Windows 11 22h2
Monthly
Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows unauthenticated remote attackers to execute arbitrary code over the network with user interaction. This is a critical network-accessible vulnerability affecting Windows systems running RRAS; successful exploitation grants the attacker complete system compromise with high confidentiality, integrity, and availability impact. The CVSS 8.8 score reflects the severity, though real-world exploitation probability and active KEV status would determine if this is actively weaponized.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows authenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. This is a critical vulnerability affecting RRAS implementations across Windows Server and client operating systems; exploitation requires valid credentials but no user interaction, making it suitable for lateral movement and privilege escalation scenarios within compromised networks.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
Network-accessible denial-of-service vulnerability in Microsoft's Local Security Authority Server (lsasrv) caused by improper access control (CWE-284). An unauthenticated remote attacker can exploit this with low complexity to render the LSA service unavailable, affecting authentication and security policy enforcement on affected Windows systems. The CVSS 7.5 severity reflects the high availability impact; however, real-world risk depends on EPSS score, KEV candidacy status, and active exploitation data not provided in the source materials.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Windows Local Security Authority Subsystem Service (LSASS) contains an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service. Crashing or degrading LSASS disrupts all authentication and authorization on the affected Windows server, effectively taking the system offline.
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.
Privilege escalation vulnerability in Windows Recovery Driver caused by improper symlink/hardlink resolution (CWE-59: link following) that allows an authenticated local attacker to elevate privileges to SYSTEM level. The vulnerability requires user interaction and local code execution capability but provides complete system compromise once exploited. With a CVSS score of 7.3 and local attack vector, this poses significant risk to multi-user Windows systems, particularly in enterprise environments where standard users have local access.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-32718 is an integer overflow vulnerability in Windows SMB that allows a locally authenticated attacker to achieve privilege escalation with high impact to confidentiality, integrity, and availability. The vulnerability affects Windows operating systems' SMB implementation and has a CVSS score of 7.8 (High) with low attack complexity, making it a significant local privilege escalation risk for multi-user systems and domain environments.
CVE-2025-32716 is an out-of-bounds read vulnerability in Windows Media that allows an authenticated local attacker to achieve privilege escalation on affected systems. The vulnerability has a CVSS score of 7.8 (high severity) due to its impact on confidentiality, integrity, and availability. Without confirmation of KEV status, active exploitation, or public POC availability from the provided data, the real-world risk assessment requires evaluation against the moderate attack complexity (local access required, authenticated user needed).
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
Local privilege escalation vulnerability in Windows Installer caused by improper access control (CWE-284) that allows an authorized local attacker to elevate privileges without user interaction. The vulnerability affects Windows Installer components across multiple Windows versions and has a CVSS score of 7.8 (High severity). Without confirmation of KEV status or active exploitation data, the high CVSS vector (Low attack complexity, Low privileges required) indicates this represents a significant risk to systems where local user accounts exist.
Heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) Driver that allows local authenticated attackers to achieve privilege escalation with high confidence of exploitation. The vulnerability affects Windows systems with the CLFS driver enabled and requires local access with standard user privileges; successful exploitation grants complete system compromise including code execution at SYSTEM level. While no public POC is confirmed in available intelligence, the straightforward nature of heap overflows and the high CVSS score (7.8) with low attack complexity indicate active research interest and potential for rapid weaponization.
Use-after-free vulnerability in the Windows Win32K graphics subsystem (GRFX component) that allows a locally authenticated attacker to achieve arbitrary code execution and privilege escalation without user interaction. The vulnerability affects Windows systems with affected Win32K versions and carries a CVSS score of 7.8 (high severity). Given the local attack vector requirement and the need for prior authentication, real-world exploitation is constrained to insider threats or attackers who have already achieved initial access; however, the severity of the impact (complete system compromise) makes this a critical priority for patching.
Memory management vulnerability in Windows Cryptographic Services where memory is not properly released after its effective lifetime, enabling unauthenticated remote code execution. The vulnerability affects Windows cryptographic components and allows network-based attackers to execute arbitrary code with high complexity requirements. While the CVSS score of 8.1 indicates significant severity, exploitation requires specific conditions (high attack complexity), and current status regarding KEV listing, EPSS score, and public POC availability is unknown pending official Microsoft advisory release.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a null pointer dereference, exploited in May 2025.
Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulnerability in the May 2025 Patch Tuesday.
Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a series of CLFS kernel vulnerabilities exploited throughout 2023-2025.
Windows Desktop Window Manager (DWM) contains a use-after-free enabling local privilege escalation, exploited in the wild in May 2025 as another DWM zero-day.
Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the network through crafted content processed by the scripting engine.
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Windows Common Log File System Driver contains a use-after-free enabling local privilege escalation, exploited in the wild in April 2025. CLFS driver vulnerabilities have become a recurring Windows kernel exploit target.
Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Use after free in Windows Shell allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows unauthenticated remote attackers to execute arbitrary code over the network with user interaction. This is a critical network-accessible vulnerability affecting Windows systems running RRAS; successful exploitation grants the attacker complete system compromise with high confidentiality, integrity, and availability impact. The CVSS 8.8 score reflects the severity, though real-world exploitation probability and active KEV status would determine if this is actively weaponized.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows authenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. This is a critical vulnerability affecting RRAS implementations across Windows Server and client operating systems; exploitation requires valid credentials but no user interaction, making it suitable for lateral movement and privilege escalation scenarios within compromised networks.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
Network-accessible denial-of-service vulnerability in Microsoft's Local Security Authority Server (lsasrv) caused by improper access control (CWE-284). An unauthenticated remote attacker can exploit this with low complexity to render the LSA service unavailable, affecting authentication and security policy enforcement on affected Windows systems. The CVSS 7.5 severity reflects the high availability impact; however, real-world risk depends on EPSS score, KEV candidacy status, and active exploitation data not provided in the source materials.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Windows Local Security Authority Subsystem Service (LSASS) contains an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service. Crashing or degrading LSASS disrupts all authentication and authorization on the affected Windows server, effectively taking the system offline.
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.
Privilege escalation vulnerability in Windows Recovery Driver caused by improper symlink/hardlink resolution (CWE-59: link following) that allows an authenticated local attacker to elevate privileges to SYSTEM level. The vulnerability requires user interaction and local code execution capability but provides complete system compromise once exploited. With a CVSS score of 7.3 and local attack vector, this poses significant risk to multi-user Windows systems, particularly in enterprise environments where standard users have local access.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-32718 is an integer overflow vulnerability in Windows SMB that allows a locally authenticated attacker to achieve privilege escalation with high impact to confidentiality, integrity, and availability. The vulnerability affects Windows operating systems' SMB implementation and has a CVSS score of 7.8 (High) with low attack complexity, making it a significant local privilege escalation risk for multi-user systems and domain environments.
CVE-2025-32716 is an out-of-bounds read vulnerability in Windows Media that allows an authenticated local attacker to achieve privilege escalation on affected systems. The vulnerability has a CVSS score of 7.8 (high severity) due to its impact on confidentiality, integrity, and availability. Without confirmation of KEV status, active exploitation, or public POC availability from the provided data, the real-world risk assessment requires evaluation against the moderate attack complexity (local access required, authenticated user needed).
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
Local privilege escalation vulnerability in Windows Installer caused by improper access control (CWE-284) that allows an authorized local attacker to elevate privileges without user interaction. The vulnerability affects Windows Installer components across multiple Windows versions and has a CVSS score of 7.8 (High severity). Without confirmation of KEV status or active exploitation data, the high CVSS vector (Low attack complexity, Low privileges required) indicates this represents a significant risk to systems where local user accounts exist.
Heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) Driver that allows local authenticated attackers to achieve privilege escalation with high confidence of exploitation. The vulnerability affects Windows systems with the CLFS driver enabled and requires local access with standard user privileges; successful exploitation grants complete system compromise including code execution at SYSTEM level. While no public POC is confirmed in available intelligence, the straightforward nature of heap overflows and the high CVSS score (7.8) with low attack complexity indicate active research interest and potential for rapid weaponization.
Use-after-free vulnerability in the Windows Win32K graphics subsystem (GRFX component) that allows a locally authenticated attacker to achieve arbitrary code execution and privilege escalation without user interaction. The vulnerability affects Windows systems with affected Win32K versions and carries a CVSS score of 7.8 (high severity). Given the local attack vector requirement and the need for prior authentication, real-world exploitation is constrained to insider threats or attackers who have already achieved initial access; however, the severity of the impact (complete system compromise) makes this a critical priority for patching.
Memory management vulnerability in Windows Cryptographic Services where memory is not properly released after its effective lifetime, enabling unauthenticated remote code execution. The vulnerability affects Windows cryptographic components and allows network-based attackers to execute arbitrary code with high complexity requirements. While the CVSS score of 8.1 indicates significant severity, exploitation requires specific conditions (high attack complexity), and current status regarding KEV listing, EPSS score, and public POC availability is unknown pending official Microsoft advisory release.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a null pointer dereference, exploited in May 2025.
Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulnerability in the May 2025 Patch Tuesday.
Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a series of CLFS kernel vulnerabilities exploited throughout 2023-2025.
Windows Desktop Window Manager (DWM) contains a use-after-free enabling local privilege escalation, exploited in the wild in May 2025 as another DWM zero-day.
Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the network through crafted content processed by the scripting engine.
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Windows Common Log File System Driver contains a use-after-free enabling local privilege escalation, exploited in the wild in April 2025. CLFS driver vulnerabilities have become a recurring Windows kernel exploit target.
Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Use after free in Windows Shell allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.