Microsoft Windows 10 21H2 vulnerabilities

CVE-2025-59277 [HIGH] CWE-1287 CVE-2025-59277: Improper validation of specified type of input in Windows Authentication Methods allows an authorize Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

CVE-2026-24292 [HIGH] CWE-416 CVE-2026-24292: Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to eleva Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

CVE-2026-41088 [HIGH] CWE-73 CVE-2026-41088: Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver f Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2025-54092 [HIGH] CWE-362 CVE-2025-54092: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

CVE-2026-34344 [HIGH] CWE-843 CVE-2026-34344: Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver f Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2025-55224 [HIGH] CWE-362 CVE-2025-55224: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

CVE-2025-55228 [HIGH] CWE-362 CVE-2025-55228: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

CVE-2026-42916 [HIGH] CWE-190 CVE-2026-42916: Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elev Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-40408 [HIGH] CWE-416 CVE-2026-40408: Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges lo Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

CVE-2026-27915 [HIGH] CWE-416 CVE-2026-27915: Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker t Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

CVE-2026-26162 [HIGH] CWE-843 CVE-2026-26162: Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized at Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.

CVE-2026-26163 [HIGH] CWE-415 CVE-2026-26163: Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-20874 [HIGH] CWE-362 CVE-2026-20874: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20918 [HIGH] CWE-362 CVE-2026-20918: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20873 [HIGH] CWE-362 CVE-2026-20873: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2024-38019 [HIGH] CWE-190 CVE-2024-38019: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

CVE-2025-53768 [HIGH] CWE-362 CVE-2025-53768: Use after free in Xbox allows an authorized attacker to elevate privileges locally. Use after free in Xbox allows an authorized attacker to elevate privileges locally.

CVE-2026-20861 [HIGH] CWE-362 CVE-2026-20861: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20867 [HIGH] CWE-362 CVE-2026-20867: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-20866 [HIGH] CWE-362 CVE-2026-20866: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.