Msrc Windows 10 Version 1607 For X64-Based Systems vulnerabilities

CVE-2026-24282 [MEDIUM] CWE-125 Push message Routing Service Elevation of Privilege Vulnerability Push message Routing Service Elevation of Privilege Vulnerability Description: Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read portions of heap memory. Push Message Routing Service

CVE-2026-24297 [MEDIUM] CWE-362 Windows Kerberos Security Feature Bypass Vulnerability Windows Kerberos Security Feature Bypass Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? When the group policy is being reapplied, Windows Kerb

CVE-2026-20853 [HIGH] CWE-362 Windows WalletService Elevation of Privilege Vulnerability Windows WalletService Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerab

CVE-2025-62218 [HIGH] CWE-362 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attack

CVE-2025-62219 [HIGH] CWE-415 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Description: Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-60708 [MEDIUM] CWE-822 Storvsp.sys Driver Denial of Service Vulnerability Storvsp.sys Driver Denial of Service Vulnerability Description: Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker c

CVE-2025-60706 [MEDIUM] CWE-125 Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Micr

CVE-2025-53768 [HIGH] CWE-416 Xbox IStorageService Elevation of Privilege Vulnerability Xbox IStorageService Elevation of Privilege Vulnerability Description: Use after free in Xbox allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Xbox: Xbox Microsoft: Microsoft Customer Action Required: Yes Im

CVE-2025-48807 [MEDIUM] CWE-923 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Description: Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? A race condition is triggered when the admin begins administering from the host system and

CVE-2025-49751 [MEDIUM] CWE-820 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Description: Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker

CVE-2025-48799 [HIGH] CWE-59 Windows Update Service Elevation of Privilege Vulnerability Windows Update Service Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could create, modify, or delet

CVE-2025-48822 [HIGH] CWE-125 Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability Description: Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources b

CVE-2024-36350 [MEDIUM] AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue Description: The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see

CVE-2025-47999 [MEDIUM] CWE-820 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Description: Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted netw

CVE-2024-36357 [MEDIUM] AMD: CVE-2024-36357 Transient Scheduler Attack in L1 Data Queue AMD: CVE-2024-36357 Transient Scheduler Attack in L1 Data Queue Description: The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please

CVE-2025-32707 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability? An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigg

CVE-2025-27483 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running

CVE-2025-27741 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running

CVE-2025-27733 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running

CVE-2025-24050 [HIGH] CWE-122 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain Kernel Memory Access. Role: Windows Hyper-V: Role: Windows Hyper-V