03-10 19h00 +00:00	The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."	7.2
CVE-2009-0085	2009-03-10 19h00 +00:00	The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."	7.1
CVE-2009-0075	2009-02-10 21h13 +00:00	Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."	9.3
CVE-2009-0320	2009-01-28 17h00 +00:00	Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."	4
CVE-2008-4268	2008-12-10 12h33 +00:00	The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."	8.5
CVE-2008-4269	2008-12-10 12h33 +00:00	The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."	8.5
CVE-2008-4033	2008-11-12 22h00 +00:00	Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."	4.3
CVE-2008-2250	2008-10-14 22h00 +00:00	The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."	7.2
CVE-2008-2251	2008-10-14 22h00 +00:00	Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.	7.2
CVE-2008-4036	2008-10-14 22h00 +00:00	Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."	8.4	High
CVE-2008-4038	2008-10-14 22h00 +00:00	Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."	10
CVE-2008-2540	2008-06-03 13h00 +00:00	Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.	9.3
CVE-2008-1544	2008-03-28 22h00 +00:00	The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.	7.1

Microsoft Windows Server 2008 R2 Service Pack 1 Datacenter Edition on x64

CPE Details

CPE Name: cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:datacenter:*:x64:*

Informations

Vendor

Product

Version

Update

Software Edition

Target Hardware

Related CVE

CPE Name: cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::datacenter::x64: