Microsoft Windows 10 21H2 vulnerabilities

CVE-2025-62458 [HIGH] CWE-122 CVE-2025-62458: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privile Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-20926 [HIGH] CWE-362 CVE-2026-20926: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-20919 [HIGH] CWE-362 CVE-2026-20919: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-20934 [HIGH] CWE-362 CVE-2026-20934: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-20848 [HIGH] CWE-362 CVE-2026-20848: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

CVE-2024-21310 [HIGH] CWE-197 CVE-2024-21310: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2025-55681 [HIGH] CWE-125 CVE-2025-55681: Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally. Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.

CVE-2026-20817 [HIGH] CWE-280 CVE-2026-20817: Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an aut Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

CVE-2024-38054 [HIGH] CWE-122 CVE-2024-38054: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

CVE-2024-21369 [HIGH] CWE-122 CVE-2024-21369: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21350 [HIGH] CWE-190 CVE-2024-21350: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-43519 [HIGH] CWE-197 CVE-2024-43519: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2023-29373 [HIGH] CWE-125 CVE-2023-29373: Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2024-38131 [HIGH] CWE-591 CVE-2024-38131: Clipboard Virtual Channel Extension Remote Code Execution Vulnerability Clipboard Virtual Channel Extension Remote Code Execution Vulnerability

CVE-2026-20843 [HIGH] CWE-284 CVE-2026-20843: Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized att Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.

CVE-2026-21238 [HIGH] CWE-284 CVE-2026-21238: Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attack Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2025-59199 [HIGH] CWE-284 CVE-2025-59199: Improper access control in Software Protection Platform (SPP) allows an authorized attacker to eleva Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.

CVE-2026-27914 [HIGH] CWE-284 CVE-2026-27914: Improper access control in Microsoft Management Console allows an authorized attacker to elevate pri Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.

CVE-2026-42980 [HIGH] CWE-122 CVE-2026-42980: Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elev Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

CVE-2025-24035 [HIGH] CWE-591 CVE-2025-24035: Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unau Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.