Msrc Windows 10 For 32-Bit Systems vulnerabilities

CVE-2025-53768 [HIGH] CWE-416 Xbox IStorageService Elevation of Privilege Vulnerability Xbox IStorageService Elevation of Privilege Vulnerability Description: Use after free in Xbox allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Xbox: Xbox Microsoft: Microsoft Customer Action Required: Yes Im

CVE-2025-32707 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability? An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigg

CVE-2025-27483 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running

CVE-2025-27741 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running

CVE-2025-27733 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running

CVE-2025-27472 [MEDIUM] CWE-693 Windows Mark of the Web Security Feature Bypass Vulnerability Windows Mark of the Web Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for thi

CVE-2025-24983 [HIGH] CWE-416 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Description: Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-43645 [MEDIUM] CWE-693 Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploits this vulnerability could bypass Windows Defender Application Control (WDAC) enforcement. This could lead to the ability to run unauthorized applications on target sy

CVE-2024-43491 [CRITICAL] CWE-416 Microsoft Windows Update Remote Code Execution Vulnerability Microsoft Windows Update Remote Code Execution Vulnerability Description: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows

CVE-2024-43487 [MEDIUM] CWE-693 Windows Mark of the Web Security Feature Bypass Vulnerability Windows Mark of the Web Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send

CVE-2024-26245 [HIGH] CWE-125 Windows SMB Elevation of Privilege Vulnerability Windows SMB Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software

CVE-2023-35633 [HIGH] CWE-59 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Sof

CVE-2023-35629 [MEDIUM] CWE-125 Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability Windows USB Mass Storage Class Driver: Windows USB Mass Storage Class Driver Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/sit

CVE-2023-29336 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K: Windows Win32K Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:Yes;Latest Software Release:

CVE-2023-28226 [MEDIUM] CWE-347 Windows Enroll Engine Security Feature Bypass Vulnerability Windows Enroll Engine Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. FAQ: Wh

CVE-2023-21803 [CRITICAL] CWE-190 Windows iSCSI Discovery Service Remote Code Execution Vulnerability Windows iSCSI Discovery Service Remote Code Execution Vulnerability FAQ: How could an attacker exploit the vulnerability? An attacker could exploit the vulnerability by sending a specially crafted malicious DHCP discovery request to the iSCSI Discovery Service on 32-bit machines. An attacker who successfully exploited the vulnerability could then gain the ability to execute code on the target s

CVE-2022-44673 [HIGH] Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

CVE-2022-30144 [HIGH] Windows Bluetooth Service Remote Code Execution Vulnerability Windows Bluetooth Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include

CVE-2022-21967 [HIGH] Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: The security updates for this vulnerability are all Windows

CVE-2022-21899 [MEDIUM] Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Windows UEFI: Windows UEFI Microsoft: Microsoft Customer Action Required: Yes Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Sear