Microsoft Windows 10 21H2 vulnerabilities
1,827 known vulnerabilities affecting microsoft/windows_10_21h2.
Total CVEs
1,827
CISA KEV
87
actively exploited
Public exploits
54
Exploited in wild
97
Severity breakdown
CRITICAL44HIGH1303MEDIUM473LOW7
Vulnerabilities
Page 22 of 92
CVE-2023-29372P3HIGHCVSS 8.8fixed in 10.0.19044.30862023-06-14
CVE-2023-29372 [HIGH] CWE-122 CVE-2023-29372: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2025-29967P3HIGHCVSS 8.8fixed in 10.0.19044.58542025-05-13
CVE-2025-29967 [HIGH] CWE-122 CVE-2025-29967: Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to exec
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
nvd
CVE-2023-35315P3HIGHCVSS 8.8fixed in 10.0.19041.32082023-07-11
CVE-2023-35315 [HIGH] CWE-190 CVE-2023-35315: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
nvd
CVE-2026-24291P3HIGHCVSS 7.8fixed in 10.0.19044.70582026-03-10
CVE-2026-24291 [HIGH] CWE-732 CVE-2026-24291: Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBro
Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-55692P3HIGHCVSS 7.8fixed in 10.0.19044.64562025-10-14
CVE-2025-55692 [HIGH] CWE-20 CVE-2025-55692: Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privil
Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-20652P3HIGHCVSS 8.1fixed in 10.0.19044.39302024-01-09
CVE-2024-20652 [HIGH] CWE-73 CVE-2024-20652: Windows HTML Platforms Security Feature Bypass Vulnerability
Windows HTML Platforms Security Feature Bypass Vulnerability
nvd
CVE-2025-59512P3HIGHCVSS 7.8fixed in 10.0.19044.65752025-11-11
CVE-2025-59512 [HIGH] CWE-284 CVE-2025-59512: Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attac
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-20698P3HIGHCVSS 7.8fixed in 10.0.19044.39302024-01-09
CVE-2024-20698 [HIGH] CWE-190 CVE-2024-20698: Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
nvd
CVE-2026-21231P3HIGHCVSS 7.8fixed in 10.0.19044.69372026-02-10
CVE-2026-21231 [HIGH] CWE-362 CVE-2026-21231: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-33835P3HIGHCVSS 7.8fixed in 10.0.19044.72912026-05-12
CVE-2026-33835 [HIGH] CWE-416 CVE-2026-33835: Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate pr
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-30020P3HIGHCVSS 8.1fixed in 10.0.19044.44122024-05-14
CVE-2024-30020 [HIGH] CWE-122 CVE-2024-30020: Windows Cryptographic Services Remote Code Execution Vulnerability
Windows Cryptographic Services Remote Code Execution Vulnerability
nvd
CVE-2024-49126P3HIGHCVSS 8.1fixed in 10.0.19044.52472024-12-12
CVE-2024-49126 [HIGH] CWE-416 CVE-2024-49126: Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
nvd
CVE-2024-49123P3HIGHCVSS 8.1fixed in 10.0.19044.52472024-12-12
CVE-2024-49123 [HIGH] CWE-591 CVE-2024-49123: Windows Remote Desktop Services Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability
nvd
CVE-2024-49132P3HIGHCVSS 8.1fixed in 10.0.19044.52472024-12-12
CVE-2024-49132 [HIGH] CWE-416 CVE-2024-49132: Windows Remote Desktop Services Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability
nvd
CVE-2025-27487P3HIGHCVSS 8.0fixed in 10.0.19044.57372025-04-08
CVE-2025-27487 [HIGH] CWE-122 CVE-2025-27487: Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code ov
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.
nvd
CVE-2026-42905P3HIGHCVSS 7.8fixed in 10.0.19044.74172026-06-09
CVE-2026-42905 [HIGH] CWE-416 CVE-2026-42905: Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
nvd
CVE-2023-23416P3HIGHCVSS 7.8fixed in 10.0.19044.27282023-03-14
CVE-2023-23416 [HIGH] CWE-20 CVE-2023-23416: Windows Cryptographic Services Remote Code Execution Vulnerability
Windows Cryptographic Services Remote Code Execution Vulnerability
nvd
CVE-2024-38052P3HIGHCVSS 7.8fixed in 10.0.19044.46512024-07-09
CVE-2024-38052 [HIGH] CWE-20 CVE-2024-38052: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
nvd
CVE-2023-36400P3HIGHCVSS 8.8fixed in 10.0.19041.36932023-11-14
CVE-2023-36400 [HIGH] CWE-122 CVE-2023-36400: Windows HMAC Key Derivation Elevation of Privilege Vulnerability
Windows HMAC Key Derivation Elevation of Privilege Vulnerability
nvd
CVE-2026-20864P3HIGHCVSS 7.8fixed in 10.0.19044.68092026-01-13
CVE-2026-20864 [HIGH] CWE-122 CVE-2026-20864: Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attac
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
nvd