Microsoft Windows 10 21H2 vulnerabilities

CVE-2025-55233 [HIGH] CWE-125 CVE-2025-55233: Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privile Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CVE-2025-62466 [HIGH] CWE-476 CVE-2025-62466: Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

CVE-2025-62461 [HIGH] CWE-126 CVE-2025-62461: Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to ele Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-62467 [HIGH] CWE-126 CVE-2025-62467: Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to ele Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CVE-2025-59511 [HIGH] CWE-73 CVE-2025-59511: External control of file name or path in Windows WLAN Service allows an authorized attacker to eleva External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.

CVE-2026-25175 [HIGH] CWE-125 CVE-2026-25175: Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.

CVE-2026-24290 [HIGH] CWE-284 CVE-2026-24290: Improper access control in Windows Projected File System allows an authorized attacker to elevate pr Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CVE-2026-40404 [HIGH] CWE-122 CVE-2026-40404: Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

CVE-2026-42837 [HIGH] CWE-125 CVE-2026-42837: Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to ele Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-42828 [HIGH] CWE-126 CVE-2026-42828: Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to ele Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-26153 [HIGH] CWE-125 CVE-2026-26153: Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.

CVE-2025-48000 [HIGH] CWE-362 CVE-2025-48000: Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevat Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

CVE-2026-33834 [HIGH] CWE-284 CVE-2026-33834: Improper access control in Windows Event Logging Service allows an authorized attacker to elevate pr Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

CVE-2025-54895 [HIGH] CWE-190 CVE-2025-54895: Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally.

CVE-2026-20804 [HIGH] CWE-266 CVE-2026-20804: Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

CVE-2025-58714 [HIGH] CWE-284 CVE-2025-58714: Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attack Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-45656 [HIGH] CWE-693 CVE-2026-45656: Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feat Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.

CVE-2026-45641 [HIGH] CWE-843 CVE-2026-45641: Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

CVE-2026-40409 [HIGH] CWE-197 CVE-2026-40409: Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

CVE-2026-27920 [HIGH] CWE-822 CVE-2026-27920: Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an author Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.