Msrc Windows 10 Version 1809 For X64-Based Systems vulnerabilities

CVE-2026-23667 [HIGH] CWE-416 Broadcast DVR Elevation of Privilege Vulnerability Broadcast DVR Elevation of Privilege Vulnerability Description: Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level. FAQ: According to the CVSS me

CVE-2026-25189 [HIGH] CWE-416 Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability Description: Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: Windows DWM C

CVE-2026-24282 [MEDIUM] CWE-125 Push message Routing Service Elevation of Privilege Vulnerability Push message Routing Service Elevation of Privilege Vulnerability Description: Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read portions of heap memory. Push Message Routing Service

CVE-2026-24297 [MEDIUM] CWE-362 Windows Kerberos Security Feature Bypass Vulnerability Windows Kerberos Security Feature Bypass Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? When the group policy is being reapplied, Windows Kerb

CVE-2026-20810 [HIGH] CWE-590 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulne

CVE-2026-20853 [HIGH] CWE-362 Windows WalletService Elevation of Privilege Vulnerability Windows WalletService Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerab

CVE-2026-20825 [MEDIUM] CWE-284 Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability Description: Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Guest VM to Hyper-V host server - virtualization security bou

CVE-2026-20829 [MEDIUM] CWE-125 TPM Trustlet Information Disclosure Vulnerability TPM Trustlet Information Disclosure Vulnerability Description: Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected appl

CVE-2025-62218 [HIGH] CWE-362 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attack

CVE-2025-59515 [HIGH] CWE-416 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability Windows Broadcast DVR User Service Elevation of Privilege Vulnerability Description: Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race

CVE-2025-60717 [HIGH] CWE-416 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability Windows Broadcast DVR User Service Elevation of Privilege Vulnerability Description: Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privil

CVE-2025-62219 [HIGH] CWE-415 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability Description: Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-60708 [MEDIUM] CWE-822 Storvsp.sys Driver Denial of Service Vulnerability Storvsp.sys Driver Denial of Service Vulnerability Description: Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker c

CVE-2025-60706 [MEDIUM] CWE-125 Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Micr

CVE-2025-53768 [HIGH] CWE-416 Xbox IStorageService Elevation of Privilege Vulnerability Xbox IStorageService Elevation of Privilege Vulnerability Description: Use after free in Xbox allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Xbox: Xbox Microsoft: Microsoft Customer Action Required: Yes Im

CVE-2025-54092 [HIGH] CWE-362 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM pr

CVE-2025-55224 [HIGH] CWE-362 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack coul

CVE-2025-54115 [HIGH] CWE-362 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM pr

CVE-2025-48807 [MEDIUM] CWE-923 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Description: Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? A race condition is triggered when the admin begins administering from the host system and

CVE-2025-49751 [MEDIUM] CWE-820 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Description: Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker