Microsoft Windows 11 Version 23H2 vulnerabilities

CVE-2024-26161 [HIGH] CWE-122 CVE-2024-26161: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2023-36006 [HIGH] CWE-121 CVE-2023-36006: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21370 [HIGH] CWE-122 CVE-2024-21370: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21366 [HIGH] CWE-122 CVE-2024-21366: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21360 [HIGH] CWE-122 CVE-2024-21360: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21358 [HIGH] CWE-122 CVE-2024-21358: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21365 [HIGH] CWE-122 CVE-2024-21365: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21420 [HIGH] CWE-190 CVE-2024-21420: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-30097 [HIGH] CWE-415 CVE-2024-30097: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

CVE-2024-30006 [HIGH] CWE-416 CVE-2024-30006: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21349 [HIGH] CWE-122 CVE-2024-21349: Microsoft ActiveX Data Objects Remote Code Execution Vulnerability Microsoft ActiveX Data Objects Remote Code Execution Vulnerability

CVE-2025-24056 [HIGH] CWE-122 CVE-2025-24056: Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute co Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.

CVE-2024-30013 [HIGH] CWE-415 CVE-2024-30013: Windows MultiPoint Services Remote Code Execution Vulnerability Windows MultiPoint Services Remote Code Execution Vulnerability

CVE-2026-20871 [HIGH] CWE-416 CVE-2026-20871: Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locall Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.

CVE-2024-43533 [HIGH] CWE-416 CVE-2024-43533: Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability

CVE-2025-27477 [HIGH] CWE-122 CVE-2025-27477: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute c Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

CVE-2024-43599 [HIGH] CWE-416 CVE-2024-43599: Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability

CVE-2025-21222 [HIGH] CWE-122 CVE-2025-21222: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute c Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

CVE-2025-21221 [HIGH] CWE-122 CVE-2025-21221: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute c Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

CVE-2025-21205 [HIGH] CWE-122 CVE-2025-21205: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute c Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.