Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs

1,661

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

SortPage 63 of 84

CVE-2024-26253P4MEDIUMCVSS 6.8≥ 10.0.22631.0, < 10.0.22631.34472024-04-09

CVE-2024-26253 [MEDIUM] CWE-20 CVE-2024-26253: Windows rndismp6.sys Remote Code Execution Vulnerability Windows rndismp6.sys Remote Code Execution Vulnerability

nvd

CVE-2025-48800P4MEDIUMCVSS 6.8≥ 10.0.22631.0, < 10.0.22631.56242025-07-08

CVE-2025-48800 [MEDIUM] CWE-693 CVE-2025-48800: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a securi Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

nvd

CVE-2025-48003P4MEDIUMCVSS 6.8≥ 10.0.22631.0, < 10.0.22631.56242025-07-08

CVE-2025-48003 [MEDIUM] CWE-693 CVE-2025-48003: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a securi Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

nvd

CVE-2026-45658P4MEDIUMCVSS 6.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-45658 [MEDIUM] CWE-284 CVE-2026-45658: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a securi Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

nvd

CVE-2025-29954P4MEDIUMCVSS 5.9≥ 10.0.22631.0, < 10.0.22631.53352025-05-13

CVE-2025-29954 [MEDIUM] CWE-400 CVE-2025-29954: Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

nvd

CVE-2024-30034P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.35932024-05-14

CVE-2024-30034 [MEDIUM] CWE-843 CVE-2024-30034: Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

nvd

CVE-2025-29956P4MEDIUMCVSS 5.4≥ 10.0.22631.0, < 10.0.22631.53352025-05-13

CVE-2025-29956 [MEDIUM] CWE-126 CVE-2025-29956: Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.

nvd

CVE-2025-62567P4MEDIUMCVSS 5.3≥ 10.0.22631.0, < 10.0.22631.63452025-12-09

CVE-2025-62567 [MEDIUM] CWE-191 CVE-2025-62567: Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny serv Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.

nvd

CVE-2026-25185P4MEDIUMCVSS 5.3≥ 10.0.22631.0, < 10.0.22631.67832026-03-10

CVE-2026-25185 [MEDIUM] CWE-200 CVE-2026-25185: Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows a Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network.

nvd

CVE-2024-43534P4MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.43172024-10-08

CVE-2024-43534 [MEDIUM] CWE-125 CVE-2024-43534: Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability

nvd

CVE-2025-50158P4HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.57682025-08-12

CVE-2025-50158 [HIGH] CWE-367 CVE-2025-50158: Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.

nvd

CVE-2025-26637P4MEDIUMCVSS 6.8≥ 10.0.22631.0, < 10.0.22631.51892025-04-08

CVE-2025-26637 [MEDIUM] CWE-693 CVE-2025-26637: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a securi Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

nvd

CVE-2025-48804P4MEDIUMCVSS 6.8≥ 10.0.22631.0, < 10.0.22631.56242025-07-08

CVE-2025-48804 [MEDIUM] CWE-349 CVE-2025-48804: Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorize Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

nvd

CVE-2025-48818P4MEDIUMCVSS 6.8≥ 10.0.22631.0, < 10.0.22631.56242025-07-08

CVE-2025-48818 [MEDIUM] CWE-367 CVE-2025-48818: Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attack Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

nvd

CVE-2025-48001P4MEDIUMCVSS 6.8≥ 10.0.22631.0, < 10.0.22631.56242025-07-08

CVE-2025-48001 [MEDIUM] CWE-367 CVE-2025-48001: Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attack Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

nvd

CVE-2024-21430P4MEDIUMCVSS 6.4≥ 10.0.22631.0, < 10.0.22631.32962024-03-12

CVE-2024-21430 [MEDIUM] CWE-125 CVE-2024-21430: Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability

nvd

CVE-2024-21339P4MEDIUMCVSS 6.4≥ 10.0.22631.0, < 10.0.22631.31552024-02-13

CVE-2024-21339 [MEDIUM] CWE-416 CVE-2024-21339: Windows USB Generic Parent Driver Remote Code Execution Vulnerability Windows USB Generic Parent Driver Remote Code Execution Vulnerability

nvd

CVE-2026-20821P4MEDIUMCVSS 6.2≥ 10.0.22631.0, < 10.0.22631.64912026-01-13

CVE-2026-20821 [MEDIUM] CWE-200 CVE-2026-20821: Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows a Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.

nvd

CVE-2025-27471P4MEDIUMCVSS 5.9≥ 10.0.22631.0, < 10.0.22631.51892025-04-08

CVE-2025-27471 [MEDIUM] CWE-591 CVE-2025-27471: Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthor Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network.

nvd

CVE-2026-20824P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13

CVE-2026-20824 [MEDIUM] CWE-693 CVE-2026-20824: Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.

nvd

← Previous63 / 84Next →