CPE Details
Microsoft Windows 10 1507 32-bit
-
2022-12-13
16h56 +00:00
16h56 +00:00
2023-10-15
15h02 +00:00
15h02 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*
Informations
Vendor
microsoftProduct
windows_10_1507Version
-Target Hardware
x86Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. | 7 |
High |
||
| Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. | 7.8 |
High |
||
| Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. | 5.5 |
Medium |
||
| Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. | 7.8 |
High |
||
| Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. | 4.6 |
Medium |
||
| Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. | 7 |
High |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Core Messaging Elevation of Privileges Vulnerability | 7 |
High |
||
| Windows Core Messaging Elevation of Privileges Vulnerability | 7 |
High |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| NTLM Hash Disclosure Spoofing Vulnerability | 6.5 |
Medium |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Kerberos Denial of Service Vulnerability | 5.9 |
Medium |
||
| Windows Remote Desktop Configuration Service Tampering Vulnerability | 6.8 |
Medium |
||
| Windows Deployment Services Denial of Service Vulnerability | 6 |
Medium |
||
| Windows NTFS Elevation of Privilege Vulnerability | 3.3 |
Low |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Disk Cleanup Tool Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Setup Files Cleanup Elevation of Privilege Vulnerability | 7.1 |
High |
||
| Windows Storage Elevation of Privilege Vulnerability | 7.1 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Digest Authentication Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft Digest Authentication Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| MapUrlToZone Security Feature Bypass Vulnerability | 8.8 |
High |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows CSC Service Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| GDI+ Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Cryptographic Information Disclosure Vulnerability | 5.6 |
Medium |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.3 |
High |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Smart Card Reader Information Disclosure Vulnerability | 2.4 |
Low |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Themes Spoofing Vulnerability | 6.5 |
Medium |
||
| Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows upnphost.dll Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows MapUrlToZone Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Event Tracing Denial of Service Vulnerability | 5.5 |
Medium |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| MapUrlToZone Security Feature Bypass Vulnerability | 4.3 |
Medium |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| IP Helper Denial of Service Vulnerability | 7.5 |
High |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 4.6 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.8 |
Medium |
||
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | 6.1 |
Medium |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 7.5 |
High |
||
| MapUrlToZone Security Feature Bypass Vulnerability | 4.3 |
Medium |
||
| MapUrlToZone Security Feature Bypass Vulnerability | 4.3 |
Medium |
||
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | 6.2 |
Medium |
||
| Windows NTLM Spoofing Vulnerability | 6.5 |
Medium |
||
| Windows upnphost.dll Denial of Service Vulnerability | 7.5 |
High |
||
| MapUrlToZone Security Feature Bypass Vulnerability | 4.3 |
Medium |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Geolocation Service Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Kerberos Security Feature Bypass Vulnerability | 7.8 |
High |
||
| Windows OLE Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| BranchCache Remote Code Execution Vulnerability | 7.5 |
High |
||
| SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | 8.1 |
High |
||
| Microsoft Digest Authentication Remote Code Execution Vulnerability | 8.1 |
High |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows COM Server Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 5.5 |
Medium |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft COM for Windows Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 5.5 |
Medium |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows COM Server Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 4.3 |
Medium |
||
| MapUrlToZone Security Feature Bypass Vulnerability | 4.3 |
Medium |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Medium |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Kerberos Information Disclosure Vulnerability | 5.9 |
Medium |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 4.6 |
Medium |
||
| Windows BitLocker Information Disclosure Vulnerability | 4.2 |
Medium |
||
| Windows BitLocker Information Disclosure Vulnerability | 4.2 |
Medium |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.4 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows File Explorer Information Disclosure Vulnerability | 6.8 |
Medium |
||
| Windows IP Routing Management Snapin Remote Code Execution Vulnerability | 8.8 |
High |
||
| Input Method Editor (IME) Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Task Scheduler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | 8.1 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 7.5 |
High |
||
| WmsRepair Service Elevation of Privilege Vulnerability | 7.3 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.2 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Task Scheduler Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Windows Package Library Manager Information Disclosure Vulnerability | 6.2 |
Medium |
||
| Windows Registry Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 |
High |
||
| NTLM Hash Disclosure Spoofing Vulnerability | 6.5 |
Medium |
||
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | 6.8 |
Medium |
||
| Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability | 7.8 |
High |
||
| Windows Client-Side Caching Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | 6.8 |
Medium |
||
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | 6.8 |
Medium |
||
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | 6.8 |
Medium |
||
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | 6.8 |
Medium |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows NT OS Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Winlogon Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft Management Console Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
High |
||
| Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| NT OS Kernel Elevation of Privilege Vulnerability | 7.4 |
High |
||
| Windows Secure Channel Spoofing Vulnerability | 7.4 |
High |
||
| Windows Kerberos Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Kernel Denial of Service Vulnerability | 5 |
Medium |
||
| Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 7.5 |
High |
||
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 7.5 |
High |
||
| BranchCache Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | 6.7 |
Medium |
||
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | 7.8 |
High |
||
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | 6.7 |
Medium |
||
| Windows MSHTML Platform Spoofing Vulnerability | 8.1 |
High |
||
| Windows Kernel-Mode Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Remote Registry Service Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability | 7.5 |
High |
||
| BitLocker Security Feature Bypass Vulnerability | 6.4 |
Medium |
||
| BranchCache Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support. | 9.8 |
Critical |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 6.5 |
Medium |
||
| Windows Security Zone Mapping Security Feature Bypass Vulnerability | 7.8 |
High |
||
| Windows MSHTML Platform Spoofing Vulnerability | 8.8 |
High |
||
| Windows Network Address Translation (NAT) Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.2 |
High |
||
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Networking Denial of Service Vulnerability | 6.5 |
Medium |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
Medium |
||
| PowerShell Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel-Mode Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Authentication Information Disclosure Vulnerability | 6.2 |
Medium |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 9.8 |
Critical |
||
| Windows Initial Machine Configuration Elevation of Privilege Vulnerability | 6.8 |
Medium |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows OLE Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 7.5 |
High |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | 4.2 |
Medium |
||
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
High |
||
| Clipboard Virtual Channel Extension Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
High |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | 5.5 |
Medium |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows IP Routing Management Snapin Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows IP Routing Management Snapin Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows IP Routing Management Snapin Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 8.1 |
High |
||
| Windows Power Dependency Coordinator Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 6.5 |
Medium |
||
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.5 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Scripting Engine Memory Corruption Vulnerability | 7.5 |
High |
||
| Summary: Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Update: August 13, 2024 Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562. Details: A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn. The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS. Microsoft is developing a security... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302 | 6.7 |
Medium |
||
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 6.5 |
Medium |
||
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 6.5 |
Medium |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | 7.8 |
High |
||
| Windows Enroll Engine Security Feature Bypass Vulnerability | 7 |
High |
||
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.8 |
Medium |
||
| BitLocker Security Feature Bypass Vulnerability | 6.8 |
Medium |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Workstation Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability | 6.5 |
Medium |
||
| PowerShell Elevation of Privilege Vulnerability | 7.3 |
High |
||
| Windows Themes Spoofing Vulnerability | 6.5 |
Medium |
||
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | 7.2 |
High |
||
| Windows Line Printer Daemon Service Denial of Service Vulnerability | 6.5 |
Medium |
||
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | 7.2 |
High |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8.4 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8.8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 4.7 |
Medium |
||
| Windows MSHTML Platform Spoofing Vulnerability | 7.5 |
High |
||
| Windows Fax Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 6.5 |
Medium |
||
| Microsoft WS-Discovery Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows TCP/IP Information Disclosure Vulnerability | 7.5 |
High |
||
| DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability | 7.5 |
High |
||
| Windows Imaging Component Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft Windows Codecs Library Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft Windows Codecs Library Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Filtering Platform Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | 7.2 |
High |
||
| Windows Image Acquisition Elevation of Privilege Vulnerability | 7 |
High |
||
| Microsoft Windows Server Backup Elevation of Privilege Vulnerability | 6.7 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Windows iSCSI Service Denial of Service Vulnerability | 5.3 |
Medium |
||
| Windows Cryptographic Services Security Feature Bypass Vulnerability | 7.5 |
High |
||
| Windows NTLM Spoofing Vulnerability | 7.1 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
High |
||
| Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Storage Elevation of Privilege Vulnerability | 7.3 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Streaming Service Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Winlogon Elevation of Privilege Vulnerability | 5.5 |
Medium |
||
| Winlogon Elevation of Privilege Vulnerability | 5.5 |
Medium |
||
| Windows Themes Denial of Service Vulnerability | 5.5 |
Medium |
||
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 6.7 |
Medium |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Wi-Fi Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows OLE Remote Code Execution Vulnerability | 8 |
High |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 4.7 |
Medium |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 8.8 |
High |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 5.5 |
Medium |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.5 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
Medium |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Cryptographic Services Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Cryptographic Services Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows DWM Core Library Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 7.1 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 7.8 |
High |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.8 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Cryptographic Services Security Feature Bypass Vulnerability | 7.8 |
High |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.2 |
High |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows SMB Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 7 |
High |
||
| Proxy Driver Spoofing Vulnerability | 6.7 |
Medium |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.5 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Mobile Hotspot Information Disclosure Vulnerability | 5 |
Medium |
||
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 7.4 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Windows Kerberos Denial of Service Vulnerability | 6.5 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 7.8 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.8 |
Medium |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| BitLocker Security Feature Bypass Vulnerability | 6.7 |
Medium |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Cryptographic Services Remote Code Execution Vulnerability | 8.4 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Medium |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.3 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 7.5 |
High |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.4 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 4.1 |
Medium |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
High |
||
| Microsoft Install Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows rndismp6.sys Remote Code Execution Vulnerability | 6.8 |
Medium |
||
| Windows rndismp6.sys Remote Code Execution Vulnerability | 6.8 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Medium |
||
| .NET Framework Information Disclosure Vulnerability | 7.5 |
High |
||
| Windows Kernel Denial of Service Vulnerability | 5.5 |
Medium |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Update Stack Elevation of Privilege Vulnerability | 7 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 7 |
High |
||
| Microsoft AllJoyn API Denial of Service Vulnerability | 7.5 |
High |
||
| Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability | 6.4 |
Medium |
||
| Windows USB Hub Driver Remote Code Execution Vulnerability | 6.8 |
Medium |
||
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 7 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows DNS Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Kernel Security Feature Bypass Vulnerability | 5.5 |
Medium |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 6.5 |
Medium |
||
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 7 |
High |
||
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | 7.5 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 5.9 |
Medium |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
High |
||
| Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows OLE Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 7.6 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Kernel Information Disclosure Vulnerability | 4.6 |
Medium |
||
| Windows Themes Spoofing Vulnerability | 6.5 |
Medium |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Cryptographic Services Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 5.7 |
Medium |
||
| Microsoft AllJoyn API Denial of Service Vulnerability | 7.5 |
High |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Message Queuing Client (MSMQC) Information Disclosure | 6.5 |
Medium |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Microsoft Common Log File System Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 8.1 |
High |
||
| Windows TCP/IP Information Disclosure Vulnerability | 5.3 |
Medium |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Themes Information Disclosure Vulnerability | 4.7 |
Medium |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Cryptographic Services Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Message Queuing Client (MSMQC) Information Disclosure | 6.5 |
Medium |
||
| Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 7 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8 |
High |
||
| Windows Kerberos Security Feature Bypass Vulnerability | 8.8 |
High |
||
| BitLocker Security Feature Bypass Vulnerability | 6.6 |
Medium |
||
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. | 7.1 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability | 6.8 |
Medium |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.1 |
High |
||
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | 6.5 |
Medium |
||
| Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 8.1 |
High |
||
| Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability | 7.5 |
High |
||
| XAML Diagnostics Elevation of Privilege Vulnerability | 7.3 |
High |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | 9.8 |
Critical |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |
High |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows User Interface Application Core Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Search Service Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows NTFS Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows HMAC Key Derivation Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Microsoft Remote Registry Service Remote Code Execution Vulnerability | 7.2 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Scripting Engine Memory Corruption Vulnerability | 8.8 |
High |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Remote Registry Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 8 |
High |
||
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 5.5 |
Medium |
||
| ASP.NET Security Feature Bypass Vulnerability | 8.8 |
High |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 7.8 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7 |
High |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows IIS Server Elevation of Privilege Vulnerability | 9.8 |
Critical |
||
| Windows TCP/IP Information Disclosure Vulnerability | 7.5 |
High |
||
| PrintHTML API Remote Code Execution Vulnerability | 7.8 |
High |
||
| Microsoft WordPad Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Search Security Feature Bypass Vulnerability | 6.5 |
Medium |
||
| Windows Deployment Services Information Disclosure Vulnerability | 7.5 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
High |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
High |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
Medium |
||
| Windows upnphost.dll Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Remote Procedure Call Information Disclosure Vulnerability | 7.5 |
High |
||
| Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows TCP/IP Denial of Service Vulnerability | 7.5 |
High |
||
| Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft DirectMusic Remote Code Execution Vulnerability | 7.8 |
High |
||
| Microsoft AllJoyn API Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Media Foundation Core Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Active Directory Domain Services Information Disclosure Vulnerability | 4.4 |
Medium |
||
| Windows Power Management Service Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Named Pipe File System Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows TCP/IP Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 7 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Miracast Wireless Display Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows TCP/IP Denial of Service Vulnerability | 7.5 |
High |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 6.5 |
Medium |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 7.5 |
High |
||
| Windows Fax Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 6.5 |
Medium |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 6.5 |
Medium |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 6.5 |
Medium |
||
| Windows Group Policy Security Feature Bypass Vulnerability | 5.5 |
Medium |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | 5.5 |
Medium |
||
| A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | 4.7 |
Medium |
||
| Windows Search Remote Code Execution Vulnerability | 7.5 |
High |
||
| Azure Active Directory Security Feature Bypass Vulnerability | 6.5 |
Medium |
||
| Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 6.5 |
Medium |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| USB Audio Class System Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Active Template Library Elevation of Privilege Vulnerability | 6.7 |
Medium |
||
| Volume Shadow Copy Elevation of Privilege Vulnerability | 7.3 |
High |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
Medium |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 9.8 |
Critical |
||
| Windows Netlogon Information Disclosure Vulnerability | 7.4 |
High |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Clip Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Image Acquisition Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft DirectMusic Information Disclosure Vulnerability | 6.2 |
Medium |
||
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows CryptoAPI Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Peer Name Resolution Protocol Denial of Service Vulnerability | 7.5 |
High |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 6.5 |
Medium |
||
| Windows Remote Desktop Protocol Security Feature Bypass | 6.8 |
Medium |
||
| Windows Extended Negotiation Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Authentication Denial of Service Vulnerability | 6.5 |
Medium |
||
| Windows Transaction Manager Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Information Disclosure Vulnerability | 7.5 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
Medium |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
Medium |
||
| Remote Procedure Call Runtime Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
Medium |
||
| Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows MSHTML Platform Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Remote Desktop Security Feature Bypass Vulnerability | 6.8 |
Medium |
||
| OLE Automation Information Disclosure Vulnerability | 7.5 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
High |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Cryptographic Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
High |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
High |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
High |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
High |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
High |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| .NET and Visual Studio Denial of Service Vulnerability | 7.5 |
High |
||
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 7.5 |
High |
||
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | 7.5 |
High |
||
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 7.8 |
High |
||
| .NET Framework Remote Code Execution Vulnerability | 7.8 |
High |
||
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 7.8 |
High |
||
| Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Installer Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows iSCSI Discovery Service Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 7.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Filtering Platform Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Authentication Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| GDI Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 8.1 |
High |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Local Security Authority (LSA) Denial of Service Vulnerability | 6.5 |
Medium |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.3 |
High |
||
| Unified Write Filter Elevation of Privilege Vulnerability | 6.7 |
Medium |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | 5.9 |
Medium |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 7.8 |
High |
||
| Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
High |
||
| Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
High |
||
| Windows OLE Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Driver Revocation List Security Feature Bypass Vulnerability | 5.5 |
Medium |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Medium |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Word Security Feature Bypass Vulnerability | 7.5 |
High |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 6.5 |
Medium |
||
| Microsoft SharePoint Server Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7.4 |
High |
||
| Windows Backup Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows iSCSI Target Service Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
High |
||
| Windows NFS Portmapper Information Disclosure Vulnerability | 7.5 |
High |
||
| Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows NTLM Security Support Provider Information Disclosure Vulnerability | 5.9 |
Medium |
||
| Server for NFS Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Group Policy Security Feature Bypass Vulnerability | 4.4 |
Medium |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Boot Manager Security Feature Bypass Vulnerability | 6.8 |
Medium |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Boot Manager Security Feature Bypass Vulnerability | 6.8 |
Medium |
||
| Remote Desktop Protocol Client Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Kernel Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Spoofing Vulnerability | 5.5 |
Medium |
||
| Windows Bluetooth Driver Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Enroll Engine Security Feature Bypass Vulnerability | 5.3 |
Medium |
||
| Windows NTLM Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | 7.1 |
High |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.1 |
High |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Secure Channel Denial of Service Vulnerability | 5.5 |
Medium |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Cryptographic Services Remote Code Execution Vulnerability | 7.8 |
High |
||
| Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | 7.1 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Accounts Picture Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows HTTP.sys Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | 7.1 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
High |
||
| .NET and Visual Studio Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| .NET Framework Denial of Service Vulnerability | 5 |
Medium |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability | 7.5 |
High |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| NT OS Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021. | 7.8 |
High |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
Medium |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Scripting Languages Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
Medium |
||
| Windows COM+ Event System Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability. | 7.8 |
High |
||
| Windows LSA Spoofing Vulnerability | 8.1 |
High |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows User Profile Service Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows User Profile Service Elevation of Privilege Vulnerability | 7 |
High |
||
| Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability | 7.8 |
High |
||
| We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Please see the Security Updates table for the link to the updated app. Alternatively you can download and install the Installer using the links provided in the FAQ section. Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability. December 27 2023 Update: In recent months, Microsoft Threat Intelligence has seen an increase in activity from threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme. To address this increase in activity, we have updated the App Installer to disable the ms-appinstaller protocol by default and recommend other potential mitigations. | 7.1 |
High |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability. UPDATE September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system. |
8.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows User Profile Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Scripting Engine Memory Corruption Vulnerability | 8.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):
Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design. UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates. Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527. |
8.8 |
High |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows NTFS Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Remote Code Execution Vulnerability | 7.8 |
High |
||
| Internet Explorer Memory Corruption Vulnerability | 8.8 |
High |
||
| Microsoft Defender Remote Code Execution Vulnerability | 7.8 |
High |
||
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory. |
7.5 |
High |
||
| A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures. | 7.8 |
High |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. | 8.8 |
High |
||
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | 7.8 |
High |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428. | 7.5 |
High |
||
| An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'. | 7.8 |
High |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
High |
||
| An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka "Windows TCP/IP Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 7.5 |
High |
||
| A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
High |
||
| Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." | 7.8 |
High |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541. | 7.8 |
High |
||
| Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214. | 7.3 |
High |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226. | 8.8 |
High |
||
| The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | 7.8 |
High |
||
| An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability." | 8.8 |
High |
||
| The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047. | 7.8 |
High |
||
| The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047. | 7.8 |
High |
||
| Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability." | 6.5 |
Medium |
||
| Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009. | 4.3 |
Medium |
||
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | 8.8 |
High |
||
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | 8.8 |
High |
||
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148. | 8.8 |
High |
||
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148. | 8.8 |
High |
||
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability." | 7.5 |
High |
||
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146. | 8.1 |
High |
||
| Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037. | 8.8 |
High |
||
| Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. | 8.1 |
High |
||
| The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | 8.8 |
High |
||
| The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | 8.8 |
High |
||
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | 7.8 |
High |
||
| atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability." | 8.8 |
High |
||
| Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | 6.5 |
Medium |
||
| Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component RCE Vulnerability." | 7.8 |
High |
||
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | 6.5 |
Medium |
||
| The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311. | 7.8 |
High |
||
| The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187. | 7.5 |
High |
||
| The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability." | 7.8 |
High |
||
| Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability." | 4.3 |
Medium |
||
| The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165. | 7.8 |
High |
||
| The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability." | 7.8 |
High |
||
| The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability." | 7.8 |
High |
||
| Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015. | 8.8 |
High |
||
| Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. | 9.8 |
Critical |
||
| Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. | 9.8 |
Critical |
||
| Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, except for clarifications about how to configure the EnableCertPaddingCheck registry value, the information herein remains unchanged from the original text published on December 10, 2013, Microsoft does not plan to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. This behavior remains available as an opt-in feature via reg key setting, and is available on supported editions of Windows released since December 10, 2013. This includes all currently supported versions of Windows 10 and Windows 11. The supporting code for this reg key was incorporated at the time of release for Windows 10 and Windows 11, so no security update is required; however, the reg key must be set. See the Security Updates table for the list of affected software. Vulnerability Description A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable (PE) files. An anonymous attacker could exploit the vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of this vulnerability requires that a user or application run or install a specially crafted, signed PE file. An attacker could modify an... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 | 8.8 |
High |
2025©
tesweb SA
