Msrc Windows Server 2025 vulnerabilities

CVE-2026-24290 [HIGH] CWE-284 Windows Projected File System Elevation of Privilege Vulnerability Windows Projected File System Elevation of Privilege Vulnerability Description: Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Project

CVE-2026-25167 [HIGH] CWE-416 Microsoft Brokering File System Elevation of Privilege Vulnerability Microsoft Brokering File System Elevation of Privilege Vulnerability Description: Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condit

CVE-2026-24295 [HIGH] CWE-362 Windows Device Association Service Elevation of Privilege Vulnerability Windows Device Association Service Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who succe

CVE-2026-24287 [HIGH] CWE-73 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Micr

CVE-2026-24296 [HIGH] CWE-362 Windows Device Association Service Elevation of Privilege Vulnerability Windows Device Association Service Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who succe

CVE-2026-24285 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Previ

CVE-2026-23671 [HIGH] CWE-362 Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vul

CVE-2026-26132 [HIGH] CWE-416 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer

CVE-2026-24292 [HIGH] CWE-416 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Description: Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYST

CVE-2026-25170 [HIGH] CWE-416 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (

CVE-2026-24283 [HIGH] CWE-122 Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Accor

CVE-2026-24293 [HIGH] CWE-476 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerabili

CVE-2026-21248 [HIGH] CWE-122 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? The file must be stored in a location that allows an attacker write access, enabling the file to

CVE-2026-21237 [HIGH] CWE-362 Windows Subsystem for Linux Elevation of Privilege Vulnerability Windows Subsystem for Linux Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? For an attacker to explo

CVE-2026-21255 [HIGH] CWE-284 Windows Hyper-V Security Feature Bypass Vulnerability Windows Hyper-V Security Feature Bypass Vulnerability Description: Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the Virtualization-based Security feature. FAQ: How could an att

CVE-2026-21240 [HIGH] CWE-367 Windows HTTP.sys Elevation of Privilege Vulnerability Windows HTTP.sys Elevation of Privilege Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows HTTP.sys: Windows HT

CVE-2026-21243 [HIGH] CWE-476 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Description: Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. Windows LDAP - Lightweight Directory Access Protocol: Windows LDAP - Lightweight Directory Access Protocol Microsoft: Microsoft Customer A

CVE-2026-21239 [HIGH] CWE-122 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Cus

CVE-2026-21247 [HIGH] CWE-20 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Description: Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? The file must be stored in a location that allows an attacker write access, enabling the file to b

CVE-2026-21245 [HIGH] CWE-122 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Cus