Microsoft Windows 11 Version 23H2 vulnerabilities

CVE-2025-62462 [HIGH] CWE-126 CVE-2025-62462: Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privilege Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CVE-2025-62457 [HIGH] CWE-125 CVE-2025-62457: Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevat Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-62464 [HIGH] CWE-126 CVE-2025-62464: Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privilege Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CVE-2025-55233 [HIGH] CWE-125 CVE-2025-55233: Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privile Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CVE-2025-62466 [HIGH] CWE-476 CVE-2025-62466: Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

CVE-2025-62461 [HIGH] CWE-126 CVE-2025-62461: Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to ele Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-62467 [HIGH] CWE-126 CVE-2025-62467: Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to ele Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CVE-2025-59511 [HIGH] CWE-73 CVE-2025-59511: External control of file name or path in Windows WLAN Service allows an authorized attacker to eleva External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.

CVE-2026-25175 [HIGH] CWE-125 CVE-2026-25175: Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.

CVE-2026-24290 [HIGH] CWE-284 CVE-2026-24290: Improper access control in Windows Projected File System allows an authorized attacker to elevate pr Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CVE-2026-40404 [HIGH] CWE-122 CVE-2026-40404: Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

CVE-2026-42837 [HIGH] CWE-125 CVE-2026-42837: Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to ele Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-42828 [HIGH] CWE-126 CVE-2026-42828: Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to ele Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-27907 [HIGH] CWE-191 CVE-2026-27907: Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized att Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

CVE-2026-26153 [HIGH] CWE-125 CVE-2026-26153: Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.

CVE-2025-48000 [HIGH] CWE-362 CVE-2025-48000: Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevat Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

CVE-2026-33834 [HIGH] CWE-284 CVE-2026-33834: Improper access control in Windows Event Logging Service allows an authorized attacker to elevate pr Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

CVE-2025-54895 [HIGH] CWE-190 CVE-2025-54895: Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally.

CVE-2026-20804 [HIGH] CWE-266 CVE-2026-20804: Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

CVE-2025-58714 [HIGH] CWE-284 CVE-2025-58714: Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attack Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.