Microsoft Windows 10 21H2 vulnerabilities
1,827 known vulnerabilities affecting microsoft/windows_10_21h2.
Total CVEs
1,827
CISA KEV
87
actively exploited
Public exploits
54
Exploited in wild
97
Severity breakdown
CRITICAL44HIGH1303MEDIUM473LOW7
Vulnerabilities
Page 66 of 92
CVE-2025-29841P3HIGHCVSS 7.0fixed in 10.0.19044.58542025-05-13
CVE-2025-29841 [HIGH] CWE-362 CVE-2025-29841: Concurrent execution using shared resource with improper synchronization ('race condition') in Unive
Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-47975P3HIGHCVSS 7.0fixed in 10.0.19044.60932025-07-08
CVE-2025-47975 [HIGH] CWE-415 CVE-2025-47975: Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-53807P3HIGHCVSS 7.0fixed in 10.0.19044.63322025-09-09
CVE-2025-53807 [HIGH] CWE-362 CVE-2025-53807: Concurrent execution using shared resource with improper synchronization ('race condition') in Micro
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-62218P3HIGHCVSS 7.0fixed in 10.0.19044.65752025-11-11
CVE-2025-62218 [HIGH] CWE-362 CVE-2025-62218: Concurrent execution using shared resource with improper synchronization ('race condition') in Micro
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-59289P3HIGHCVSS 7.0fixed in 10.0.19044.63322025-10-14
CVE-2025-59289 [HIGH] CWE-415 CVE-2025-59289: Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-34341P3HIGHCVSS 7.0fixed in 10.0.19044.72912026-05-12
CVE-2026-34341 [HIGH] CWE-415 CVE-2026-34341: Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-59205P3HIGHCVSS 7.0fixed in 10.0.19044.64562025-10-14
CVE-2025-59205 [HIGH] CWE-362 CVE-2025-59205: Concurrent execution using shared resource with improper synchronization ('race condition') in Micro
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32086P3HIGHCVSS 7.0fixed in 10.0.19044.71842026-04-14
CVE-2026-32086 [HIGH] CWE-362 CVE-2026-32086: Concurrent execution using shared resource with improper synchronization ('race condition') in Funct
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32150P3HIGHCVSS 7.0fixed in 10.0.19044.71842026-04-14
CVE-2026-32150 [HIGH] CWE-362 CVE-2026-32150: Concurrent execution using shared resource with improper synchronization ('race condition') in Funct
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-53716P3MEDIUMCVSS 6.5fixed in 10.0.19044.62162025-08-12
CVE-2025-53716 [MEDIUM] CWE-476 CVE-2025-53716: Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an aut
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.
nvd
CVE-2025-32715P3MEDIUMCVSS 6.5fixed in 10.0.19044.59652025-06-10
CVE-2025-32715 [MEDIUM] CWE-125 CVE-2025-32715: Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
nvd
CVE-2023-32043P3MEDIUMCVSS 6.8fixed in 10.0.19041.32082023-07-11
CVE-2023-32043 [MEDIUM] CWE-327 CVE-2023-32043: Windows Remote Desktop Security Feature Bypass Vulnerability
Windows Remote Desktop Security Feature Bypass Vulnerability
nvd
CVE-2026-24288P3MEDIUMCVSS 6.8fixed in 10.0.19044.70582026-03-10
CVE-2026-24288 [MEDIUM] CWE-122 CVE-2026-24288: Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute co
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack.
nvd
CVE-2025-55226P3MEDIUMCVSS 6.7fixed in 10.0.19044.63322025-09-09
CVE-2025-55226 [MEDIUM] CWE-362 CVE-2025-55226: Concurrent execution using shared resource with improper synchronization ('race condition') in Graph
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.
nvd
CVE-2023-24931P3HIGHCVSS 7.5fixed in 10.0.19044.28462023-04-11
CVE-2023-24931 [HIGH] CWE-125 CVE-2023-24931: Windows Secure Channel Denial of Service Vulnerability
Windows Secure Channel Denial of Service Vulnerability
nvd
CVE-2023-32011P3HIGHCVSS 7.5fixed in 10.0.19044.30862023-06-14
CVE-2023-32011 [HIGH] CWE-125 CVE-2023-32011: Windows iSCSI Discovery Service Denial of Service Vulnerability
Windows iSCSI Discovery Service Denial of Service Vulnerability
nvd
CVE-2023-36912P3HIGHCVSS 7.5fixed in 10.0.19044.33242023-08-08
CVE-2023-36912 [HIGH] CWE-20 CVE-2023-36912: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
nvd
CVE-2023-35338P3HIGHCVSS 7.5fixed in 10.0.19041.32082023-07-11
CVE-2023-35338 [HIGH] CWE-476 CVE-2023-35338: Windows Peer Name Resolution Protocol Denial of Service Vulnerability
Windows Peer Name Resolution Protocol Denial of Service Vulnerability
nvd
CVE-2023-21813P3HIGHCVSS 7.5fixed in 10.0.19044.26042023-02-14
CVE-2023-21813 [HIGH] CWE-126 CVE-2023-21813: Windows Secure Channel Denial of Service Vulnerability
Windows Secure Channel Denial of Service Vulnerability
nvd
CVE-2023-33173P3HIGHCVSS 7.5fixed in 10.0.19041.32082023-07-11
CVE-2023-33173 [HIGH] CWE-126 CVE-2023-33173: Remote Procedure Call Runtime Denial of Service Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
nvd