Microsoft Windows 10 21H2 vulnerabilities
1,827 known vulnerabilities affecting microsoft/windows_10_21h2.
Total CVEs
1,827
CISA KEV
87
actively exploited
Public exploits
54
Exploited in wild
97
Severity breakdown
CRITICAL44HIGH1303MEDIUM473LOW7
Vulnerabilities
Page 18 of 92
CVE-2025-21411P3HIGHCVSS 8.8fixed in 10.0.19044.53712025-01-14
CVE-2025-21411 [HIGH] CWE-122 CVE-2025-21411: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21413P3HIGHCVSS 8.8fixed in 10.0.19044.53712025-01-14
CVE-2025-21413 [HIGH] CWE-122 CVE-2025-21413: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2026-24294P3HIGHCVSS 7.8fixed in 10.0.19044.70582026-03-10
CVE-2026-24294 [HIGH] CWE-287 CVE-2026-24294: Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges lo
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-42989P3HIGHCVSS 7.8fixed in 10.0.19044.74172026-06-09
CVE-2026-42989 [HIGH] CWE-59 CVE-2026-42989: Improper link resolution before file access ('link following') in Winlogon allows an authorized atta
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20820P3HIGHCVSS 7.8fixed in 10.0.19044.68092026-01-13
CVE-2026-20820 [HIGH] CWE-122 CVE-2026-20820: Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-62454P3HIGHCVSS 7.8fixed in 10.0.19044.66912025-12-09
CVE-2025-62454 [HIGH] CWE-122 CVE-2025-62454: Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker t
Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20856P3HIGHCVSS 8.1fixed in 10.0.19044.68092026-01-13
CVE-2026-20856 [HIGH] CWE-20 CVE-2026-20856: Improper input validation in Windows Server Update Service allows an unauthorized attacker to execut
Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
nvd
CVE-2023-21818P3HIGHCVSS 7.5fixed in 10.0.19044.26042023-02-14
CVE-2023-21818 [HIGH] CWE-20 CVE-2023-21818: Windows Secure Channel Denial of Service Vulnerability
Windows Secure Channel Denial of Service Vulnerability
nvd
CVE-2026-20921P3HIGHCVSS 7.5fixed in 10.0.19044.68092026-01-13
CVE-2026-20921 [HIGH] CWE-362 CVE-2026-20921: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2025-21277P3HIGHCVSS 7.5fixed in 10.0.19044.53712025-01-14
CVE-2025-21277 [HIGH] CWE-126 CVE-2025-21277: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
nvd
CVE-2024-26214P3HIGHCVSS 8.8fixed in 10.0.19044.42912024-04-09
CVE-2024-26214 [HIGH] CWE-122 CVE-2024-26214: Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability
Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability
nvd
CVE-2026-24289P3HIGHCVSS 7.8fixed in 10.0.19044.70582026-03-10
CVE-2026-24289 [HIGH] CWE-416 CVE-2026-24289: Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-43624P3HIGHCVSS 8.8fixed in 10.0.19044.51312024-11-12
CVE-2024-43624 [HIGH] CWE-822 CVE-2024-43624: Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
nvd
CVE-2023-36402P3HIGHCVSS 8.8fixed in 10.0.19041.36932023-11-14
CVE-2023-36402 [HIGH] CWE-122 CVE-2023-36402: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2023-28297P3HIGHCVSS 8.8fixed in 10.0.19044.24862023-04-11
CVE-2023-28297 [HIGH] CWE-416 CVE-2023-28297: Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability
Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability
nvd
CVE-2024-21367P3HIGHCVSS 8.8fixed in 10.0.19044.40462024-02-13
CVE-2024-21367 [HIGH] CWE-122 CVE-2024-21367: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21375P3HIGHCVSS 8.8fixed in 10.0.19044.40462024-02-13
CVE-2024-21375 [HIGH] CWE-416 CVE-2024-21375: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21361P3HIGHCVSS 8.8fixed in 10.0.19044.40462024-02-13
CVE-2024-21361 [HIGH] CWE-122 CVE-2024-21361: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21368P3HIGHCVSS 8.8fixed in 10.0.19044.40462024-02-13
CVE-2024-21368 [HIGH] CWE-122 CVE-2024-21368: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21359P3HIGHCVSS 8.8fixed in 10.0.19044.40462024-02-13
CVE-2024-21359 [HIGH] CWE-122 CVE-2024-21359: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd