Msrc Windows 11 Version 24H2 vulnerabilities

CVE-2026-24289 [HIGH] CWE-416 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action

CVE-2026-24294 [HIGH] CWE-287 Windows SMB Server Elevation of Privilege Vulnerability Windows SMB Server Elevation of Privilege Vulnerability Description: Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows SMB Server: Windows SMB Server Microsof

CVE-2026-24290 [HIGH] CWE-284 Windows Projected File System Elevation of Privilege Vulnerability Windows Projected File System Elevation of Privilege Vulnerability Description: Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Project

CVE-2026-23673 [HIGH] CWE-125 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2026-25171 [HIGH] CWE-416 Windows Authentication Elevation of Privilege Vulnerability Windows Authentication Elevation of Privilege Vulnerability Description: Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privi

CVE-2026-26128 [HIGH] CWE-287 Windows SMB Server Elevation of Privilege Vulnerability Windows SMB Server Elevation of Privilege Vulnerability Description: Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows SMB Server: Windows SMB Server Microsof

CVE-2026-25181 [HIGH] CWE-125 GDI+ Information Disclosure Vulnerability GDI+ Information Disclosure Vulnerability Description: Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? A successful exploitation can occur within browser or other applications processing metafiles, resulting in an information disclosure where memory values from the current process are leaked to

CVE-2026-26111 [HIGH] CWE-190 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An attacker authenticated on the domain could exploit this vulnerability by tricking

CVE-2026-24295 [HIGH] CWE-362 Windows Device Association Service Elevation of Privilege Vulnerability Windows Device Association Service Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who succe

CVE-2026-25174 [HIGH] CWE-125 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability Windows Extensible File Allocation Table Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privil

CVE-2026-25176 [HIGH] CWE-284 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerabilit

CVE-2026-24287 [HIGH] CWE-73 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Micr

CVE-2026-23672 [HIGH] CWE-125 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Universal Disk Format File System Driver (UDFS): Windows Universal Disk Format File Sys

CVE-2026-24296 [HIGH] CWE-362 Windows Device Association Service Elevation of Privilege Vulnerability Windows Device Association Service Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who succe

CVE-2026-24285 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Previ

CVE-2026-23671 [HIGH] CWE-362 Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vul

CVE-2026-24291 [HIGH] CWE-732 Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability Description: Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attac

CVE-2026-25179 [HIGH] CWE-1287 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exp

CVE-2026-25188 [HIGH] CWE-122 Windows Telephony Service Elevation of Privilege Vulnerability Windows Telephony Service Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ:

CVE-2026-25173 [HIGH] CWE-190 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An attacker authenticated on the domain could exploit this vulnerability by tricking