Msrc Windows 11 Version 25H2 vulnerabilities

CVE-2026-21247 [HIGH] CWE-20 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Description: Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? The file must be stored in a location that allows an attacker write access, enabling the file to b

CVE-2026-21519 [HIGH] CWE-843 Desktop Window Manager Elevation of Privilege Vulnerability Desktop Window Manager Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2026-21231 [HIGH] CWE-362 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attac

CVE-2026-21253 [HIGH] CWE-416 Mailslot File System Elevation of Privilege Vulnerability Mailslot File System Elevation of Privilege Vulnerability Description: Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be

CVE-2026-21244 [HIGH] CWE-122 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referre

CVE-2026-21238 [HIGH] CWE-284 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerabilit

CVE-2026-21246 [HIGH] CWE-122 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics

CVE-2026-21236 [HIGH] CWE-122 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerabi

CVE-2026-21510 [HIGH] CWE-693 Windows Shell Security Feature Bypass Vulnerability Windows Shell Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? To successfully exploit this vulnerability, an attacker must convince a user to open a malicious link or shortcu

CVE-2026-21513 [HIGH] CWE-693 MSHTML Framework Security Feature Bypass Vulnerability MSHTML Framework Security Feature Bypass Vulnerability Description: Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. FAQ: According to the CVSS metric, the attack vector is user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability? An attacker could exploit this vulnerability by conv

CVE-2026-21533 [HIGH] CWE-269 Windows Remote Desktop Services Elevation of Privilege Vulnerability Windows Remote Desktop Services Elevation of Privilege Vulnerability Description: Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Remo

CVE-2026-21234 [HIGH] CWE-362 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for

CVE-2026-21525 [MEDIUM] CWE-476 Windows Remote Access Connection Manager Denial of Service Vulnerability Windows Remote Access Connection Manager Denial of Service Vulnerability Description: Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: P

CVE-2026-21249 [LOW] CWE-73 Windows NTLM Spoofing Vulnerability Windows NTLM Spoofing Vulnerability Description: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ: According to the CVSS metrics, successful exploitation of this vu

CVE-2026-20931 [HIGH] CWE-73 Windows Telephony Service Elevation of Privilege Vulnerability Windows Telephony Service Elevation of Privilege Vulnerability Description: External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges

CVE-2026-20921 [HIGH] CWE-362 Windows SMB Server Elevation of Privilege Vulnerability Windows SMB Server Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerabilit

CVE-2026-20869 [HIGH] CWE-362 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

CVE-2026-20832 [HIGH] CWE-415 Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could create, modify, or delete files in the security context of the "NT AUTHORITY\SYSTEM" account. Window

CVE-2026-20922 [HIGH] CWE-122 Windows NTFS Remote Code Execution Vulnerability Windows NTFS Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as A

CVE-2026-20848 [HIGH] CWE-362 Windows SMB Server Elevation of Privilege Vulnerability Windows SMB Server Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability coul