Microsoft Windows 11 Version 23H2 vulnerabilities

CVE-2025-21417 [HIGH] CWE-122 CVE-2025-21417: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21409 [HIGH] CWE-122 CVE-2025-21409: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21339 [HIGH] CWE-122 CVE-2025-21339: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21411 [HIGH] CWE-122 CVE-2025-21411: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21413 [HIGH] CWE-122 CVE-2025-21413: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

CVE-2026-24294 [HIGH] CWE-287 CVE-2026-24294: Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges lo Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.

CVE-2026-42989 [HIGH] CWE-59 CVE-2026-42989: Improper link resolution before file access ('link following') in Winlogon allows an authorized atta Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.

CVE-2026-20820 [HIGH] CWE-122 CVE-2026-20820: Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-62454 [HIGH] CWE-122 CVE-2025-62454: Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker t Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-20856 [HIGH] CWE-20 CVE-2026-20856: Improper input validation in Windows Server Update Service allows an unauthorized attacker to execut Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

CVE-2026-20921 [HIGH] CWE-362 CVE-2026-20921: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-21277 [HIGH] CWE-126 CVE-2025-21277: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2024-26214 [HIGH] CWE-122 CVE-2024-26214: Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability

CVE-2026-24289 [HIGH] CWE-416 CVE-2026-24289: Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2024-43624 [HIGH] CWE-822 CVE-2024-43624: Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability

CVE-2023-36402 [HIGH] CWE-122 CVE-2023-36402: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21367 [HIGH] CWE-122 CVE-2024-21367: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21375 [HIGH] CWE-416 CVE-2024-21375: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21361 [HIGH] CWE-122 CVE-2024-21361: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21368 [HIGH] CWE-122 CVE-2024-21368: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability