Msrc Windows 10 Version 1809 vulnerabilities

CVE-2025-49690 [HIGH] CWE-362 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does th

CVE-2025-49726 [HIGH] CWE-416 Windows Notification Elevation of Privilege Vulnerability Windows Notification Elevation of Privilege Vulnerability Description: Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-

CVE-2025-47975 [HIGH] CWE-415 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Description: Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability r

CVE-2025-49660 [HIGH] CWE-416 Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Description: Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Event Tracing: Windows Event Tracing Mi

CVE-2025-47971 [HIGH] CWE-126 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Description: Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability? An attacker can trick a local user on a vulnerable system int

CVE-2025-48815 [HIGH] CWE-843 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who

CVE-2025-49725 [HIGH] CWE-416 Windows Notification Elevation of Privilege Vulnerability Windows Notification Elevation of Privilege Vulnerability Description: Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-

CVE-2025-49683 [HIGH] CWE-190 Microsoft Virtual Hard Disk Remote Code Execution Vulnerability Microsoft Virtual Hard Disk Remote Code Execution Vulnerability Description: Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability? An attacker can trick a local user on a vulnerable syst

CVE-2025-47976 [HIGH] CWE-416 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Description: Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability coul

CVE-2025-47991 [HIGH] CWE-416 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Description: Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race

CVE-2025-47985 [HIGH] CWE-822 Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Description: Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Event Tracing: Windows Ev

CVE-2025-49727 [HIGH] CWE-122 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K - GRFX: Windows Win32K - GRFX Microsoft: Microsoft

CVE-2025-49733 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. Windows Win32K - ICOMP:

CVE-2025-49744 [HIGH] CWE-122 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? To successfully exploit this vulnerability, an attacker would need to gain elevated privil

CVE-2025-49675 [HIGH] CWE-416 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Description: Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM p

CVE-2025-47986 [HIGH] CWE-416 Universal Print Management Service Elevation of Privilege Vulnerability Universal Print Management Service Elevation of Privilege Vulnerability Description: Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a contained execution e

CVE-2025-49730 [HIGH] CWE-367 Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability

CVE-2025-49732 [HIGH] CWE-122 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to t

CVE-2025-49659 [HIGH] CWE-126 Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability Description: Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could g

CVE-2025-49691 [HIGH] CWE-122 Windows Miracast Wireless Display Remote Code Execution Vulnerability Windows Miracast Wireless Display Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could project to a vulnerable system on the same wireless network that was configured to allow "Projecting to this