Microsoft Windows 11 Version 23H2 vulnerabilities

1,660 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs

1,660

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL25HIGH1170MEDIUM457LOW8

Vulnerabilities

SortPage 7 of 83

CVE-2024-30017P2HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.35932024-05-14

CVE-2024-30017 [HIGH] CWE-122 CVE-2024-30017: Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability

nvd

CVE-2024-38104P2HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.38802024-07-09

CVE-2024-38104 [HIGH] CWE-822 CVE-2024-38104: Windows Fax Service Remote Code Execution Vulnerability Windows Fax Service Remote Code Execution Vulnerability

nvd

CVE-2024-38116P2HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.40372024-08-13

CVE-2024-38116 [HIGH] CWE-122 CVE-2024-38116: Windows IP Routing Management Snapin Remote Code Execution Vulnerability Windows IP Routing Management Snapin Remote Code Execution Vulnerability

nvd

CVE-2025-50171P2CRITICALCVSS 9.1≥ 10.0.22631.0, < 10.0.22631.57682025-08-12

CVE-2025-50171 [CRITICAL] CWE-862 CVE-2025-50171: Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing o Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.

nvd

CVE-2026-20868P2HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.64912026-01-13

CVE-2026-20868 [HIGH] CWE-122 CVE-2026-20868: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

nvd

CVE-2026-23669P2HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.67832026-03-10

CVE-2026-23669 [HIGH] CWE-416 CVE-2026-23669: Use after free in RPC Runtime allows an authorized attacker to execute code over a network. Use after free in RPC Runtime allows an authorized attacker to execute code over a network.

nvd

CVE-2025-21376P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.48902025-02-11

CVE-2025-21376 [HIGH] CWE-122 CVE-2025-21376: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

nvd

CVE-2024-49080P2HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.46022024-12-12

CVE-2024-49080 [HIGH] CWE-122 CVE-2024-49080: Windows IP Routing Management Snapin Remote Code Execution Vulnerability Windows IP Routing Management Snapin Remote Code Execution Vulnerability

nvd

CVE-2025-64678P2HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.61992025-12-09

CVE-2025-64678 [HIGH] CWE-122 CVE-2025-64678: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-26670P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.51892025-04-08

CVE-2025-26670 [HIGH] CWE-416 CVE-2025-26670: Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attack Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-49708P3CRITICALCVSS 9.9≥ 10.0.22631.0, < 10.0.22631.60602025-10-14

CVE-2025-49708 [CRITICAL] CWE-416 CVE-2025-49708: Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges o Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.

nvd

CVE-2024-43452P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.44602024-11-12

CVE-2024-43452 [HIGH] CWE-367 CVE-2024-43452: Windows Registry Elevation of Privilege Vulnerability Windows Registry Elevation of Privilege Vulnerability

nvd

CVE-2025-53722P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.57682025-08-12

CVE-2025-53722 [HIGH] CWE-400 CVE-2025-53722: Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.

nvd

CVE-2023-35641P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.28612023-12-12

CVE-2023-35641 [HIGH] CWE-682 CVE-2023-35641: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

nvd

CVE-2025-49724P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.56242025-07-08

CVE-2025-49724 [HIGH] CWE-416 CVE-2025-49724: Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to exec Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.

nvd

CVE-2024-30078P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.37372024-06-11

CVE-2024-30078 [HIGH] CWE-20 CVE-2024-30078: Windows Wi-Fi Driver Remote Code Execution Vulnerability Windows Wi-Fi Driver Remote Code Execution Vulnerability

nvd

CVE-2025-33070P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.54722025-06-10

CVE-2025-33070 [HIGH] CWE-908 CVE-2025-33070: Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privile Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.

nvd

CVE-2024-38240P3CRITICALCVSS 9.8≥ 10.0.22631.0, < 10.0.22631.41692024-09-10

CVE-2024-38240 [CRITICAL] CWE-125 CVE-2024-38240: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

nvd

CVE-2025-26645P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.50392025-03-11

CVE-2025-26645 [HIGH] CWE-23 CVE-2025-26645: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code ove Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

nvd

CVE-2024-20678P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.34472024-04-09

CVE-2024-20678 [HIGH] CWE-843 CVE-2024-20678: Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability

nvd

← Previous7 / 83Next →