Windows Server 2016 Server Core Installation

Improper access control in Universal Plug and Play (upnp.dll) on Windows allows authenticated local attackers to disclose sensitive information without user interaction. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server 2012-2025. Microsoft has released patches available through their security update guide; no public exploit code or active exploitation has been reported at time of analysis.

Windows Snipping Tool leaks sensitive information to unauthenticated network attackers via user interaction, enabling spoofing attacks. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2) and Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), as well as Windows Server 2012 through 2025. Microsoft has released patches for all affected versions; exploitation requires user interaction but no specialized technical knowledge.

Remote code execution vulnerability in Windows IKE Extension affects Windows 10/11 and Windows Server 2016-2025 via double-free memory corruption (CWE-415). Unauthenticated remote attackers can exploit this over the network with low complexity to achieve complete system compromise (CVSS 9.8). Vendor-released patches are available per Microsoft's security update guide. No public exploit identified at time of analysis, but the critical CVSS score and network attack vector indicate high real-world

Remote code execution in Windows TCP/IP networking stack across Windows 10, 11, and Server versions allows unauthenticated network attackers to execute arbitrary code by exploiting a race condition in shared resource synchronization. The vulnerability affects all supported Windows versions from Server 2012 through Windows 11 26H1 and Server 2025. Microsoft has released patches addressing this high-severity flaw (CVSS 8.1). No public exploit identified at time of analysis, though SSVC assessment

Local privilege escalation in Windows Win32K graphics subsystem (Win32K-GRFX) allows authenticated attackers with low privileges to gain SYSTEM-level access by exploiting a race condition during concurrent resource access. Affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. Microsoft has released patches addressing this CWE-362 synchronization flaw. No public exploit identified at time of analysis, though the local attack vector and high complexity (

Local privilege escalation in Windows Ancillary Function Driver for WinSock (AFD.sys) affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. The CWE-416 use-after-free memory corruption flaw allows low-privileged authenticated attackers with local access to elevate to SYSTEM privileges, achieving complete control over confidentiality, integrity, and availability. SSVC framework rates this as non-automatable with total technical impact. No public exploit

Local privilege escalation via use-after-free in Windows Ancillary Function Driver for WinSock (AFD.sys) allows authenticated low-privileged attackers to execute arbitrary code with SYSTEM privileges across all supported Windows versions. Microsoft has released patches for Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-25H2), and Windows Server (2012-2022 23H2). The vulnerability requires local access and low privileges (PR:L) with high attack complexity (AC:H), but no public exploit

Windows Shell security feature bypass enables unauthenticated remote attackers to defeat protection mechanisms across all supported Windows client and server versions (Windows 10 1607 through Windows 11 26H1, Server 2012 through Server 2025) via network-based attack requiring user interaction. The CVSS 8.8 rating reflects complete compromise potential (high confidentiality, integrity, and availability impact) despite low attack complexity. Microsoft has released patches addressing this authentic

Local privilege escalation in Windows User Interface Core across Windows 10, 11, and Server 2016-2025 allows low-privileged authenticated users to gain elevated system access via a race condition vulnerability. Attack complexity is high (AC:H), requiring precise timing exploitation of shared resource synchronization flaws. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the local attack vector and authenticated requirement

Windows Shell information disclosure vulnerability (CVE-2026-32151) allows authenticated network attackers to read sensitive data without authorization. The vulnerability affects Windows 10 versions 1607-22H2, Windows 11 versions 22H3-26H1, Windows Server 2012-2025, and associated Server Core installations. Microsoft has released vendor patches for all affected versions; exploitation requires valid credentials and network access but no user interaction.

Local privilege escalation in Microsoft Windows Function Discovery Service (fdwsd.dll) allows low-privileged authenticated users to gain SYSTEM-level access via a race condition. Affects all supported Windows 10, 11, and Server versions from 2012 through 2025. Vendor-released patches available from Microsoft. CVSS 7.0 (high complexity local attack). No public exploit identified at time of analysis, though the race condition class (CWE-362) is well-understood and commonly weaponized once details emerge.

Windows Hyper-V local privilege escalation via improper input validation (CWE-20) enables authenticated low-privilege attackers with user interaction to execute arbitrary code with high confidentiality, integrity, and availability impact across Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-26H1), and Windows Server (2016-2025). Microsoft released patches addressing the vulnerability with EPSS exploitation probability data not available; no public exploit identified at time of analys

Local privilege escalation in Microsoft Brokering File System across Windows 10, Windows 11, and Windows Server platforms allows unauthenticated attackers to achieve SYSTEM-level access via race condition exploitation. Affects all supported Windows versions from Server 2016 through Windows 11 26H1, with vendor patches released addressing the CWE-362 synchronization flaw. CVSS 8.4 severity reflects low attack complexity requiring no user interaction, though exploitation requires local access. No

Privilege escalation in Windows Function Discovery Service (fdwsd.dll) allows authenticated local attackers to gain SYSTEM-level access by exploiting a race condition during shared resource handling. Affects all supported Windows 10/11 client versions and Windows Server 2012 through 2025. Vendor-released patches are available per Microsoft's May 2026 Patch Tuesday. No public exploit identified at time of analysis, but CVSS 7.0 reflects high complexity local attack requiring low privileges.

Windows File Explorer exposes sensitive information to authenticated local users with low privileges, allowing them to read confidential data without modification or service disruption. This affects multiple Windows 10 and Windows 11 versions, as well as Windows Server 2012 through 2025. Microsoft has released patches addressing the information disclosure vector; exploitation requires local system access and valid user credentials.

Local privilege escalation in Microsoft Windows WalletService across Server 2016 through Server 2025 allows low-privileged authenticated attackers to gain SYSTEM-level access by exploiting a use-after-free memory corruption flaw. Attack complexity is high (CVSS AC:H), requiring precise timing or race condition exploitation. Patch available per vendor advisory (MSRC). No public exploit identified at time of analysis, EPSS data not provided.

Windows File Explorer information disclosure vulnerability in Windows 10 and Windows 11 allows authenticated local attackers to read sensitive files through a flaw in access control validation. CVSS 5.5 indicates moderate risk with confidentiality impact but no integrity or availability compromise. Patch available from Microsoft; no public exploit code or active exploitation confirmed at time of analysis.

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host enables authenticated local attackers to elevate privileges to SYSTEM level across all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. The vulnerability (CWE-822) requires low-privilege authenticated access and minimal attack complexity (CVSS 7.8, AV:L/AC:L/PR:L). No public exploit identified at time of analysis. Microsoft released patches for all affected versions including

Improper authentication in Windows Active Directory enables local spoofing attacks on unauthenticated users, allowing attackers with local access to bypass authentication mechanisms and gain unauthorized access to sensitive information. This vulnerability affects multiple Windows 10 and Windows 11 versions as well as Windows Server 2016 through 2025. A vendor-released patch is available from Microsoft, and the moderate CVSS score (6.2) reflects the local attack vector requirement combined with high confidentiality impact.

Local privilege escalation in Windows Common Log File System (CLFS) Driver affects Windows 10, 11, and Server 2012-2025 through a use-after-free memory corruption flaw. Authenticated local attackers with low privileges can exploit this vulnerability to gain SYSTEM-level access, achieving full control over confidentiality, integrity, and availability. While no public exploit identified at time of analysis, the Windows CLFS driver has been a frequent target for privilege escalation exploits histor

Local privilege escalation in Windows SSDP Service affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025 via a race condition vulnerability. Authenticated local users with low privileges can exploit improper synchronization in shared resource access to gain SYSTEM-level privileges, achieving full system compromise. Vendor-released patches are available across all affected versions. No public exploit identified at time of analysis, though the local attack vector and high impact warrant priority patching on multi-user or sensitive systems.

Out-of-bounds read in Windows GDI allows local unauthenticated attackers to disclose sensitive information with user interaction. The vulnerability affects Windows 10 versions 1607, 1809, 21H2, and 22H2, all Windows 11 versions from 22H3 through 26H1, and Windows Server 2012 through 2025. No public exploit code or active exploitation has been confirmed; a vendor patch is available.

Windows Hello authentication bypass on Server 2016-2025 allows unauthenticated remote attackers to circumvent biometric/PIN security mechanisms over a network despite high attack complexity. CVSS 8.7 (Critical) with scope change indicates potential lateral movement from compromised Hello authentication into broader Windows security context. Vendor-released patches available for all affected versions (builds 10.0.14393.9060, 10.0.17763.8644, 10.0.20348.5020, 10.0.25398.2274, 10.0.26100.32690). No confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though VulDB tracking suggests security community awareness.

Use-after-free memory corruption in Windows UPnP Device Host enables unauthenticated adjacent network attackers to disclose sensitive information with CVSS 6.5 high severity. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and multiple Windows Server editions (2012 through 2025). Microsoft has released patches with specific version thresholds; exploitation requires network adjacency but no authentication or user interaction.

Desktop Window Manager (DWM) use-after-free memory corruption allows authenticated local attackers to escalate privileges to SYSTEM on all supported Windows 10, Windows 11, and Windows Server versions (2012-2025). The vulnerability enables low-privileged users to gain complete control over affected systems with low attack complexity and no user interaction required. Vendor-released patches are available across all affected versions. No public exploit identified at time of analysis, though the st

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) affects all Windows 10, Windows 11, and Windows Server versions from 2012 through 2025 via a use-after-free memory corruption flaw. Authenticated local attackers with low privileges can exploit this CWE-416 vulnerability to achieve full system compromise (SYSTEM-level access), though the high attack complexity (AC:H) suggests exploitation requires precise timing or race condition manipulation. No public exp

Local privilege escalation in Windows Universal Plug and Play Device Host service affects all supported Windows 10, Windows 11, and Windows Server versions via untrusted pointer dereference (CWE-822). Low-complexity attack requires low-level authenticated access (PR:L) with no user interaction, enabling complete system compromise (C:H/I:H/A:H). Microsoft released patches in May 2025 for 21 affected product versions. No public exploit identified at time of analysis, though the local attack vector

Windows Universal Plug and Play (UPnP) Device Host privilege escalation allows authenticated local attackers to gain SYSTEM-level access via use-after-free memory corruption. Affects all supported Windows versions from Server 2012 through Windows 11 26H1 and Windows Server 2025. Vendor-released patches available. Attack requires low complexity with no user interaction (CVSS:3.1 AV:L/AC:L/PR:L/UI:N). No public exploit identified at time of analysis, though the primitive nature of use-after-free v

Microsoft Management Console privilege escalation affects all supported Windows versions (10, 11, Server 2012-2025) via improper access control, allowing authenticated local users to gain SYSTEM-level privileges. CVSS 7.8 (High) reflects significant impact with low attack complexity requiring only low-level user credentials. Vendor-released patches available across all affected platforms through Microsoft's May 2025 update cycle. No public exploit identified at time of analysis, though the authe

BitLocker encryption bypass in Windows Server 2012 through 2022 enables local attackers with physical access to circumvent disk encryption protections without authentication. The vulnerability affects all Server Core and standard editions across ten years of Windows Server releases. Patch available per Microsoft Security Response Center (MSRC-2026-27913). No public exploit identified at time of analysis, but the local attack vector (AV:L) with no authentication requirement (PR:N) indicates high risk in scenarios where physical device access is possible, such as lost/stolen servers or insider threats.

Windows Kerberos authorization bypass enables authenticated attackers on adjacent networks to escalate privileges to high integrity levels across Windows Server 2012 through 2025. The flaw affects both desktop experience and Server Core installations. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the low attack complexity (AC:L) and lack of user interaction (UI:N) suggest straightforward exploitation once adjacent network access is achieved.

Race condition in Windows User Interface Core (MSRC patch CVE-2026-27911) enables low-privileged authenticated attackers to elevate privileges to SYSTEM level on Windows 10, Windows 11, and Windows Server 2016-2025 systems. The flaw stems from improper synchronization when multiple threads concurrently access shared resources in the UI subsystem, creating a time-of-check-time-of-use (TOCTOU) window exploitable for privilege escalation. Patch available per vendor advisory. No public exploit ident

Windows Installer privilege escalation via improper permission handling enables authenticated local users to gain SYSTEM-level access across all supported Windows 10, 11, and Server platforms (2012-2025). The vulnerability (CWE-280: Improper Handling of Insufficient Privileges) requires low-privilege local access but offers complete system compromise with low attack complexity. CVSS 7.8 High severity reflects full confidentiality, integrity, and availability impact. Vendor-released patches are a

Local privilege escalation in Microsoft Windows Search Component affects Windows 10 (1607-22H2), Windows 11 (22H3-26H1), and Windows Server (2012-2025) via use-after-free memory corruption (CWE-416). Authenticated local attackers with low privileges can exploit this vulnerability to gain SYSTEM-level access with low attack complexity and no user interaction required (CVSS 7.8). Vendor-released patches available for all affected versions; no public exploit identified at time of analysis.

Local privilege escalation in Windows Ancillary Function Driver for WinSock (AFD.sys) allows authenticated low-privilege users to gain SYSTEM-level access through use-after-free memory corruption. Affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025, including Server Core installations. Vendor-released patches available across all affected platforms. No public exploit identified at time of analysis, though high-complexity local exploitation (CVSS AC:H)

Integer size truncation in Windows Advanced Rasterization Platform (WARP) enables unauthenticated remote attackers to achieve code execution with elevated privileges across Windows 10, 11, and Server editions by persuading users to interact with malicious content. Microsoft has released security updates addressing this vulnerability across all supported Windows versions. No public exploit identified at time of analysis, though the unauthenticated remote attack vector (CVSS AV:N/PR:N) combined wi

Local privilege escalation in Windows Ancillary Function Driver for WinSock affects all supported Windows 10, 11, and Server versions through use-after-free memory corruption. Authenticated local attackers with low privileges can exploit this CWE-416 vulnerability to gain SYSTEM-level access, achieving high impact to confidentiality, integrity, and availability. Vendor-released patches are available across all affected platforms. No public exploit identified at time of analysis, though the high

Local privilege escalation in Windows Client Side Caching driver (csc.sys) allows authenticated users with low privileges to gain SYSTEM-level access via heap-based buffer overflow exploitation. Affects all supported Windows 10, Windows 11, and Windows Server versions (2012 through 2025). Vendor-released patches are available from Microsoft as of early 2026. No public exploit identified at time of analysis, though the straightforward attack complexity (AC:L) and no user interaction requirement (

Local privilege escalation in Windows Ancillary Function Driver for WinSock (AFD.sys) across Windows 10, 11, and Server 2012-2025 allows low-privileged authenticated attackers to gain SYSTEM-level access via race condition exploitation. The vulnerability affects widespread Windows deployments spanning a decade of operating system versions, from Server 2012 (6.2.9200.0) through Windows 11 26H1 and Server 2025. Microsoft has released patches for all affected versions. No public exploit identified

Microsoft PowerShell privilege escalation affecting Windows 10/11 and Server 2016-2025 allows authenticated local attackers with low privileges to gain SYSTEM-level access through improper input validation (CWE-20). The vulnerability has a CVSS score of 7.8 with low attack complexity and requires no user interaction, enabling straightforward exploitation by any standard user account. No public exploit identified at time of analysis, though the attack vector's simplicity (AV:L/AC:L/PR:L/UI:N) sug

Buffer over-read in Windows Kernel Memory allows authenticated local attackers to disclose sensitive kernel information with high confidence. CVE-2026-26169 affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2016 through 2025. The vulnerability requires local access and low-level user privileges but does not enable privilege escalation or code execution. Microsoft has released vendor patches addressing the issue across all affected versions.

Local privilege escalation in Windows Ancillary Function Driver for WinSock (AFD.sys) allows authenticated attackers with low privileges to gain SYSTEM-level access through a race condition vulnerability. Affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. Vendor-released patches available across all affected product lines. Attack complexity rated high (AC:H) but enables full system compromise with changed scope (S:C), indicating container/hypervisor escape potential. No public exploit identified at time of analysis, though the race condition class (CWE-362) is well-understood by exploit developers.

Windows Kernel double free vulnerability enables local privilege escalation across Windows 10, 11, and Server editions when exploited by authenticated users with low-level privileges. The CWE-415 flaw affects all currently supported Windows versions from legacy Windows Server 2012 R2 through the latest Windows 11 26H1 and Windows Server 2025 builds. With CVSS 7.8 (AV:L/AC:L/PR:L), the vulnerability requires only local access and low-privilege authentication, making it valuable for second-stage a

Local privilege escalation in Windows Remote Desktop Licensing Service (affecting Windows 10 1607 through Windows Server 2025) allows low-privileged authenticated users to gain SYSTEM-level access by exploiting missing authentication on critical service functions. The vulnerability (CWE-306) requires local access and low-privilege credentials but enables complete system compromise with low attack complexity. Vendor-released patches are available across all affected Windows versions. No public ex

Heap-based buffer overflow in Windows Hyper-V enables local code execution with high impact across Windows 10, Windows 11, and Windows Server environments. An unauthenticated attacker with local access can trigger the vulnerability through user interaction (CVSS:3.1 AV:L/AC:L/PR:N/UI:R), achieving full system compromise (C:H/I:H/A:H). Microsoft has released patches addressing 17 affected Windows versions ranging from legacy Windows 10 1607 through Windows 11 26H1 and Windows Server 2025. No publ

Local privilege escalation in Windows Cryptographic Services affects Windows 10, Windows 11, and Windows Server versions from 2012 through 2025 due to insecure storage of cryptographic material. Authenticated attackers with low privileges can exploit this CWE-922 weakness (insecure storage of sensitive information) to gain high-level access to confidentiality, integrity, and availability. Microsoft has released patches for all affected versions. No public exploit identified at time of analysis,

Windows Recovery Environment Agent improperly stores sensitive information without adequate removal, allowing physical attackers to extract confidential data and bypass security features. The vulnerability affects Windows 10 versions 1607-22H2, Windows 11 versions 22H3-26H1, Windows Server 2016-2025, and Server Core installations across multiple builds. Microsoft has released vendor patches to remediate the information disclosure.

Improper link resolution in Windows UPnP (upnp.dll) allows authenticated local attackers to disclose sensitive information through symlink following. The vulnerability affects Windows 10 versions 1607-22H2, Windows 11 versions 22H3-26H1, and Windows Server 2012-2025. With local access and standard user privileges, an attacker can read files outside their normal access scope via crafted UPnP operations. Patch available from Microsoft; no public exploit code or active exploitation confirmed at tim

Remote code execution in Windows Active Directory Domain Services affects all supported Windows Server versions (2012 R2 through 2025) when an authenticated attacker with low privileges on an adjacent network sends specially crafted requests to domain controllers. The vulnerability stems from improper input validation (CWE-20) and enables complete system compromise with high impact to confidentiality, integrity, and availability. Patch available per vendor advisory; no public exploit identified at time of analysis. CVSS 8.0 severity reflects adjacent network attack vector requiring low-privilege authentication but trivial attack complexity with no user interaction.

Local privilege escalation in Windows Container Isolation FS Filter Driver affects all supported Windows 10, Windows 11, and Windows Server versions through use-after-free memory corruption. Low-complexity attack requires only low-privileged local access to achieve full system compromise (SYSTEM-level privileges). Microsoft has released patches for all affected versions. No public exploit identified at time of analysis, but the low attack complexity (AC:L) and requirement for only low privileges

Windows Kernel logs sensitive information that can be read by local authenticated users, allowing information disclosure on Windows 10 and Windows 11 systems across multiple versions as well as Windows Server 2012 through 2025. The vulnerability requires local access and valid user credentials (privilege level L) but results in high confidentiality impact. Microsoft has released patches for all affected versions.

Windows Shell protection mechanism failure (CVE-2026-32202) allows remote attackers to perform spoofing attacks over a network without authentication, requiring only user interaction. This low-severity vulnerability affects multiple Windows versions from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025. While not actively exploited in the wild, vendor patches are available across all affected versions, and the low CVSS score (4.3) reflects limited confidentiality impact and no availability impact despite the network-accessible attack vector.

Command injection in Windows Snipping Tool allows local code execution when an unauthorized attacker convinces a user to open a specially crafted file. This vulnerability affects all supported Windows 10, Windows 11, and Windows Server versions (2012 through 2025), requiring user interaction but no authentication (PR:N). No public exploit identified at time of analysis, though the local attack vector and user interaction requirement limit immediate remote threat. CVSS 7.8 reflects high impact ac

Windows Boot Loader accepts untrusted inputs for security decisions, allowing authorized local attackers to bypass security features with high confidentiality, integrity, and availability impact. This authentication bypass vulnerability (CVSS 6.7) affects Windows 10 versions 1607, 1809, 21H2, and 22H2, as well as Windows Server 2016, 2019, and 2022. Microsoft has released patches addressing the root cause of reliance on untrusted security-critical inputs.

Remote code execution in Microsoft Remote Desktop Client for Windows allows unauthenticated network attackers to execute arbitrary code by delivering a malicious connection file or server response, requiring user interaction. This use-after-free vulnerability (CWE-416) affects Windows 10 (versions 1607-22H2), Windows 11 (22H3-26H1), Windows Server (2012-2025), and standalone Remote Desktop client versions below 2.0.1070.0. With CVSS 8.8 (network-accessible, no authentication required, low comple

Local code execution in Windows Universal Plug and Play (UPnP) Device Host across all supported Windows 10, 11, and Server versions allows unauthenticated attackers to achieve high-impact compromise via use-after-free memory corruption. The vulnerability affects Windows 10 versions 1607 through 22H2, Windows 11 versions 22H3 through 26H1, and Windows Server 2012 through 2025 (including Server Core installations). Despite requiring local access and high attack complexity (CVSS:3.1/AV:L/AC:H), the

Local privilege escalation in Microsoft Desktop Window Manager (dwm.exe) affects all supported Windows 10, Windows 11, and Windows Server versions via a use-after-free memory corruption flaw. Authenticated local attackers with low privileges can exploit this CWE-416 weakness to gain SYSTEM-level access with low attack complexity, requiring no user interaction. No public exploit identified at time of analysis, and SSVC framework assesses exploitation status as 'none' with non-automatable attack r

Local privilege escalation in Microsoft Windows Function Discovery Service (fdwsd.dll) allows authenticated low-privilege attackers to gain SYSTEM-level access via race condition exploitation across all supported Windows 10, Windows 11, and Windows Server versions (2012-2025). The vulnerability requires local access and low privileges (CVSS PR:L) with high attack complexity (AC:H), yielding complete system compromise (C:H/I:H/A:H). Microsoft released patches addressing build versions up to 10.0.26100.32690 (Server 2025) and 10.0.28000.1836 (Windows 11 26H1). EPSS data not available; no public exploit identified at time of analysis.

Local privilege escalation in Windows Speech Brokered API affects Windows 10 (1607-22H2), Windows 11 (22H3-26H1), and Windows Server 2016-2025 via race condition (CWE-362). Authenticated local attackers with low privileges can exploit improper synchronization in shared resource handling to gain SYSTEM-level access with high impact to confidentiality, integrity, and availability (CVSS 7.8, AV:L/AC:L/PR:L). Vendor-released patches available for all affected versions. No public exploit identified a

Local privilege escalation in Windows Speech Brokered API affects all Windows 10, 11, and Server versions from 2016 onward via a use-after-free memory corruption flaw. Authenticated local attackers with low privileges can exploit this to gain SYSTEM-level access with low attack complexity and no user interaction required (CVSS 7.8). Vendor-released patches are available from Microsoft's May 2026 security updates. No public exploit identified at time of analysis, though the low complexity and wid

Heap-based buffer overflow in Microsoft Windows Function Discovery Service (fdwsd.dll) enables low-privileged authenticated local attackers to escalate privileges to SYSTEM across Windows 10, Windows 11, and Windows Server 2012-2025. Vendor-released patch available per Microsoft Security Response Center advisory. No public exploit identified at time of analysis, though the CVSS vector indicates local access with high attack complexity (AC:H), requiring authenticated low-privilege users (PR:L). A

Windows Remote Procedure Call (RPC) discloses sensitive information to local authenticated users in Windows 10, Windows 11, and Windows Server 2016-2025. An authorized attacker with local access and limited privileges can read confidential data without user interaction, affecting multiple Windows editions across a 9-year product span. Patch availability confirmed from Microsoft; no active exploitation reported.

Local privilege escalation in Windows SSDP Service (all Windows 10, 11, and Server versions from 2012 onwards) enables low-privileged authenticated users to gain SYSTEM-level access by exploiting a race condition in shared resource handling. The vulnerability requires low privileges and high attack complexity (CVSS AC:H), resulting in complete compromise of confidentiality, integrity, and availability. Vendor-released patches are available for all affected versions with specific build numbers pr

Local privilege escalation in Windows SSDP Service across Windows 10, Windows 11, and Windows Server 2012-2025 allows authenticated users with low privileges to gain SYSTEM-level access by exploiting a race condition in shared resource handling. Attack complexity is high (AC:H), requiring precise timing to win the race window. Patch available per vendor advisory; no public exploit identified at time of analysis.

Windows File Explorer information disclosure vulnerability in Windows 10 and Windows 11 allows authenticated local users to access sensitive information without authorization. The vulnerability affects multiple Windows 10 versions (1607, 1809, 21H2, 22H2), Windows 11 versions (22H3 through 26H1), and Windows Server 2016 through 2025. Microsoft has released patches addressing this CWE-200 information exposure flaw, with no evidence of active exploitation at the time of analysis.

Local privilege escalation in Windows Universal Plug and Play (UPnP) Device Host allows authenticated attackers with low privileges to achieve system-level access through use-after-free memory corruption. Affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. Microsoft has released patches across all affected product lines. No public exploit identified at time of analysis, though the local attack vector and authentication requirement (PR:L) limit immedi

Local privilege escalation via use-after-free in Windows Ancillary Function Driver for WinSock (AFD.sys) affects all supported Windows versions from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012-2025. Authenticated local attackers with low privileges can exploit memory corruption to gain SYSTEM-level access, though high attack complexity suggests reliable exploitation requires sophisticated techniques. Vendor-released patches are available across all affected versions. No publi

Remote denial-of-service in Windows Local Security Authority Subsystem Service (LSASS) allows unauthenticated network attackers to crash Windows systems through null pointer dereference exploitation. Affects Windows 10 (versions 1607-22H2), Windows 11 (22H3-26H1), and Windows Server (2016-2025) across multiple release channels. Microsoft has released patches for all affected versions. No public exploit identified at time of analysis, but the low attack complexity (AC:L) and unauthenticated netwo

Windows LUAFV driver privilege escalation via TOCTOU race condition allows authenticated local attackers with low privileges to gain SYSTEM-level access across all supported Windows 10, Windows 11, and Windows Server versions (2012 through 2025). The vulnerability requires high attack complexity to exploit the narrow timing window between security checks and file operations. Vendor-released patch available across all affected platforms. No public exploit identified at time of analysis, though th

Local privilege escalation in Windows TCP/IP stack across Windows 10, 11, and Server editions allows low-privileged authenticated users to gain SYSTEM-level access by exploiting a race condition in shared resource synchronization. This CWE-362 flaw affects every supported Windows version from legacy Server 2012 through cutting-edge Windows 11 26H1, with vendor-released patches available. The local attack vector (AV:L) and high complexity (AC:H) reduce immediate mass-exploitation risk, though the

Local privilege escalation in Windows Universal Plug and Play (UPnP) Device Host affects all supported Windows versions from Server 2012 through Windows 11 26H1 and Server 2025. Authenticated local attackers with low privileges can exploit an untrusted pointer dereference (CWE-822) to achieve complete system compromise with high impact to confidentiality, integrity, and availability. Microsoft has released patches for all affected versions. No public exploit identified at time of analysis, thoug

Local privilege escalation in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) across Windows 10, 11, and Server 2012 R2-2025 allows authenticated attackers with low privileges to gain SYSTEM-level access via use-after-free memory corruption. Microsoft released patches addressing versions from Windows 10 1607 through Windows 11 26H1 and Server 2012 R2 through Server 2025. CVSS 7.0 rating reflects high attack complexity; no public exploit identified at time of analysis. EPSS data not prov

Local privilege escalation via use-after-free memory corruption in Windows Universal Plug and Play (UPnP) Device Host affects all supported Windows versions from Server 2012 through Windows 11 26H1. Authenticated local attackers with low privileges can exploit this CWE-416 flaw to gain SYSTEM-level access with low attack complexity (CVSS:3.1 AV:L/AC:L/PR:L). Vendor-released patches are available across all affected Windows 10, Windows 11, and Windows Server product lines. No public exploit code

Use-after-free in Windows TDI Translation Driver (tdx.sys) allows local privilege escalation to SYSTEM by authenticated low-privileged users on Windows 10/11 and Server 2012-2025. Microsoft has released security updates addressing this CWE-416 memory corruption flaw across all supported Windows versions. CVSS 7.0 reflects high attack complexity but full system compromise if successfully exploited. No public exploit identified at time of analysis, though the vulnerability's local attack vector an

Windows RPC API privilege escalation affects all supported Windows Server versions (2012 through 2025) due to improper access control (CWE-284). Low-privileged local attackers can achieve complete system compromise (high confidentiality, integrity, and availability impact) with low attack complexity and no user interaction required. Vendor-released patches are available across all affected Server Core and standard installations. No public exploit identified at time of analysis, though the low attack complexity (AC:L) and clear attack path increase weaponization risk.

Heap-based buffer overflow in the Windows Kernel enables local privilege escalation to SYSTEM on Windows 10 (versions 1607 through 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server (2012 through 2025). Authenticated local attackers with low privileges can exploit this memory corruption vulnerability to gain complete system control. Microsoft has released patches addressing 21 affected product versions. No public exploit identified at time of analysis, though the local attack vec

Windows Boot Manager contains an uninitialized resource vulnerability (CWE-908) that allows unauthorized attackers to bypass security features through physical access to affected systems. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server 2016/2019/2022/2025. While the CVSS score of 4.6 reflects the physical attack vector requirement and information disclosure impact, the authentication bypass nature comb

Windows Server Update Service (WSUS) race condition enables local privilege escalation to SYSTEM on Windows 10, 11, and Server 2012-2025. Authenticated users with low-level privileges can exploit improper synchronization in concurrent execution paths to gain full system control. Attack complexity is high (AC:H), requiring precise timing to win the race window. Vendor-released patches available for all affected versions. No public exploit identified at time of analysis, though the high CVSS 7.0 s

Local privilege escalation in Windows Push Notifications across Windows 10/11 and Server 2016-2025 allows low-privileged authenticated users to gain SYSTEM-level access via race condition exploitation. The vulnerability affects all currently supported Windows versions with confirmed vendor patches available. Attack complexity is low with no user interaction required, enabling straightforward exploitation once local access is obtained. The scope change (S:C) indicates the attacker can impact reso

Type confusion in Windows OLE (Object Linking and Embedding) enables authenticated local attackers to escalate privileges across all supported Windows 10, 11, and Server versions (2012-2025). The memory corruption flaw allows low-privileged users to execute code with elevated permissions through incompatible type handling. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the low attack complexity (AC:L) and lack of user interaction (UI:N) make this accessible to attackers with basic local access.

Local privilege escalation in Windows Remote Desktop Licensing Service affects all supported Windows 10, Windows 11, and Windows Server versions (2012-2025) via missing authentication on a critical function. Authenticated local attackers with low privileges can exploit this CWE-306 authentication bypass to gain SYSTEM-level access with high impact to confidentiality, integrity, and availability (CVSS 7.8). Patch available per vendor; no public exploit identified at time of analysis. The wide foo

Microsoft Local Security Authority Subsystem Service (LSASS) information disclosure vulnerability allows authenticated network attackers to read sensitive memory contents via a bounds check bypass in the LSASS process. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), Windows Server 2016, 2019, 2022, and 2025. No public exploit code or active exploitation has been reported; vendor-released patches are available across all affected versions.

Windows Server Update Service (WSUS) fails to properly validate network inputs, allowing unauthenticated remote attackers to cause denial of service across all Windows Server versions from 2012 through 2025. The vulnerability (CVSS 7.5) enables network-based tampering with high availability impact (AV:N/AC:L/PR:N/UI:N/A:H), though confidentiality and integrity remain unaffected. Patch available per vendor advisory; no public exploit identified at time of analysis. The Authentication Bypass tag and PR:N vector confirm attackers require no credentials, making internet-exposed WSUS servers particularly vulnerable.

Windows Remote Desktop spoofing vulnerability allows remote unauthenticated attackers to bypass security warnings and trick users into accepting malicious RDP connections, potentially exposing sensitive session data. Affects all supported Windows 10, 11, and Server versions from 2012 through 2025. Vendor-released patches are available. No public exploit identified at time of analysis, though the low attack complexity (AC:L) and network attack vector (AV:N) indicate exploitation would be straight

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows authorized local attackers to bypass security features, affecting Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2016-2025. With a CVSS score of 5.7 and high privilege requirement (PR:H), the vulnerability requires administrative or high-privilege account access but presents significant confidentiality and integrity risk to isolated security domai