Windows
Monthly
Critical vulnerability in NETGEAR ProSAFE NMS300 network management system.
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.
Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Epss exploitation probability 21.7%.
Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Epss exploitation probability 49.4%.
Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
Windows CoreMessaging Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Windows Themes Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Windows Nearby Sharing Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Windows Cryptographic Services Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Windows Subsystem for Linux Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Windows Message Queuing Client (MSMQC) Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
A security vulnerability exists in FBX that could lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Windows Kerberos Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0%.
Windows Message Queuing Client (MSMQC) Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.
Windows Group Policy Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows HTML Platforms Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
Windows Print Spooler allows local privilege escalation that was exploited by the Russian GRU's 'Forest Blizzard' (APT28) group using a custom tool called 'GooseEgg' for credential theft and lateral movement in government networks.
Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX controls in Office documents, exploited as a zero-day in targeted attacks before the September 2021 patch.
Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by the Bitter APT group in February 2021 for targeted espionage operations.
A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation probability, public PoC available. Vendor patch is available.
Windows Win32k contains a use-after-free vulnerability enabling local privilege escalation to SYSTEM, exploited in the wild in April 2019 alongside CVE-2019-0803 in targeted campaigns.
Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in April 2019 as part of targeted APT exploit chains.
The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system compromise through crafted web pages, exploited in the wild as a zero-day before the May 2018 patch.
Intel Ethernet diagnostics driver IQVW32.sys/IQVW64.sys allows local users to execute arbitrary code with kernel privileges via crafted IOCTL calls, widely abused as a 'Bring Your Own Vulnerable Driver' (BYOVD) attack vector.
The Win32k kernel-mode driver allows local privilege escalation through a use-after-free in window object handling, chained with CVE-2017-0262 by APT28 for complete exploitation from document open to SYSTEM compromise.
Windows COM Aggregate Marshaler allows local privilege escalation through improper handling of COM object creation, with public exploit code making this a common tool for red teams and adversaries.
Microsoft Office and WordPad allow remote code execution via crafted documents that exploit Windows API handling of OLE objects, weaponized by multiple APT groups and ransomware campaigns as a primary spear-phishing delivery mechanism.
Microsoft IIS 6.0 WebDAV service contains a buffer overflow in the ScStoragePathFromUrl function that allows unauthenticated remote code execution via crafted PROPFIND requests, exploited in the wild since mid-2016.
Windows SMBv1 server contains a remote code execution vulnerability known as 'EternalBlue' that was developed by the NSA, leaked by the Shadow Brokers, and weaponized by WannaCry and NotPetya, causing billions of dollars in global damage.
Windows GDI (Graphics Device Interface) allows local privilege escalation through improper memory handling, attributed to the Zirconium APT group and exploited alongside browser zero-days in targeted campaigns.
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM...
The Win32k kernel-mode driver in Windows Vista through Windows Server 2016 allows local privilege escalation, exploited alongside CVE-2016-7256 in targeted attacks attributed to the Strontium (APT28/Fancy Bear) group.
The Win32k kernel-mode driver in Windows Vista through Windows 10 allows local privilege escalation through an unspecified vulnerability in window object handling, exploited in the wild by APT groups.
Windows Secondary Logon Service improperly processes request handles, allowing local users to escalate privileges to SYSTEM on Windows Vista through Windows 10 via a crafted application.
Microsoft Windows WebDAV client in Vista through Windows 10 contains a local privilege escalation vulnerability. Local attackers can exploit a flaw in the WebDAV Mini-Redirector driver to elevate privileges from standard user to SYSTEM, enabling complete local system compromise.
Adobe Flash Player contains an integer overflow vulnerability that allows remote code execution, exploited in the wild in December 2015, one of the last major Flash zero-days before the industry began phasing out the plugin.
The Adobe Type Manager Font Driver (ATMFD.DLL) in Windows contains a memory corruption vulnerability that allows local privilege escalation, exploited by the Duqu 2.0 malware in targeted attacks against diplomatic entities.
Adobe Flash Player contains a use-after-free in the ByteArray AS3 class that allows remote code execution, infamously leaked from the Hacking Team breach in July 2015 and immediately adopted by multiple exploit kits and APT groups.
Adobe Flash Player contains a heap-based buffer overflow that allows remote code execution, exploited as a zero-day in June 2015 by APT3 (a Chinese cyber espionage group) in phishing campaigns targeting aerospace and defense organizations.
Win32k.sys in Windows Server 2003, Vista, and Server 2008 allows local privilege escalation through a kernel-mode vulnerability, exploited in the wild alongside browser zero-days in April 2015 as part of APT attack chains.
The Windows Kerberos KDC fails to properly validate PAC signatures, allowing any authenticated domain user to forge Kerberos tickets and gain domain administrator privileges. Known as MS14-068, one of the most critical Active Directory vulnerabilities ever disclosed.
Microsoft Windows Server 2003 SP2 contains a local privilege escalation vulnerability via crafted IOCTL calls to tcpip.sys or tcpip6.sys drivers. Local attackers can exploit improper access control in the TCP/IP driver to gain SYSTEM privileges on the server.
Windows OLE improperly handles crafted OLE objects in PowerPoint, allowing remote attackers to execute arbitrary code. This is a variant of the Sandworm OLE attack discovered in October 2014 via crafted PowerPoint presentations.
Windows OLE improperly handles objects in Office documents, allowing remote code execution through crafted OLE objects. Known as the 'Sandworm' attack vector, exploited by Russian APT groups from June through October 2014.
GDI+ in Microsoft Windows and Office fails to properly handle TIFF images, allowing remote code execution through crafted documents, actively exploited in targeted attacks against Pakistani and Middle Eastern organizations.
The EPATHOBJ::pprFlattenRec function in Windows win32k.sys fails to properly initialize list pointers, allowing local users to gain SYSTEM privileges through kernel-mode code execution on Windows XP through Windows 8.
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader...
Adobe Reader and Acrobat contain an unspecified U3D component vulnerability causing memory corruption that allows remote code execution, exploited as a zero-day in December 2011 through crafted PDF files.
Windows afd.sys (Ancillary Function Driver) in XP and Server 2003 improperly validates user-mode input passed to kernel mode, allowing local users to escalate privileges to SYSTEM via a crafted application.
Adobe Flash Player contains a type confusion vulnerability in object handling that allows remote attackers to execute arbitrary code via malicious SWF content, actively exploited in targeted attacks in April 2011.
Adobe Flash Player 10.2 and earlier across all platforms contain an unspecified vulnerability allowing remote code execution, exploited in the wild via Flash content embedded in Microsoft Office documents and web pages.
CVE-2010-2743 is a security vulnerability (CVSS 7.2) that allows local users. Risk factors: public PoC available.
The Windows Task Scheduler in Vista, Server 2008, and Windows 7 contains a privilege escalation vulnerability that allows local users to gain elevated privileges through crafted applications. The scheduler improperly determines the security context for scheduled tasks, enabling attackers to run code with higher privileges than their current user context.
A stack-based buffer overflow in win32k.sys RtlQueryRegistryValues function allows local privilege escalation and UAC bypass on Windows XP through Windows 7 via crafted REG_BINARY registry values.
Windows Shell improperly handles .LNK shortcut files during icon display, allowing local or remote attackers to execute arbitrary code. This vulnerability was famously exploited by the Stuxnet worm to propagate via USB drives in 2010.
Microsoft Windows Help and Support Center in XP and Server 2003 contains a URL validation bypass in the HCP protocol handler. The MPC::HexToNum function mishandles escape sequences, allowing attackers to bypass the trusted documents whitelist and execute arbitrary commands via crafted hcp:// URLs.
The Windows kernel from NT 3.1 through Windows 7 improperly validates BIOS calls on 32-bit x86 platforms with 16-bit application support enabled, allowing local users to gain SYSTEM privileges and bypass UAC.
Adobe Reader and Acrobat contain a use-after-free vulnerability in the Doc.media.newPlayer JavaScript method that was actively exploited as a zero-day in December 2009 via crafted PDF files with ZLib compressed streams.
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation.
CVE-2007-5633 is a security vulnerability (CVSS 7.2) that allows local users. Risk factors: public PoC available.
Critical vulnerability in NETGEAR ProSAFE NMS300 network management system.
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.
Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Epss exploitation probability 21.7%.
Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Epss exploitation probability 49.4%.
Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
Windows CoreMessaging Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Windows Themes Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Windows Nearby Sharing Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Windows Cryptographic Services Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Windows Subsystem for Linux Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Windows Message Queuing Client (MSMQC) Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
A security vulnerability exists in FBX that could lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Windows Kerberos Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0%.
Windows Message Queuing Client (MSMQC) Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.
Windows Group Policy Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows HTML Platforms Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
Windows Print Spooler allows local privilege escalation that was exploited by the Russian GRU's 'Forest Blizzard' (APT28) group using a custom tool called 'GooseEgg' for credential theft and lateral movement in government networks.
Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX controls in Office documents, exploited as a zero-day in targeted attacks before the September 2021 patch.
Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by the Bitter APT group in February 2021 for targeted espionage operations.
A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation probability, public PoC available. Vendor patch is available.
Windows Win32k contains a use-after-free vulnerability enabling local privilege escalation to SYSTEM, exploited in the wild in April 2019 alongside CVE-2019-0803 in targeted campaigns.
Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in April 2019 as part of targeted APT exploit chains.
The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system compromise through crafted web pages, exploited in the wild as a zero-day before the May 2018 patch.
Intel Ethernet diagnostics driver IQVW32.sys/IQVW64.sys allows local users to execute arbitrary code with kernel privileges via crafted IOCTL calls, widely abused as a 'Bring Your Own Vulnerable Driver' (BYOVD) attack vector.
The Win32k kernel-mode driver allows local privilege escalation through a use-after-free in window object handling, chained with CVE-2017-0262 by APT28 for complete exploitation from document open to SYSTEM compromise.
Windows COM Aggregate Marshaler allows local privilege escalation through improper handling of COM object creation, with public exploit code making this a common tool for red teams and adversaries.
Microsoft Office and WordPad allow remote code execution via crafted documents that exploit Windows API handling of OLE objects, weaponized by multiple APT groups and ransomware campaigns as a primary spear-phishing delivery mechanism.
Microsoft IIS 6.0 WebDAV service contains a buffer overflow in the ScStoragePathFromUrl function that allows unauthenticated remote code execution via crafted PROPFIND requests, exploited in the wild since mid-2016.
Windows SMBv1 server contains a remote code execution vulnerability known as 'EternalBlue' that was developed by the NSA, leaked by the Shadow Brokers, and weaponized by WannaCry and NotPetya, causing billions of dollars in global damage.
Windows GDI (Graphics Device Interface) allows local privilege escalation through improper memory handling, attributed to the Zirconium APT group and exploited alongside browser zero-days in targeted campaigns.
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM...
The Win32k kernel-mode driver in Windows Vista through Windows Server 2016 allows local privilege escalation, exploited alongside CVE-2016-7256 in targeted attacks attributed to the Strontium (APT28/Fancy Bear) group.
The Win32k kernel-mode driver in Windows Vista through Windows 10 allows local privilege escalation through an unspecified vulnerability in window object handling, exploited in the wild by APT groups.
Windows Secondary Logon Service improperly processes request handles, allowing local users to escalate privileges to SYSTEM on Windows Vista through Windows 10 via a crafted application.
Microsoft Windows WebDAV client in Vista through Windows 10 contains a local privilege escalation vulnerability. Local attackers can exploit a flaw in the WebDAV Mini-Redirector driver to elevate privileges from standard user to SYSTEM, enabling complete local system compromise.
Adobe Flash Player contains an integer overflow vulnerability that allows remote code execution, exploited in the wild in December 2015, one of the last major Flash zero-days before the industry began phasing out the plugin.
The Adobe Type Manager Font Driver (ATMFD.DLL) in Windows contains a memory corruption vulnerability that allows local privilege escalation, exploited by the Duqu 2.0 malware in targeted attacks against diplomatic entities.
Adobe Flash Player contains a use-after-free in the ByteArray AS3 class that allows remote code execution, infamously leaked from the Hacking Team breach in July 2015 and immediately adopted by multiple exploit kits and APT groups.
Adobe Flash Player contains a heap-based buffer overflow that allows remote code execution, exploited as a zero-day in June 2015 by APT3 (a Chinese cyber espionage group) in phishing campaigns targeting aerospace and defense organizations.
Win32k.sys in Windows Server 2003, Vista, and Server 2008 allows local privilege escalation through a kernel-mode vulnerability, exploited in the wild alongside browser zero-days in April 2015 as part of APT attack chains.
The Windows Kerberos KDC fails to properly validate PAC signatures, allowing any authenticated domain user to forge Kerberos tickets and gain domain administrator privileges. Known as MS14-068, one of the most critical Active Directory vulnerabilities ever disclosed.
Microsoft Windows Server 2003 SP2 contains a local privilege escalation vulnerability via crafted IOCTL calls to tcpip.sys or tcpip6.sys drivers. Local attackers can exploit improper access control in the TCP/IP driver to gain SYSTEM privileges on the server.
Windows OLE improperly handles crafted OLE objects in PowerPoint, allowing remote attackers to execute arbitrary code. This is a variant of the Sandworm OLE attack discovered in October 2014 via crafted PowerPoint presentations.
Windows OLE improperly handles objects in Office documents, allowing remote code execution through crafted OLE objects. Known as the 'Sandworm' attack vector, exploited by Russian APT groups from June through October 2014.
GDI+ in Microsoft Windows and Office fails to properly handle TIFF images, allowing remote code execution through crafted documents, actively exploited in targeted attacks against Pakistani and Middle Eastern organizations.
The EPATHOBJ::pprFlattenRec function in Windows win32k.sys fails to properly initialize list pointers, allowing local users to gain SYSTEM privileges through kernel-mode code execution on Windows XP through Windows 8.
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader...
Adobe Reader and Acrobat contain an unspecified U3D component vulnerability causing memory corruption that allows remote code execution, exploited as a zero-day in December 2011 through crafted PDF files.
Windows afd.sys (Ancillary Function Driver) in XP and Server 2003 improperly validates user-mode input passed to kernel mode, allowing local users to escalate privileges to SYSTEM via a crafted application.
Adobe Flash Player contains a type confusion vulnerability in object handling that allows remote attackers to execute arbitrary code via malicious SWF content, actively exploited in targeted attacks in April 2011.
Adobe Flash Player 10.2 and earlier across all platforms contain an unspecified vulnerability allowing remote code execution, exploited in the wild via Flash content embedded in Microsoft Office documents and web pages.
CVE-2010-2743 is a security vulnerability (CVSS 7.2) that allows local users. Risk factors: public PoC available.
The Windows Task Scheduler in Vista, Server 2008, and Windows 7 contains a privilege escalation vulnerability that allows local users to gain elevated privileges through crafted applications. The scheduler improperly determines the security context for scheduled tasks, enabling attackers to run code with higher privileges than their current user context.
A stack-based buffer overflow in win32k.sys RtlQueryRegistryValues function allows local privilege escalation and UAC bypass on Windows XP through Windows 7 via crafted REG_BINARY registry values.
Windows Shell improperly handles .LNK shortcut files during icon display, allowing local or remote attackers to execute arbitrary code. This vulnerability was famously exploited by the Stuxnet worm to propagate via USB drives in 2010.
Microsoft Windows Help and Support Center in XP and Server 2003 contains a URL validation bypass in the HCP protocol handler. The MPC::HexToNum function mishandles escape sequences, allowing attackers to bypass the trusted documents whitelist and execute arbitrary commands via crafted hcp:// URLs.
The Windows kernel from NT 3.1 through Windows 7 improperly validates BIOS calls on 32-bit x86 platforms with 16-bit application support enabled, allowing local users to gain SYSTEM privileges and bypass UAC.
Adobe Reader and Acrobat contain a use-after-free vulnerability in the Doc.media.newPlayer JavaScript method that was actively exploited as a zero-day in December 2009 via crafted PDF files with ZLib compressed streams.
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation.
CVE-2007-5633 is a security vulnerability (CVSS 7.2) that allows local users. Risk factors: public PoC available.