Microsoft Windows 11 Version 23H2 vulnerabilities
1,660 known vulnerabilities affecting microsoft/windows_11_version_23h2.
Total CVEs
1,660
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM457LOW8
Vulnerabilities
Page 8 of 83
CVE-2023-36423P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.27152023-11-14
CVE-2023-36423 [HIGH] CWE-122 CVE-2023-36423: Microsoft Remote Registry Service Remote Code Execution Vulnerability
Microsoft Remote Registry Service Remote Code Execution Vulnerability
nvd
CVE-2025-50177P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.57682025-08-12
CVE-2025-50177 [HIGH] CWE-362 CVE-2025-50177: Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a net
Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-21285P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21285 [HIGH] CWE-476 CVE-2025-21285: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
nvd
CVE-2025-59295P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-59295 [HIGH] CWE-122 CVE-2025-59295: Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-24051P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.50392025-03-11
CVE-2025-24051 [HIGH] CWE-122 CVE-2025-24051: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
nvd
CVE-2026-25188P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.67832026-03-10
CVE-2026-25188 [HIGH] CWE-122 CVE-2026-25188: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate p
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.
nvd
CVE-2023-35630P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.28612023-12-12
CVE-2023-35630 [HIGH] CWE-122 CVE-2023-35630: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
nvd
CVE-2025-54110P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.59092025-09-09
CVE-2025-54110 [HIGH] CWE-190 CVE-2025-54110: Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges
Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-26230P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.34472024-04-09
CVE-2024-26230 [HIGH] CWE-416 CVE-2024-26230: Windows Telephony Server Elevation of Privilege Vulnerability
Windows Telephony Server Elevation of Privilege Vulnerability
nvd
CVE-2025-21371P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.48902025-02-11
CVE-2025-21371 [HIGH] CWE-122 CVE-2025-21371: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2024-38259P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.41692024-09-10
CVE-2024-38259 [HIGH] CWE-416 CVE-2024-38259: Microsoft Management Console Remote Code Execution Vulnerability
Microsoft Management Console Remote Code Execution Vulnerability
nvd
CVE-2025-21407P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.48902025-02-11
CVE-2025-21407 [HIGH] CWE-122 CVE-2025-21407: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21406P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.48902025-02-11
CVE-2025-21406 [HIGH] CWE-416 CVE-2025-21406: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21190P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.48902025-02-11
CVE-2025-21190 [HIGH] CWE-122 CVE-2025-21190: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21200P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.48902025-02-11
CVE-2025-21200 [HIGH] CWE-122 CVE-2025-21200: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21201P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.48902025-02-11
CVE-2025-21201 [HIGH] CWE-415 CVE-2025-21201: Windows Telephony Server Remote Code Execution Vulnerability
Windows Telephony Server Remote Code Execution Vulnerability
nvd
CVE-2026-45602P3CRITICALCVSS 9.1≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-45602 [CRITICAL] CWE-349 CVE-2026-45602: No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering ov
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
nvd
CVE-2025-33066P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.54722025-06-10
CVE-2025-33066 [HIGH] CWE-122 CVE-2025-33066: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
nvd
CVE-2026-32157P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-32157 [HIGH] CWE-416 CVE-2026-32157: Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a netwo
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-58718P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-58718 [HIGH] CWE-416 CVE-2025-58718: Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a netwo
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
nvd