Microsoft Windows 10 21H2 vulnerabilities

CVE-2024-30079 [HIGH] CWE-126 CVE-2024-30079: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVE-2025-49689 [HIGH] CWE-125 CVE-2025-49689: Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevat Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

CVE-2024-43501 [HIGH] CWE-59 CVE-2024-43501: Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2025-21271 [HIGH] CWE-126 CVE-2025-21271: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2025-26675 [HIGH] CWE-125 CVE-2025-26675: Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privilege Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

CVE-2024-38153 [HIGH] CWE-367 CVE-2024-38153: Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-38191 [HIGH] CWE-362 CVE-2024-38191: Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability

CVE-2025-24059 [HIGH] CWE-125 CVE-2025-24059: Incorrect conversion between numeric types in Windows Common Log File System Driver allows an author Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2023-32017 [HIGH] CWE-125 CVE-2023-32017: Microsoft PostScript Printer Driver Remote Code Execution Vulnerability Microsoft PostScript Printer Driver Remote Code Execution Vulnerability

CVE-2025-21359 [HIGH] CWE-284 CVE-2025-21359: Windows Kernel Security Feature Bypass Vulnerability Windows Kernel Security Feature Bypass Vulnerability

CVE-2025-26639 [HIGH] CWE-122 CVE-2025-26639: Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-59200 [HIGH] CWE-73 CVE-2025-59200: Concurrent execution using shared resource with improper synchronization ('race condition') in Data Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.

CVE-2025-32716 [HIGH] CWE-125 CVE-2025-32716: Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally. Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.

CVE-2025-32718 [HIGH] CWE-122 CVE-2025-32718: Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges lo Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.

CVE-2025-30385 [HIGH] CWE-416 CVE-2025-30385: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate pri Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-53154 [HIGH] CWE-476 CVE-2025-53154: Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attac Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2025-53141 [HIGH] CWE-476 CVE-2025-53141: Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attac Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2025-49686 [HIGH] CWE-476 CVE-2025-49686: Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges local Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2025-49661 [HIGH] CWE-822 CVE-2025-49661: Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2025-55230 [HIGH] CWE-822 CVE-2025-55230: Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to eleva Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.