Msrc Windows 10 vulnerabilities

CVE-2025-50173 [HIGH] CWE-1390 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Installer: Windows Installer Microsoft: Micro

CVE-2025-53155 [HIGH] CWE-122 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could create a crafted vhdx file and can call the vhdmp api with vhdx as one of the arguments. FAQ: What privileges could be gained by an attacker who successfu

CVE-2025-53722 [HIGH] CWE-400 Windows Remote Desktop Services Denial of Service Vulnerability Windows Remote Desktop Services Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. Windows Remote Desktop Services: Windows Remote Desktop Services Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:

CVE-2025-53725 [HIGH] CWE-843 Windows Push Notifications Apps Elevation of Privilege Vulnerability Windows Push Notifications Apps Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges fro

CVE-2025-50153 [HIGH] CWE-416 Desktop Window Manager Elevation of Privilege Vulnerability Desktop Window Manager Elevation of Privilege Vulnerability Description: Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. FAQ: What privileges could an attacker gain with successful exploitation? An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions wit

CVE-2025-50161 [HIGH] CWE-122 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.

CVE-2025-53718 [HIGH] CWE-416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability r

CVE-2025-53135 [HIGH] CWE-362 DirectX Graphics Kernel Elevation of Privilege Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerabilit

CVE-2025-53724 [HIGH] CWE-843 Windows Push Notifications Apps Elevation of Privilege Vulnerability Windows Push Notifications Apps Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges fro

CVE-2025-53789 [HIGH] CWE-306 Windows StateRepository API Server file Elevation of Privilege Vulnerability Windows StateRepository API Server file Elevation of Privilege Vulnerability Description: Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the

CVE-2025-53140 [HIGH] CWE-416 Windows Kernel Transaction Manager Elevation of Privilege Vulnerability Windows Kernel Transaction Manager Elevation of Privilege Vulnerability Description: Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race conditi

CVE-2025-53145 [HIGH] CWE-843 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an authenticated attacker would need to send a specially crafted MSMQ packet to a

CVE-2025-53778 [HIGH] CWE-287 Windows NTLM Elevation of Privilege Vulnerability Windows NTLM Elevation of Privilege Vulnerability Description: Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows NTLM: Windows NTLM Microsoft: Microsoft Customer

CVE-2025-55230 [HIGH] CWE-822 Windows MBT Transport Driver Elevation of Privilege Vulnerability Windows MBT Transport Driver Elevation of Privilege Vulnerability Description: Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows MBT

CVE-2025-53134 [HIGH] CWE-367 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that

CVE-2025-50155 [HIGH] CWE-843 Windows Push Notifications Apps Elevation of Privilege Vulnerability Windows Push Notifications Apps Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could e

CVE-2025-53143 [HIGH] CWE-843 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an authenticated attacker would need to send a specially crafted MSMQ packet to a

CVE-2025-49762 [HIGH] CWE-362 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vul

CVE-2025-53144 [HIGH] CWE-843 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an authenticated attacker would need to send a specially crafted MSMQ packet to a

CVE-2025-50158 [HIGH] CWE-367 Windows NTFS Information Disclosure Vulnerability Windows NTFS Information Disclosure Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What type