Windows 10 22h2
Monthly
BitLocker's protection mechanism on Windows fails to enforce a critical authentication or verification step, permitting a physically present attacker to bypass full-disk encryption without credentials, a recovery key, or elevated privileges. Despite a CVSS score of 6.8 (Medium) - moderated by the physical access requirement - the impact ratings are High across confidentiality, integrity, and availability, meaning successful exploitation grants complete access to encrypted data and the underlying system. No public exploit has been identified at time of analysis, and Microsoft has released a patch via the MSRC update guide.
Security feature bypass in Windows Secure Boot enables a local high-privileged attacker to defeat the platform's boot-time integrity protections, achieving high confidentiality and integrity impact across a changed security scope. The flaw stems from a protection mechanism failure (CWE-284, Improper Access Control) that undermines the trust boundary Secure Boot is designed to enforce. At the time of analysis, no public exploit has been identified and the issue is not listed in CISA KEV, but the scope-changed CVSS of 7.9 reflects the severity of subverting a root-of-trust security control.
Security feature bypass in Windows Secure Boot allows a high-privileged local attacker to circumvent the boot integrity protection mechanism, undermining trust in the Windows boot chain. The flaw (CWE-1329, reliance on a component that is not updateable) carries a CVSS 7.9 rating due to scope change and high impact on confidentiality and integrity, and no public exploit has been identified at time of analysis. Successful exploitation could enable pre-OS persistence such as bootkits, defeating a foundational Windows security control.
Secure Boot bypass in Microsoft Windows allows an authorized local attacker with high privileges to defeat the platform's protection mechanism and tamper with the pre-OS boot chain. The CVSS 7.9 score reflects a scope-changing impact on confidentiality and integrity from a local vector, and no public exploit identified at time of analysis. The single MSRC reference indicates a Microsoft-tracked issue that primarily threatens code-integrity and boot-trust guarantees rather than runtime availability.
Remote code execution in Microsoft Remote Desktop Client is possible via a heap-based buffer overflow that an unauthenticated remote attacker can trigger when a user is convinced to connect to a malicious RDP server. The flaw is rated CVSS 7.5 (High) with attack complexity High and required user interaction, and no public exploit identified at time of analysis. The CWE-416 classification combined with the vendor's tags points to a use-after-free condition reachable through crafted RDP server responses.
Remote code execution in Microsoft Remote Desktop Client occurs when a user connects to an attacker-controlled RDP server, allowing the server to corrupt heap memory and execute arbitrary code on the client endpoint. The flaw carries a CVSS 8.8 (High) rating reflecting network reach with required user interaction, and no public exploit is identified at time of analysis. The attack pivots the traditional RDP threat model - attackers compromise clients that initiate outbound connections rather than exposed servers.
Heap-based buffer overflow in Microsoft Remote Desktop Client enables remote code execution when a user connects to a malicious RDP server, with the attacker gaining the same privileges as the connecting user. The CVSS 8.8 score reflects network-reachable exploitation requiring only minimal user interaction (initiating an RDP session), and no public exploit has been identified at time of analysis. The flaw is reported by Microsoft Security Response Center (secure@microsoft.com) and is categorized as CWE-122 heap-based buffer overflow.
Security feature bypass in Microsoft Windows BitLocker allows an attacker with physical access to circumvent the drive encryption protection mechanism. Affected systems can have BitLocker-protected data accessed despite the encryption-at-rest control being enabled, undermining a core platform confidentiality boundary. There is no public exploit identified at time of analysis, but the vulnerability is reported by Microsoft (secure@microsoft.com) as a protection mechanism failure with high impact across confidentiality, integrity, and availability.
Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privilege attacker to elevate to SYSTEM by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 rating with high attack complexity, and no public exploit identified at time of analysis. Exploitation requires a race condition or specific timing to be won, which constrains reliable weaponization but does not eliminate the risk on multi-user or shared Windows hosts.
Local code execution in Microsoft Windows Hyper-V allows an authenticated attacker on a guest or host to escape sandbox boundaries by triggering an out-of-bounds read condition (CWE-843, type confusion) in the hypervisor. The flaw affects Windows 10 (21H2/22H2), Windows 11 (23H2/24H2/25H2/26H1), and Windows Server 2022/2025, with a vendor-released patch available and no public exploit identified at time of analysis. EPSS scoring of 0.15% and SSVC exploitation status of 'none' suggest limited near-term exploitation likelihood despite total technical impact potential.
Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows remote unauthenticated attackers to read out-of-bounds memory over the network, potentially exposing sensitive data from the RDP service process. The flaw is reachable without authentication or user interaction across any exposed RDP endpoint, and no public exploit identified at time of analysis. Microsoft has assigned the issue a CVSS 3.1 score of 7.5 reflecting high confidentiality impact with no integrity or availability effect.
Local privilege escalation in the Windows Ancillary Function Driver (AFD.sys) for WinSock allows an authenticated low-privileged user to gain SYSTEM-level access through a use-after-free condition. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8 score with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the AFD.sys driver has a long history of similar bugs being weaponized post-disclosure.
Remote code execution in the Microsoft Windows Universal Plug and Play stack (upnp.dll) allows unauthenticated network attackers to execute arbitrary code on affected hosts by triggering a memory-safety flaw in the UPnP service. The issue carries a CVSS 3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N), reflecting network reachability without credentials but high attack complexity. At time of analysis there is no public exploit identified and the CVE is not listed in CISA KEV.
Out-of-bounds read in the Windows DHCP Server service enables a locally authenticated, low-privileged attacker to disclose contents of process memory on affected systems. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms this is a local, low-complexity attack requiring only standard user privileges - no elevated rights or user interaction needed. Exploitation is constrained to hosts where the Windows DHCP Server role is actively installed and running, which significantly limits the attack surface to designated infrastructure servers rather than general workstations. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.
Out-of-bounds read in Windows DHCP Server exposes adjacent memory contents and can crash the service, yielding both information disclosure and a high-severity denial-of-service condition on affected Windows systems. The flaw (CWE-125) is exploitable locally with low attack complexity and no user interaction, targeting systems where the DHCP Server role is installed across a broad range of Windows 10, 11, and Server editions from 2012 through 2025. No public exploit has been identified at time of analysis, and Microsoft has released patched builds via the MSRC update guide (CVE-2026-45608).
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to elevate to SYSTEM by winning a race condition that triggers a use-after-free. The flaw is reported by Microsoft (MSRC) and carries CVSS 7.0 with high attack complexity, but no public exploit is identified at time of analysis and it is not listed in CISA KEV.
Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data with high confidentiality and integrity impact, as reflected by the 9.1 CVSS score. The vulnerability is reachable over the network without privileges or user interaction, and no public exploit identified at time of analysis. The combination of authentication bypass tagging and DHCP's role as a core network infrastructure service makes this a high-priority issue for any Windows environment running the DHCP Server role.
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an authenticated low-privileged attacker to win a race condition and gain SYSTEM-level execution. The flaw is a use-after-free triggered through concurrent WinSock operations, and at time of analysis no public exploit has been identified and the CVE is not on the CISA KEV list.
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to win a race condition and trigger a use-after-free, enabling code execution at kernel level. No public exploit identified at time of analysis, but AFD.sys has a long history of being a preferred LPE target and Microsoft has marked the issue as important. EPSS data was not provided in the source feed.
Local code execution in Microsoft Windows Win32K GRFX (graphics) subsystem allows an attacker with low-privilege local access to run arbitrary code by triggering an integer overflow, after coaxing a user into interacting with a crafted graphics object. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, though Win32K bugs historically attract rapid exploit development for privilege escalation in post-compromise chains.
Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to run code locally to escalate privileges through an integer overflow. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8, but requires user interaction (UI:R) and local access (AV:L), and no public exploit identified at time of analysis.
Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privilege attacker to gain higher privileges through a use-after-free memory corruption flaw. The vulnerability carries a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Successful exploitation typically yields SYSTEM-level code execution on the affected Windows host.
Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RDP server, where a heap-based buffer overflow (linked to use-after-free memory corruption per vendor tags) enables arbitrary code execution on the client machine. The CVSS 7.5 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis. SSVC assessment from CISA rates exploitation as 'none' and automatable as 'no', though technical impact is total.
Remote code execution in Microsoft Remote Desktop Client arises from a heap-based buffer overflow (CWE-122) that an unauthenticated network attacker can trigger when a victim connects to or interacts with a malicious server. Microsoft (secure@microsoft.com) is the originating reporter and has published an advisory in the MSRC update guide, with no public exploit identified at time of analysis. The CVSS 7.5 (High) rating reflects high attack complexity and required user interaction, but successful exploitation yields full confidentiality, integrity, and availability impact on the client host.
Remote code execution in Microsoft Remote Desktop Client is possible when a user is lured into connecting to an attacker-controlled RDP server, where a heap-based buffer overflow (CWE-122) can be triggered to run arbitrary code on the client machine. The flaw was reported by Microsoft (secure@microsoft.com) and carries a CVSS 3.1 score of 7.5, reflecting high attack complexity and the requirement for user interaction. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Remote code execution in Microsoft Remote Desktop Client is possible when a user is enticed to connect to an attacker-controlled RDP server, triggering a heap-based buffer overflow (CWE-122). The flaw scores CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and, while no public exploit is identified at time of analysis, the network-reachable nature and full CIA impact make it a meaningful client-side risk for users connecting to untrusted endpoints.
Local privilege escalation in the Microsoft Graphics Component allows an authenticated low-privileged attacker to gain elevated rights via a use-after-free memory corruption flaw (CWE-416). The issue carries a CVSS 7.8 (High) rating with full confidentiality, integrity, and availability impact on the affected host. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that runs attacker code in the client's context. The flaw (CWE-416 use-after-free / heap corruption) carries CVSS 8.8 and requires user interaction, with no public exploit identified at time of analysis. A vendor patch is available via Microsoft MSRC.
Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables a locally authenticated attacker to read sensitive information from memory without elevation of privilege. Affecting a wide range of Windows 10, Windows 11, and Windows Server builds, the vulnerability requires only low-privilege local access and no user interaction to trigger. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with partial technical impact, placing this in a lower-urgency remediation band despite the High confidentiality rating in the CVSS vector.
Windows Push Notifications on multiple Windows 10, Windows 11, and Windows Server versions exposes sensitive memory contents through an uninitialized resource condition, allowing a low-privileged local user to read high-confidentiality data without any user interaction. The CVSS vector (AV:L/PR:L) confirms this is strictly a local privilege issue - no remote attack path exists - limiting its practical blast radius to insider threats and post-compromise lateral reconnaissance. No public exploit has been identified at time of analysis, and Microsoft has released patches addressing all listed affected versions.
Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables authenticated local attackers to disclose sensitive information across a wide breadth of Microsoft Windows desktop and server platforms. Spanning Windows 10 through Windows 11 25H2 and Windows Server 2012 through Server 2025, the vulnerability carries a CVSS 5.5 Medium score with high confidentiality impact (C:H) but no integrity or availability impact. Microsoft has released patches via the June 2026 Patch Tuesday cycle; no public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged user to elevate to higher privileges through an integer underflow condition. The flaw carries a CVSS 7.8 (High) rating with no public exploit identified at time of analysis, but Microsoft has issued a patch via MSRC. Defenders should treat this as a standard Patch-Tuesday-class kernel EoP that becomes a critical post-compromise pivot once initial access is achieved.
Denial-of-service in the Windows TCP/IP stack allows an authenticated attacker on an adjacent network to crash the networking subsystem of affected Windows hosts via an incorrect buffer size calculation. Affected systems span Windows 10 (21H2, 22H2), Windows 11 (23H2 through 26H1), Windows Server 2022, and Windows Server 2025 - all unpatched builds within Microsoft-documented version ranges. No public exploit identified at time of analysis, though Microsoft has released fixes addressable via Windows Update; the vulnerability is not listed in the CISA KEV catalog.
Windows Kerberos out-of-bounds read (CWE-125) allows a low-privilege network attacker to crash the Kerberos authentication service across all actively supported Windows client and server platforms, from Windows Server 2012 through Windows Server 2025 and Windows 11 26H1. The attack requires prior domain authentication and high-complexity triggering conditions (CVSS AC:H), limiting opportunistic mass exploitation, though a successful attack against a domain controller can deny authentication domain-wide by crashing the KDC. Vendor patches are available via the Microsoft MSRC advisory; no public exploit code exists and SSVC confirms no observed exploitation at time of analysis.
Remote code execution in Microsoft Remote Desktop Client is possible when a user connects to an attacker-controlled or compromised RDP endpoint, where a race condition (CWE-362) can be triggered to corrupt heap memory and execute arbitrary code in the client process. The flaw is unauthenticated from the network attacker's perspective but requires user interaction to initiate the connection, and no public exploit has been identified at time of analysis.
Information disclosure in Windows Shell exposes sensitive data to authenticated low-privileged attackers, with a confirmed vendor patch available. The vulnerability stems from CWE-200 improper information exposure within the Windows Shell component, allowing confidentiality compromise with no integrity or availability impact. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high confidentiality impact score (C:H) and low attack complexity elevate practical concern for environments where lateral movement or credential harvesting are threat vectors.
Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver allows an authenticated low-privileged user on a Windows host to escalate to higher privileges by triggering a buffer over-read in the kernel-mode driver. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 7.8 with low attack complexity and no user interaction makes it an attractive post-compromise target for endpoint operators.
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]
Privilege escalation in Windows DWM Core Library affects Windows 10 versions 21H2 and 1809 through a use-after-free memory corruption vulnerability that allows authenticated local attackers to gain system-level privileges. The vulnerability requires local access and valid user credentials but no user interaction, creating a significant risk for multi-user systems. No patch is currently available.
Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2, and Windows Server 2012, allowing adjacent network attackers to gain elevated system access without authentication. The vulnerability has a high CVSS score of 8.8 but currently lacks a patch, creating significant risk for exposed systems. Exploitation requires network proximity but no user interaction.
Unauthorized disclosure of sensitive information in Windows Accessibility Infrastructure (ATBroker.exe) affects Windows Server 2019, 2025, Windows 10 22h2, and Windows 11 25h2, allowing local authenticated attackers to read confidential data. The vulnerability requires user privileges and local access but poses no risk to system integrity or availability. No patch is currently available for this issue.
Windows Shell Link Processing leaks sensitive information over the network in Windows Server 2012, 2019, and 2022, enabling remote spoofing attacks without authentication or user interaction. An unauthenticated attacker can exploit this information disclosure to conduct spoofing attacks against affected systems. No patch is currently available.
Information disclosure in Windows GDI+ affects Windows 11 (24h2, 25h2) and Windows Server 2012/2016, allowing unauthenticated attackers to read sensitive data remotely through an out-of-bounds memory access vulnerability. The flaw requires no user interaction and can be exploited over the network to compromise confidentiality without modifying system data or availability. No patch is currently available for this high-severity vulnerability.
Windows Ancillary Function Driver for WinSock in Windows Server 2025, 2022, and Windows 10 1809 contains insufficient input validation that allows authenticated local users to escalate privileges. An attacker with local access and valid credentials can exploit this vulnerability to gain elevated system permissions, though no patch is currently available. This HIGH severity vulnerability affects multiple Windows Server and client versions with no active exploit mitigation path.
Windows Ancillary Function Driver for WinSock (AFD) in Windows 11 versions 24h2 and 26h1 contains a use-after-free vulnerability (CWE-416) that allows authenticated local attackers to escalate privileges through memory corruption. An attacker with local access could exploit this flaw to gain elevated system permissions, though no official patch is currently available.
Privilege escalation in Windows Active Directory Domain Services (AD DS) across Windows 11, Windows 10, and Windows Server platforms allows authenticated network attackers to gain elevated privileges by exploiting improper validation of resource naming restrictions. An attacker with valid domain credentials can leverage this vulnerability to escalate their access level without user interaction. Currently, no patch is available, leaving all affected Windows versions vulnerable.
Windows Ancillary Function Driver for WinSock in Windows 10 (all versions) and Windows 11 contains an access control weakness that enables authenticated local attackers to escalate privileges to system level. An attacker with standard user credentials can exploit this flaw to gain elevated rights on affected systems. No patch is currently available for this vulnerability.
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Windows Extensible File Allocation (exFAT) contains an out-of-bounds read vulnerability affecting Windows Server 2022, Windows 10 1607, and Windows 11 versions 23h2/25h2, enabling authenticated local users to escalate privileges with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available. This flaw carries a CVSS score of 7.8 and affects multiple supported Windows versions across server and client platforms.
Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments.
Privilege escalation in Windows Authentication Methods (Windows 10 22H2, Windows 11 26H1) stems from a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low user privileges and manual interaction but provides complete system compromise through code execution. No patch is currently available for this high-severity vulnerability.
A division by zero flaw in the Microsoft Graphics Component on Windows 10 and Windows 11 systems enables local attackers to trigger a denial of service condition without requiring special privileges or user interaction. The vulnerability affects multiple Windows versions including Windows 10 1607, 22h2 and Windows 11 25h2, 26h1, with no patch currently available.
Microsoft Graphics Component on Windows 10 21H2, Windows Server 2016, and Windows 11 25H2 is vulnerable to a null pointer dereference that enables local denial of service attacks. An attacker with local access can trigger the vulnerability without requiring elevated privileges or user interaction to crash the graphics component and render the system unavailable. No patch is currently available for this medium-severity vulnerability.
Local code execution in Windows System Image Manager (Windows 11 23h2, Windows Server 2019/2022) through unsafe deserialization of untrusted data. An authenticated local attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. No patch is currently available.
Privilege escalation in Windows Performance Counters via null pointer dereference affects Windows Server 2019 and Windows 11 systems, enabling authenticated local attackers to gain elevated privileges. The vulnerability impacts systems where users have standard account access, allowing them to escalate to higher privilege levels on affected machines. No patch is currently available.
Windows Kerberos authentication in Server 2012 and Windows 10 (versions 1607, 1809) contains a race condition that enables unauthenticated remote attackers to circumvent security feature protections. The synchronization flaw in concurrent resource access allows attackers to bypass intended security controls without user interaction over the network. No patch is currently available for this vulnerability.
Privilege escalation in Windows Device Association Service (Windows 10 versions 1607, 1809, and 21H2) stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires high attack complexity and no user interaction, making it exploitable by insiders or compromised local accounts. No patch is currently available.
Privilege escalation in Windows Device Association Service across Windows 10, 11, and Server 2022 stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires local access and specific timing conditions but poses high risk due to its impact on confidentiality, integrity, and availability. No patch is currently available.
Windows SMB Server authentication bypass across multiple versions (Windows 10 1607, Windows 11 23h2, Windows Server 2012/2025) permits authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability stems from improper authentication validation in the SMB service, allowing a local attacker to gain system-level access without user interaction. No patch is currently available, leaving affected systems vulnerable to privilege escalation attacks from any authenticated user.
Privilege escalation in Windows Ancillary Function Driver for WinSock affects Windows 11 24H2, Windows Server 2022, and Windows Server 2025, allowing authenticated local attackers to gain system-level access through null pointer dereference. The vulnerability requires valid user credentials and local access but no user interaction to exploit. No patch is currently available.
Privilege escalation in Windows Connected Devices Platform Service (Cdpsvc) exploits a use-after-free memory vulnerability, affecting Windows 10 22h2 and Windows 11 (25h2, 26h1). An authenticated local attacker can leverage this flaw to gain system-level privileges on vulnerable systems. No patch is currently available for this high-severity vulnerability.
Privilege escalation in Windows Accessibility Infrastructure (ATBroker.exe) across Windows 10, Windows 11, and Windows Server 2022 stems from improper permission assignments on a critical resource. A local authenticated attacker can exploit this misconfiguration to gain elevated privileges without user interaction. No patch is currently available for this vulnerability.
Windows Projected File System in Windows 11 and Server 2022 contains improper access control that enables authenticated local users to escalate privileges to system level. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions without user interaction. Currently, no patch is available to address this issue.
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Arbitrary code execution in Windows 10 (versions 21H2 and 22H2) via heap buffer overflow in Mobile Broadband functionality requires physical access to a target device. An attacker with direct hardware access can trigger memory corruption to achieve kernel-level code execution with full system privileges. No patch is currently available for this vulnerability.
Windows Kernel path traversal vulnerability in Server 2025, Server 2022, Windows 11 24h2, and Windows 10 22h2 enables authenticated local attackers to achieve full system compromise through privilege escalation. The flaw allows an authorized user to manipulate file name or path parameters, bypassing access controls and gaining kernel-level privileges. No patch is currently available.
Windows Push Message Routing Service contains an out-of-bounds read vulnerability that enables authenticated local users to access sensitive information on affected systems running Windows 10 and Windows 11. The vulnerability requires valid credentials to exploit and poses a confidentiality risk, though no patch is currently available. This affects multiple Windows versions including 21H2, 22H2, and 23H2 releases.
Windows MapUrlToZone security bypass in Windows 11 24H2, Windows 10 21H2, and Windows Server 2016/2025 allows unauthenticated remote attackers to circumvent zone-based security restrictions through improper path equivalence resolution. An attacker can exploit this network-accessible vulnerability without user interaction to bypass intended access controls. No patch is currently available for this high-severity vulnerability.
Windows ReFS contains an out-of-bounds read vulnerability affecting Server 2019, 2022, 2025, and Windows 11 26h1 that enables authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability requires low attack complexity and no user interaction, making it exploitable by any authenticated user on the system. No patch is currently available for this HIGH severity issue.
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability [CVSS 7.8 HIGH]
Privilege escalation in the Windows Bluetooth RFCOM Protocol Driver across Windows 11 26h1, Windows Server 2025, and Windows 10 1809 stems from improper synchronization of concurrent access to shared resources. An authenticated local attacker can exploit this race condition to gain elevated privileges on affected systems. No patch is currently available for this vulnerability.
Local privilege escalation in Microsoft Graphics Component on Windows Server 2016 and Windows 11 23h2 stems from improper synchronization of shared resources, enabling authenticated attackers to gain elevated privileges. The race condition vulnerability requires local access and specific timing conditions but carries high impact potential across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables authorized local attackers to escalate privileges. KEV-listed, this kernel-level vulnerability in the Windows compositor allows any authenticated user to achieve SYSTEM-level access through exploitation of an incompatible type access in DWM's resource handling.
Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the core Windows Shell component enables remote code execution by circumventing security boundaries designed to prevent execution of untrusted content received from the network.
Windows Storage component contains an authentication bypass that enables authenticated local users to escalate privileges on Windows 10, Windows 11, and Windows Server 2016/2019 systems. An attacker with valid local credentials can exploit this vulnerability to gain elevated system access without user interaction. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.
Windows Hyper-V fails to properly enforce access controls, enabling local authenticated users to circumvent security features and gain unauthorized system access. This high-severity flaw affects Windows 10, Windows 11, Windows Server 2022, and Hyper-V implementations, allowing privileged attackers to escalate privileges across system boundaries. No patch is currently available for this vulnerability.
Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges on affected Windows and Windows Server systems. An attacker with local access and user-level permissions can trigger memory corruption through user interaction to compromise system integrity and confidentiality. This vulnerability affects Windows 10 1809, Windows Server 2025, and related Hyper-V implementations with no patch currently available.
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. [CVSS 7.3 HIGH]
Privilege escalation in Microsoft Graphics Component on Windows 11 24H2 and Windows 10 21H2 exploits a heap buffer overflow to allow authenticated local attackers to gain system-level access. The vulnerability requires local access and user interaction is not required, presenting a significant risk in multi-user environments. No patch is currently available.
Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges (CVSS 7.3). Exploitation requires user interaction and local system access, affecting Windows 10 1809 and Windows Server 2025. No patch is currently available.
Windows Subsystem for Linux contains a use-after-free vulnerability that enables local privilege escalation for authenticated users. An attacker with valid local access could exploit this memory safety flaw to gain elevated system privileges on affected Windows Server 2022 systems.
Windows HTTP.sys contains a race condition between privilege checks and resource access that enables local authenticated users to escalate privileges on Windows 10 21H2, Windows 11 23H2, and Windows Server 2025. An attacker with valid credentials can exploit this timing vulnerability to gain system-level access. No patch is currently available for this vulnerability.
Privilege escalation via heap buffer overflow in Windows Kernel (Windows 10 21H2, Windows Server 2016) allows authenticated local users to gain elevated system privileges. The vulnerability requires local access and user-level permissions, making it exploitable by authorized account holders to bypass security boundaries. No patch is currently available for this issue.
Privilege escalation in the Windows Ancillary Function Driver for WinSock affects Windows 11 and Windows Server 2022/2019, allowing authenticated local users to gain elevated system privileges. The vulnerability stems from improper access control mechanisms and currently lacks a patch. An authenticated attacker with local access can exploit this to achieve full system compromise.
Local privilege escalation in Windows Subsystem for Linux affects Windows 11 23h2 and Windows 10 22h2 through a race condition in shared resource synchronization. An authenticated local attacker can exploit this vulnerability to gain elevated privileges on the system. No patch is currently available for this vulnerability.
Windows Ancillary Function Driver for WinSock contains a heap buffer overflow vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows 10 and Server 2012 systems. An attacker with valid user credentials can exploit this memory corruption flaw to execute arbitrary code with elevated privileges. No patch is currently available for this vulnerability.
Privilege escalation in Microsoft Graphics Component via use-after-free memory corruption affects Windows Server 2019 and 2012, allowing authenticated local attackers to gain elevated system privileges with user interaction. The vulnerability poses a significant risk in industrial environments where Windows Server hosts critical infrastructure. No patch is currently available for this high-severity issue.
Local privilege escalation in Windows Connected Devices Platform Service exploits a race condition in resource synchronization, allowing authenticated attackers to gain elevated privileges on affected Windows systems including Server 2022, Windows 11 25h2, and Windows 10 21h2. The vulnerability requires local access and user interaction is not needed, making it a practical attack vector for users with standard privileges. No patch is currently available.
Windows Kernel privilege escalation vulnerability in Windows 10 21H2 and Windows Server 2012 stems from improper synchronization of concurrent access to shared resources, enabling local authenticated users to gain elevated system privileges. The race condition can be triggered without user interaction and impacts confidentiality, integrity, and availability of the affected system. No patch is currently available.
BitLocker's protection mechanism on Windows fails to enforce a critical authentication or verification step, permitting a physically present attacker to bypass full-disk encryption without credentials, a recovery key, or elevated privileges. Despite a CVSS score of 6.8 (Medium) - moderated by the physical access requirement - the impact ratings are High across confidentiality, integrity, and availability, meaning successful exploitation grants complete access to encrypted data and the underlying system. No public exploit has been identified at time of analysis, and Microsoft has released a patch via the MSRC update guide.
Security feature bypass in Windows Secure Boot enables a local high-privileged attacker to defeat the platform's boot-time integrity protections, achieving high confidentiality and integrity impact across a changed security scope. The flaw stems from a protection mechanism failure (CWE-284, Improper Access Control) that undermines the trust boundary Secure Boot is designed to enforce. At the time of analysis, no public exploit has been identified and the issue is not listed in CISA KEV, but the scope-changed CVSS of 7.9 reflects the severity of subverting a root-of-trust security control.
Security feature bypass in Windows Secure Boot allows a high-privileged local attacker to circumvent the boot integrity protection mechanism, undermining trust in the Windows boot chain. The flaw (CWE-1329, reliance on a component that is not updateable) carries a CVSS 7.9 rating due to scope change and high impact on confidentiality and integrity, and no public exploit has been identified at time of analysis. Successful exploitation could enable pre-OS persistence such as bootkits, defeating a foundational Windows security control.
Secure Boot bypass in Microsoft Windows allows an authorized local attacker with high privileges to defeat the platform's protection mechanism and tamper with the pre-OS boot chain. The CVSS 7.9 score reflects a scope-changing impact on confidentiality and integrity from a local vector, and no public exploit identified at time of analysis. The single MSRC reference indicates a Microsoft-tracked issue that primarily threatens code-integrity and boot-trust guarantees rather than runtime availability.
Remote code execution in Microsoft Remote Desktop Client is possible via a heap-based buffer overflow that an unauthenticated remote attacker can trigger when a user is convinced to connect to a malicious RDP server. The flaw is rated CVSS 7.5 (High) with attack complexity High and required user interaction, and no public exploit identified at time of analysis. The CWE-416 classification combined with the vendor's tags points to a use-after-free condition reachable through crafted RDP server responses.
Remote code execution in Microsoft Remote Desktop Client occurs when a user connects to an attacker-controlled RDP server, allowing the server to corrupt heap memory and execute arbitrary code on the client endpoint. The flaw carries a CVSS 8.8 (High) rating reflecting network reach with required user interaction, and no public exploit is identified at time of analysis. The attack pivots the traditional RDP threat model - attackers compromise clients that initiate outbound connections rather than exposed servers.
Heap-based buffer overflow in Microsoft Remote Desktop Client enables remote code execution when a user connects to a malicious RDP server, with the attacker gaining the same privileges as the connecting user. The CVSS 8.8 score reflects network-reachable exploitation requiring only minimal user interaction (initiating an RDP session), and no public exploit has been identified at time of analysis. The flaw is reported by Microsoft Security Response Center (secure@microsoft.com) and is categorized as CWE-122 heap-based buffer overflow.
Security feature bypass in Microsoft Windows BitLocker allows an attacker with physical access to circumvent the drive encryption protection mechanism. Affected systems can have BitLocker-protected data accessed despite the encryption-at-rest control being enabled, undermining a core platform confidentiality boundary. There is no public exploit identified at time of analysis, but the vulnerability is reported by Microsoft (secure@microsoft.com) as a protection mechanism failure with high impact across confidentiality, integrity, and availability.
Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privilege attacker to elevate to SYSTEM by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 rating with high attack complexity, and no public exploit identified at time of analysis. Exploitation requires a race condition or specific timing to be won, which constrains reliable weaponization but does not eliminate the risk on multi-user or shared Windows hosts.
Local code execution in Microsoft Windows Hyper-V allows an authenticated attacker on a guest or host to escape sandbox boundaries by triggering an out-of-bounds read condition (CWE-843, type confusion) in the hypervisor. The flaw affects Windows 10 (21H2/22H2), Windows 11 (23H2/24H2/25H2/26H1), and Windows Server 2022/2025, with a vendor-released patch available and no public exploit identified at time of analysis. EPSS scoring of 0.15% and SSVC exploitation status of 'none' suggest limited near-term exploitation likelihood despite total technical impact potential.
Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows remote unauthenticated attackers to read out-of-bounds memory over the network, potentially exposing sensitive data from the RDP service process. The flaw is reachable without authentication or user interaction across any exposed RDP endpoint, and no public exploit identified at time of analysis. Microsoft has assigned the issue a CVSS 3.1 score of 7.5 reflecting high confidentiality impact with no integrity or availability effect.
Local privilege escalation in the Windows Ancillary Function Driver (AFD.sys) for WinSock allows an authenticated low-privileged user to gain SYSTEM-level access through a use-after-free condition. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8 score with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the AFD.sys driver has a long history of similar bugs being weaponized post-disclosure.
Remote code execution in the Microsoft Windows Universal Plug and Play stack (upnp.dll) allows unauthenticated network attackers to execute arbitrary code on affected hosts by triggering a memory-safety flaw in the UPnP service. The issue carries a CVSS 3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N), reflecting network reachability without credentials but high attack complexity. At time of analysis there is no public exploit identified and the CVE is not listed in CISA KEV.
Out-of-bounds read in the Windows DHCP Server service enables a locally authenticated, low-privileged attacker to disclose contents of process memory on affected systems. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms this is a local, low-complexity attack requiring only standard user privileges - no elevated rights or user interaction needed. Exploitation is constrained to hosts where the Windows DHCP Server role is actively installed and running, which significantly limits the attack surface to designated infrastructure servers rather than general workstations. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.
Out-of-bounds read in Windows DHCP Server exposes adjacent memory contents and can crash the service, yielding both information disclosure and a high-severity denial-of-service condition on affected Windows systems. The flaw (CWE-125) is exploitable locally with low attack complexity and no user interaction, targeting systems where the DHCP Server role is installed across a broad range of Windows 10, 11, and Server editions from 2012 through 2025. No public exploit has been identified at time of analysis, and Microsoft has released patched builds via the MSRC update guide (CVE-2026-45608).
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to elevate to SYSTEM by winning a race condition that triggers a use-after-free. The flaw is reported by Microsoft (MSRC) and carries CVSS 7.0 with high attack complexity, but no public exploit is identified at time of analysis and it is not listed in CISA KEV.
Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data with high confidentiality and integrity impact, as reflected by the 9.1 CVSS score. The vulnerability is reachable over the network without privileges or user interaction, and no public exploit identified at time of analysis. The combination of authentication bypass tagging and DHCP's role as a core network infrastructure service makes this a high-priority issue for any Windows environment running the DHCP Server role.
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an authenticated low-privileged attacker to win a race condition and gain SYSTEM-level execution. The flaw is a use-after-free triggered through concurrent WinSock operations, and at time of analysis no public exploit has been identified and the CVE is not on the CISA KEV list.
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (afd.sys) allows an authenticated low-privileged user to win a race condition and trigger a use-after-free, enabling code execution at kernel level. No public exploit identified at time of analysis, but AFD.sys has a long history of being a preferred LPE target and Microsoft has marked the issue as important. EPSS data was not provided in the source feed.
Local code execution in Microsoft Windows Win32K GRFX (graphics) subsystem allows an attacker with low-privilege local access to run arbitrary code by triggering an integer overflow, after coaxing a user into interacting with a crafted graphics object. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, though Win32K bugs historically attract rapid exploit development for privilege escalation in post-compromise chains.
Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to run code locally to escalate privileges through an integer overflow. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8, but requires user interaction (UI:R) and local access (AV:L), and no public exploit identified at time of analysis.
Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privilege attacker to gain higher privileges through a use-after-free memory corruption flaw. The vulnerability carries a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Successful exploitation typically yields SYSTEM-level code execution on the affected Windows host.
Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RDP server, where a heap-based buffer overflow (linked to use-after-free memory corruption per vendor tags) enables arbitrary code execution on the client machine. The CVSS 7.5 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis. SSVC assessment from CISA rates exploitation as 'none' and automatable as 'no', though technical impact is total.
Remote code execution in Microsoft Remote Desktop Client arises from a heap-based buffer overflow (CWE-122) that an unauthenticated network attacker can trigger when a victim connects to or interacts with a malicious server. Microsoft (secure@microsoft.com) is the originating reporter and has published an advisory in the MSRC update guide, with no public exploit identified at time of analysis. The CVSS 7.5 (High) rating reflects high attack complexity and required user interaction, but successful exploitation yields full confidentiality, integrity, and availability impact on the client host.
Remote code execution in Microsoft Remote Desktop Client is possible when a user is lured into connecting to an attacker-controlled RDP server, where a heap-based buffer overflow (CWE-122) can be triggered to run arbitrary code on the client machine. The flaw was reported by Microsoft (secure@microsoft.com) and carries a CVSS 3.1 score of 7.5, reflecting high attack complexity and the requirement for user interaction. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Remote code execution in Microsoft Remote Desktop Client is possible when a user is enticed to connect to an attacker-controlled RDP server, triggering a heap-based buffer overflow (CWE-122). The flaw scores CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and, while no public exploit is identified at time of analysis, the network-reachable nature and full CIA impact make it a meaningful client-side risk for users connecting to untrusted endpoints.
Local privilege escalation in the Microsoft Graphics Component allows an authenticated low-privileged attacker to gain elevated rights via a use-after-free memory corruption flaw (CWE-416). The issue carries a CVSS 7.8 (High) rating with full confidentiality, integrity, and availability impact on the affected host. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that runs attacker code in the client's context. The flaw (CWE-416 use-after-free / heap corruption) carries CVSS 8.8 and requires user interaction, with no public exploit identified at time of analysis. A vendor patch is available via Microsoft MSRC.
Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables a locally authenticated attacker to read sensitive information from memory without elevation of privilege. Affecting a wide range of Windows 10, Windows 11, and Windows Server builds, the vulnerability requires only low-privilege local access and no user interaction to trigger. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with partial technical impact, placing this in a lower-urgency remediation band despite the High confidentiality rating in the CVSS vector.
Windows Push Notifications on multiple Windows 10, Windows 11, and Windows Server versions exposes sensitive memory contents through an uninitialized resource condition, allowing a low-privileged local user to read high-confidentiality data without any user interaction. The CVSS vector (AV:L/PR:L) confirms this is strictly a local privilege issue - no remote attack path exists - limiting its practical blast radius to insider threats and post-compromise lateral reconnaissance. No public exploit has been identified at time of analysis, and Microsoft has released patches addressing all listed affected versions.
Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables authenticated local attackers to disclose sensitive information across a wide breadth of Microsoft Windows desktop and server platforms. Spanning Windows 10 through Windows 11 25H2 and Windows Server 2012 through Server 2025, the vulnerability carries a CVSS 5.5 Medium score with high confidentiality impact (C:H) but no integrity or availability impact. Microsoft has released patches via the June 2026 Patch Tuesday cycle; no public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged user to elevate to higher privileges through an integer underflow condition. The flaw carries a CVSS 7.8 (High) rating with no public exploit identified at time of analysis, but Microsoft has issued a patch via MSRC. Defenders should treat this as a standard Patch-Tuesday-class kernel EoP that becomes a critical post-compromise pivot once initial access is achieved.
Denial-of-service in the Windows TCP/IP stack allows an authenticated attacker on an adjacent network to crash the networking subsystem of affected Windows hosts via an incorrect buffer size calculation. Affected systems span Windows 10 (21H2, 22H2), Windows 11 (23H2 through 26H1), Windows Server 2022, and Windows Server 2025 - all unpatched builds within Microsoft-documented version ranges. No public exploit identified at time of analysis, though Microsoft has released fixes addressable via Windows Update; the vulnerability is not listed in the CISA KEV catalog.
Windows Kerberos out-of-bounds read (CWE-125) allows a low-privilege network attacker to crash the Kerberos authentication service across all actively supported Windows client and server platforms, from Windows Server 2012 through Windows Server 2025 and Windows 11 26H1. The attack requires prior domain authentication and high-complexity triggering conditions (CVSS AC:H), limiting opportunistic mass exploitation, though a successful attack against a domain controller can deny authentication domain-wide by crashing the KDC. Vendor patches are available via the Microsoft MSRC advisory; no public exploit code exists and SSVC confirms no observed exploitation at time of analysis.
Remote code execution in Microsoft Remote Desktop Client is possible when a user connects to an attacker-controlled or compromised RDP endpoint, where a race condition (CWE-362) can be triggered to corrupt heap memory and execute arbitrary code in the client process. The flaw is unauthenticated from the network attacker's perspective but requires user interaction to initiate the connection, and no public exploit has been identified at time of analysis.
Information disclosure in Windows Shell exposes sensitive data to authenticated low-privileged attackers, with a confirmed vendor patch available. The vulnerability stems from CWE-200 improper information exposure within the Windows Shell component, allowing confidentiality compromise with no integrity or availability impact. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high confidentiality impact score (C:H) and low attack complexity elevate practical concern for environments where lateral movement or credential harvesting are threat vectors.
Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver allows an authenticated low-privileged user on a Windows host to escalate to higher privileges by triggering a buffer over-read in the kernel-mode driver. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 7.8 with low attack complexity and no user interaction makes it an attractive post-compromise target for endpoint operators.
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]
Privilege escalation in Windows DWM Core Library affects Windows 10 versions 21H2 and 1809 through a use-after-free memory corruption vulnerability that allows authenticated local attackers to gain system-level privileges. The vulnerability requires local access and valid user credentials but no user interaction, creating a significant risk for multi-user systems. No patch is currently available.
Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2, and Windows Server 2012, allowing adjacent network attackers to gain elevated system access without authentication. The vulnerability has a high CVSS score of 8.8 but currently lacks a patch, creating significant risk for exposed systems. Exploitation requires network proximity but no user interaction.
Unauthorized disclosure of sensitive information in Windows Accessibility Infrastructure (ATBroker.exe) affects Windows Server 2019, 2025, Windows 10 22h2, and Windows 11 25h2, allowing local authenticated attackers to read confidential data. The vulnerability requires user privileges and local access but poses no risk to system integrity or availability. No patch is currently available for this issue.
Windows Shell Link Processing leaks sensitive information over the network in Windows Server 2012, 2019, and 2022, enabling remote spoofing attacks without authentication or user interaction. An unauthenticated attacker can exploit this information disclosure to conduct spoofing attacks against affected systems. No patch is currently available.
Information disclosure in Windows GDI+ affects Windows 11 (24h2, 25h2) and Windows Server 2012/2016, allowing unauthenticated attackers to read sensitive data remotely through an out-of-bounds memory access vulnerability. The flaw requires no user interaction and can be exploited over the network to compromise confidentiality without modifying system data or availability. No patch is currently available for this high-severity vulnerability.
Windows Ancillary Function Driver for WinSock in Windows Server 2025, 2022, and Windows 10 1809 contains insufficient input validation that allows authenticated local users to escalate privileges. An attacker with local access and valid credentials can exploit this vulnerability to gain elevated system permissions, though no patch is currently available. This HIGH severity vulnerability affects multiple Windows Server and client versions with no active exploit mitigation path.
Windows Ancillary Function Driver for WinSock (AFD) in Windows 11 versions 24h2 and 26h1 contains a use-after-free vulnerability (CWE-416) that allows authenticated local attackers to escalate privileges through memory corruption. An attacker with local access could exploit this flaw to gain elevated system permissions, though no official patch is currently available.
Privilege escalation in Windows Active Directory Domain Services (AD DS) across Windows 11, Windows 10, and Windows Server platforms allows authenticated network attackers to gain elevated privileges by exploiting improper validation of resource naming restrictions. An attacker with valid domain credentials can leverage this vulnerability to escalate their access level without user interaction. Currently, no patch is available, leaving all affected Windows versions vulnerable.
Windows Ancillary Function Driver for WinSock in Windows 10 (all versions) and Windows 11 contains an access control weakness that enables authenticated local attackers to escalate privileges to system level. An attacker with standard user credentials can exploit this flaw to gain elevated rights on affected systems. No patch is currently available for this vulnerability.
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Windows Extensible File Allocation (exFAT) contains an out-of-bounds read vulnerability affecting Windows Server 2022, Windows 10 1607, and Windows 11 versions 23h2/25h2, enabling authenticated local users to escalate privileges with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available. This flaw carries a CVSS score of 7.8 and affects multiple supported Windows versions across server and client platforms.
Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments.
Privilege escalation in Windows Authentication Methods (Windows 10 22H2, Windows 11 26H1) stems from a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low user privileges and manual interaction but provides complete system compromise through code execution. No patch is currently available for this high-severity vulnerability.
A division by zero flaw in the Microsoft Graphics Component on Windows 10 and Windows 11 systems enables local attackers to trigger a denial of service condition without requiring special privileges or user interaction. The vulnerability affects multiple Windows versions including Windows 10 1607, 22h2 and Windows 11 25h2, 26h1, with no patch currently available.
Microsoft Graphics Component on Windows 10 21H2, Windows Server 2016, and Windows 11 25H2 is vulnerable to a null pointer dereference that enables local denial of service attacks. An attacker with local access can trigger the vulnerability without requiring elevated privileges or user interaction to crash the graphics component and render the system unavailable. No patch is currently available for this medium-severity vulnerability.
Local code execution in Windows System Image Manager (Windows 11 23h2, Windows Server 2019/2022) through unsafe deserialization of untrusted data. An authenticated local attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. No patch is currently available.
Privilege escalation in Windows Performance Counters via null pointer dereference affects Windows Server 2019 and Windows 11 systems, enabling authenticated local attackers to gain elevated privileges. The vulnerability impacts systems where users have standard account access, allowing them to escalate to higher privilege levels on affected machines. No patch is currently available.
Windows Kerberos authentication in Server 2012 and Windows 10 (versions 1607, 1809) contains a race condition that enables unauthenticated remote attackers to circumvent security feature protections. The synchronization flaw in concurrent resource access allows attackers to bypass intended security controls without user interaction over the network. No patch is currently available for this vulnerability.
Privilege escalation in Windows Device Association Service (Windows 10 versions 1607, 1809, and 21H2) stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires high attack complexity and no user interaction, making it exploitable by insiders or compromised local accounts. No patch is currently available.
Privilege escalation in Windows Device Association Service across Windows 10, 11, and Server 2022 stems from improper synchronization of shared resources, enabling local authenticated users to gain elevated system privileges. The vulnerability requires local access and specific timing conditions but poses high risk due to its impact on confidentiality, integrity, and availability. No patch is currently available.
Windows SMB Server authentication bypass across multiple versions (Windows 10 1607, Windows 11 23h2, Windows Server 2012/2025) permits authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability stems from improper authentication validation in the SMB service, allowing a local attacker to gain system-level access without user interaction. No patch is currently available, leaving affected systems vulnerable to privilege escalation attacks from any authenticated user.
Privilege escalation in Windows Ancillary Function Driver for WinSock affects Windows 11 24H2, Windows Server 2022, and Windows Server 2025, allowing authenticated local attackers to gain system-level access through null pointer dereference. The vulnerability requires valid user credentials and local access but no user interaction to exploit. No patch is currently available.
Privilege escalation in Windows Connected Devices Platform Service (Cdpsvc) exploits a use-after-free memory vulnerability, affecting Windows 10 22h2 and Windows 11 (25h2, 26h1). An authenticated local attacker can leverage this flaw to gain system-level privileges on vulnerable systems. No patch is currently available for this high-severity vulnerability.
Privilege escalation in Windows Accessibility Infrastructure (ATBroker.exe) across Windows 10, Windows 11, and Windows Server 2022 stems from improper permission assignments on a critical resource. A local authenticated attacker can exploit this misconfiguration to gain elevated privileges without user interaction. No patch is currently available for this vulnerability.
Windows Projected File System in Windows 11 and Server 2022 contains improper access control that enables authenticated local users to escalate privileges to system level. An attacker with valid credentials can exploit this vulnerability to gain elevated permissions without user interaction. Currently, no patch is available to address this issue.
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]
Arbitrary code execution in Windows 10 (versions 21H2 and 22H2) via heap buffer overflow in Mobile Broadband functionality requires physical access to a target device. An attacker with direct hardware access can trigger memory corruption to achieve kernel-level code execution with full system privileges. No patch is currently available for this vulnerability.
Windows Kernel path traversal vulnerability in Server 2025, Server 2022, Windows 11 24h2, and Windows 10 22h2 enables authenticated local attackers to achieve full system compromise through privilege escalation. The flaw allows an authorized user to manipulate file name or path parameters, bypassing access controls and gaining kernel-level privileges. No patch is currently available.
Windows Push Message Routing Service contains an out-of-bounds read vulnerability that enables authenticated local users to access sensitive information on affected systems running Windows 10 and Windows 11. The vulnerability requires valid credentials to exploit and poses a confidentiality risk, though no patch is currently available. This affects multiple Windows versions including 21H2, 22H2, and 23H2 releases.
Windows MapUrlToZone security bypass in Windows 11 24H2, Windows 10 21H2, and Windows Server 2016/2025 allows unauthenticated remote attackers to circumvent zone-based security restrictions through improper path equivalence resolution. An attacker can exploit this network-accessible vulnerability without user interaction to bypass intended access controls. No patch is currently available for this high-severity vulnerability.
Windows ReFS contains an out-of-bounds read vulnerability affecting Server 2019, 2022, 2025, and Windows 11 26h1 that enables authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability requires low attack complexity and no user interaction, making it exploitable by any authenticated user on the system. No patch is currently available for this HIGH severity issue.
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability [CVSS 7.8 HIGH]
Privilege escalation in the Windows Bluetooth RFCOM Protocol Driver across Windows 11 26h1, Windows Server 2025, and Windows 10 1809 stems from improper synchronization of concurrent access to shared resources. An authenticated local attacker can exploit this race condition to gain elevated privileges on affected systems. No patch is currently available for this vulnerability.
Local privilege escalation in Microsoft Graphics Component on Windows Server 2016 and Windows 11 23h2 stems from improper synchronization of shared resources, enabling authenticated attackers to gain elevated privileges. The race condition vulnerability requires local access and specific timing conditions but carries high impact potential across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables authorized local attackers to escalate privileges. KEV-listed, this kernel-level vulnerability in the Windows compositor allows any authenticated user to achieve SYSTEM-level access through exploitation of an incompatible type access in DWM's resource handling.
Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the core Windows Shell component enables remote code execution by circumventing security boundaries designed to prevent execution of untrusted content received from the network.
Windows Storage component contains an authentication bypass that enables authenticated local users to escalate privileges on Windows 10, Windows 11, and Windows Server 2016/2019 systems. An attacker with valid local credentials can exploit this vulnerability to gain elevated system access without user interaction. No patch is currently available for this HIGH severity issue affecting multiple Windows versions.
Windows Hyper-V fails to properly enforce access controls, enabling local authenticated users to circumvent security features and gain unauthorized system access. This high-severity flaw affects Windows 10, Windows 11, Windows Server 2022, and Hyper-V implementations, allowing privileged attackers to escalate privileges across system boundaries. No patch is currently available for this vulnerability.
Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges on affected Windows and Windows Server systems. An attacker with local access and user-level permissions can trigger memory corruption through user interaction to compromise system integrity and confidentiality. This vulnerability affects Windows 10 1809, Windows Server 2025, and related Hyper-V implementations with no patch currently available.
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. [CVSS 7.3 HIGH]
Privilege escalation in Microsoft Graphics Component on Windows 11 24H2 and Windows 10 21H2 exploits a heap buffer overflow to allow authenticated local attackers to gain system-level access. The vulnerability requires local access and user interaction is not required, presenting a significant risk in multi-user environments. No patch is currently available.
Heap overflow in Windows Hyper-V enables authenticated local users to achieve arbitrary code execution with high privileges (CVSS 7.3). Exploitation requires user interaction and local system access, affecting Windows 10 1809 and Windows Server 2025. No patch is currently available.
Windows Subsystem for Linux contains a use-after-free vulnerability that enables local privilege escalation for authenticated users. An attacker with valid local access could exploit this memory safety flaw to gain elevated system privileges on affected Windows Server 2022 systems.
Windows HTTP.sys contains a race condition between privilege checks and resource access that enables local authenticated users to escalate privileges on Windows 10 21H2, Windows 11 23H2, and Windows Server 2025. An attacker with valid credentials can exploit this timing vulnerability to gain system-level access. No patch is currently available for this vulnerability.
Privilege escalation via heap buffer overflow in Windows Kernel (Windows 10 21H2, Windows Server 2016) allows authenticated local users to gain elevated system privileges. The vulnerability requires local access and user-level permissions, making it exploitable by authorized account holders to bypass security boundaries. No patch is currently available for this issue.
Privilege escalation in the Windows Ancillary Function Driver for WinSock affects Windows 11 and Windows Server 2022/2019, allowing authenticated local users to gain elevated system privileges. The vulnerability stems from improper access control mechanisms and currently lacks a patch. An authenticated attacker with local access can exploit this to achieve full system compromise.
Local privilege escalation in Windows Subsystem for Linux affects Windows 11 23h2 and Windows 10 22h2 through a race condition in shared resource synchronization. An authenticated local attacker can exploit this vulnerability to gain elevated privileges on the system. No patch is currently available for this vulnerability.
Windows Ancillary Function Driver for WinSock contains a heap buffer overflow vulnerability that enables authenticated local users to achieve privilege escalation on affected Windows 10 and Server 2012 systems. An attacker with valid user credentials can exploit this memory corruption flaw to execute arbitrary code with elevated privileges. No patch is currently available for this vulnerability.
Privilege escalation in Microsoft Graphics Component via use-after-free memory corruption affects Windows Server 2019 and 2012, allowing authenticated local attackers to gain elevated system privileges with user interaction. The vulnerability poses a significant risk in industrial environments where Windows Server hosts critical infrastructure. No patch is currently available for this high-severity issue.
Local privilege escalation in Windows Connected Devices Platform Service exploits a race condition in resource synchronization, allowing authenticated attackers to gain elevated privileges on affected Windows systems including Server 2022, Windows 11 25h2, and Windows 10 21h2. The vulnerability requires local access and user interaction is not needed, making it a practical attack vector for users with standard privileges. No patch is currently available.
Windows Kernel privilege escalation vulnerability in Windows 10 21H2 and Windows Server 2012 stems from improper synchronization of concurrent access to shared resources, enabling local authenticated users to gain elevated system privileges. The race condition can be triggered without user interaction and impacts confidentiality, integrity, and availability of the affected system. No patch is currently available.