Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows 10 21h2
Subscriptions
Total
1916 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60704 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2026-02-26 | 7.5 High |
| Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-60705 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2026-02-26 | 7.8 High |
| Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60707 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1809 and 17 more | 2026-02-26 | 7.8 High |
| Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60709 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2026-02-26 | 7.8 High |
| Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60719 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2026-02-26 | 7 High |
| Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62217 | 1 Microsoft | 26 Windows, Windows 10, Windows 10 1607 and 23 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62218 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1607 and 12 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62219 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1607 and 12 more | 2026-02-26 | 7 High |
| Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62452 | 1 Microsoft | 26 Windows, Windows 10, Windows 10 1607 and 23 more | 2026-02-26 | 8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-59514 | 1 Microsoft | 26 Windows 10, Windows 10 1607, Windows 10 1809 and 23 more | 2026-02-26 | 7.8 High |
| Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59515 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1809 and 17 more | 2026-02-26 | 7 High |
| Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60714 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1607 and 19 more | 2026-02-26 | 7.8 High |
| Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-60715 | 1 Microsoft | 28 Remote, Windows, Windows 10 and 25 more | 2026-02-26 | 8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-60716 | 1 Microsoft | 20 Directx, Windows 10, Windows 10 1809 and 17 more | 2026-02-26 | 7 High |
| Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60717 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1809 and 17 more | 2026-02-26 | 7 High |
| Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60720 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2026-02-26 | 7.8 High |
| Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60724 | 1 Microsoft | 31 Graphics Component, Office, Office For Mac and 28 more | 2026-02-26 | 9.8 Critical |
| Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-62215 | 1 Microsoft | 19 Windows 10, Windows 10 1809, Windows 10 21h2 and 16 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62213 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2026-02-26 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2021-43890 | 1 Microsoft | 12 App Installer, Windows 10 1507, Windows 10 1709 and 9 more | 2026-02-25 | 7.1 High |
| We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Please see the Security Updates table for the link to the updated app. Alternatively you can download and install the Installer using the links provided in the FAQ section. Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability. December 27 2023 Update: In recent months, Microsoft Threat Intelligence has seen an increase in activity from threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme. To address this increase in activity, we have updated the App Installer to disable the ms-appinstaller protocol by default and recommend other potential mitigations. | ||||