Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs

1,661

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

SortPage 52 of 84

CVE-2026-27918P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-27918 [HIGH] CWE-362 CVE-2026-27918: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-42911P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-42911 [HIGH] CWE-416 CVE-2026-42911: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-34335P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-34335 [HIGH] CWE-416 CVE-2026-34335: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-33839P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12

CVE-2026-33839 [HIGH] CWE-362 CVE-2026-33839: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-34331P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12

CVE-2026-34331 [HIGH] CWE-362 CVE-2026-34331: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-42912P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-42912 [HIGH] CWE-362 CVE-2026-42912: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-26173P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-26173 [HIGH] CWE-362 CVE-2026-26173: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-50172P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.57682025-08-12

CVE-2025-50172 [MEDIUM] CWE-770 CVE-2025-50172: Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacke Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.

nvd

CVE-2025-58729P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.60602025-10-14

CVE-2025-58729 [MEDIUM] CWE-1287 CVE-2025-58729: Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an auth Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

nvd

CVE-2025-58739P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.60602025-10-14

CVE-2025-58739 [MEDIUM] CWE-200 CVE-2025-58739: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauth Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

nvd

CVE-2025-60723P3MEDIUMCVSS 6.3≥ 10.0.22631.0, < 10.0.22631.61992025-11-11

CVE-2025-60723 [MEDIUM] CWE-362 CVE-2025-60723: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network.

nvd

CVE-2024-49096P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.46022024-12-12

CVE-2024-49096 [HIGH] CWE-400 CVE-2024-49096: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

nvd

CVE-2024-20661P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.30072024-01-09

CVE-2024-20661 [HIGH] CWE-476 CVE-2024-20661: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

nvd

CVE-2025-21230P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21230 [HIGH] CWE-20 CVE-2025-21230: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

nvd

CVE-2024-21342P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.31552024-02-13

CVE-2024-21342 [HIGH] CWE-400 CVE-2024-21342: Windows DNS Client Denial of Service Vulnerability Windows DNS Client Denial of Service Vulnerability

nvd

CVE-2024-49075P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.46022024-12-12

CVE-2024-49075 [HIGH] CWE-400 CVE-2024-49075: Windows Remote Desktop Services Denial of Service Vulnerability Windows Remote Desktop Services Denial of Service Vulnerability

nvd

CVE-2024-38132P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.40372024-08-13

CVE-2024-38132 [HIGH] CWE-125 CVE-2024-38132: Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT) Denial of Service Vulnerability

nvd

CVE-2025-21251P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21251 [HIGH] CWE-400 CVE-2025-21251: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

nvd

CVE-2025-21289P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21289 [HIGH] CWE-400 CVE-2025-21289: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

nvd

CVE-2025-21290P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21290 [HIGH] CWE-400 CVE-2025-21290: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

nvd

← Previous52 / 84Next →