Msrc Windows 10 Version 1607 For 32-Bit Systems vulnerabilities

CVE-2026-24282 [MEDIUM] CWE-125 Push message Routing Service Elevation of Privilege Vulnerability Push message Routing Service Elevation of Privilege Vulnerability Description: Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read portions of heap memory. Push Message Routing Service

CVE-2026-24297 [MEDIUM] CWE-362 Windows Kerberos Security Feature Bypass Vulnerability Windows Kerberos Security Feature Bypass Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? When the group policy is being reapplied, Windows Kerb

CVE-2026-20853 [HIGH] CWE-362 Windows WalletService Elevation of Privilege Vulnerability Windows WalletService Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerab

CVE-2025-62218 [HIGH] CWE-362 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attack

CVE-2025-62219 [HIGH] CWE-415 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Description: Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-53768 [HIGH] CWE-416 Xbox IStorageService Elevation of Privilege Vulnerability Xbox IStorageService Elevation of Privilege Vulnerability Description: Use after free in Xbox allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Xbox: Xbox Microsoft: Microsoft Customer Action Required: Yes Im

CVE-2025-48799 [HIGH] CWE-59 Windows Update Service Elevation of Privilege Vulnerability Windows Update Service Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could create, modify, or delet

CVE-2024-36350 [MEDIUM] AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue Description: The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see

CVE-2024-36357 [MEDIUM] AMD: CVE-2024-36357 Transient Scheduler Attack in L1 Data Queue AMD: CVE-2024-36357 Transient Scheduler Attack in L1 Data Queue Description: The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please

CVE-2025-32707 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability? An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigg

CVE-2025-27483 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running

CVE-2025-27741 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running

CVE-2025-27733 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running

CVE-2025-24983 [HIGH] CWE-416 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Description: Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-21304 [HIGH] CWE-416 Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability FAQ: What privileges could an attacker gain with successful exploitation? An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process. This could lead to further system compromise and unauthoriz

CVE-2024-43645 [MEDIUM] CWE-693 Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploits this vulnerability could bypass Windows Defender Application Control (WDAC) enforcement. This could lead to the ability to run unauthorized applications on target sy

CVE-2024-43487 [MEDIUM] CWE-693 Windows Mark of the Web Security Feature Bypass Vulnerability Windows Mark of the Web Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send

CVE-2024-38159 [CRITICAL] CWE-416 Windows Network Virtualization Remote Code Execution Vulnerability Windows Network Virtualization Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average

CVE-2024-38160 [CRITICAL] CWE-122 Windows Network Virtualization Remote Code Execution Vulnerability Windows Network Virtualization Remote Code Execution Vulnerability FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content. FAQ: According to the CVSS metric, privileges required is high (PR:

CVE-2024-26182 [HIGH] CWE-416 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest So