Windows Server 2016
Monthly
<p>An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
<p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. Rated medium severity (CVSS 5.4).
<p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.
<p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. Rated high severity (CVSS 7.0).
<p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
<p>A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
<p>A remote code execution vulnerability exists when Windows improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. Rated high severity (CVSS 7.0).
<p>A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. Rated medium severity (CVSS 5.8).
<p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
<p>A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.</p> <p>To exploit the vulnerability, an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.
<p>An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
<p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
<p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Graphics Component Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to. Rated high severity (CVSS 7.0).
<p>An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists in how splwow64.exe handles certain calls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when NTFS improperly checks access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.
<p>A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.
<p>A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
<p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. Rated medium severity (CVSS 4.7).
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.
An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.
<p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. Rated medium severity (CVSS 5.4).
<p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.
<p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. Rated high severity (CVSS 7.0).
<p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
<p>A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
<p>A remote code execution vulnerability exists when Windows improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. Rated high severity (CVSS 7.0).
<p>A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. Rated medium severity (CVSS 5.8).
<p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
<p>A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
<p>An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.</p> <p>To exploit the vulnerability, an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.
<p>An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
<p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
<p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Graphics Component Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to. Rated high severity (CVSS 7.0).
<p>An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists in how splwow64.exe handles certain calls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
<p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
<p>An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when NTFS improperly checks access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.
<p>A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
<p>A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.
<p>A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
<p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
<p>An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. Rated medium severity (CVSS 4.7).
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.
An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.