Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Microsoft product.

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows 103578 vulnerabilities

Microsoft Windows Server 20163493 vulnerabilities

Microsoft Windows Server 20193347 vulnerabilities

Microsoft Windows Server 20122592 vulnerabilities

Microsoft Windows Server 20082489 vulnerabilities

Microsoft Windows 71793 vulnerabilities

Microsoft Windows 8.11693 vulnerabilities

Microsoft Windows Server 20221650 vulnerabilities

Microsoft Windows 111648 vulnerabilities

Microsoft Windows Rt 8 11561 vulnerabilities

Microsoft Windows 10 1507736 vulnerabilities

Microsoft Windows 11 23h2566 vulnerabilities

Microsoft Office457 vulnerabilities

Microsoft Internet Explorer (IE)424 vulnerabilities
Popular web browser for windows

Microsoft Windows Vista376 vulnerabilities

Microsoft Sharepoint Server362 vulnerabilities

Microsoft Windows XP324 vulnerabilities

Microsoft Windows Server283 vulnerabilities

Microsoft Windows Server 2003259 vulnerabilities

Microsoft Edge Browser258 vulnerabilities
Web Browser based on Chromium

Microsoft 365 Apps256 vulnerabilities

Microsoft Windows 11 24h2202 vulnerabilities

Microsoft Edge Chromium181 vulnerabilities

Microsoft Windows 2003 Server162 vulnerabilities

Microsoft Excel133 vulnerabilities
Spreadsheet Software

Microsoft Exchange Server125 vulnerabilities

Microsoft Windows 2000111 vulnerabilities

Microsoft Office Online Server104 vulnerabilities

Microsoft Visual Studio 201999 vulnerabilities

Microsoft Dynamics 36586 vulnerabilities

Microsoft Office 365 Proplus84 vulnerabilities

Microsoft Visual Studio 201783 vulnerabilities

Microsoft Visual Studio 202283 vulnerabilities

Microsoft Windows 10 21h182 vulnerabilities

Microsoft Word79 vulnerabilities

Microsoft Sql Server 201976 vulnerabilities

Microsoft Windows Server 202569 vulnerabilities

Microsoft Sql Server 201767 vulnerabilities

Microsoft Sql Server 201666 vulnerabilities

Microsoft Net63 vulnerabilities

Microsoft Outlook60 vulnerabilities

Microsoft Windows 855 vulnerabilities

Microsoft Office Web Apps55 vulnerabilities

Microsoft Windows Nt54 vulnerabilities

Microsoft Windows Server 20h251 vulnerabilities

Microsoft Visual Studio Code50 vulnerabilities
VSCode Developer IDE

Microsoft Sql Server 202246 vulnerabilities

Microsoft Windows Rt41 vulnerabilities

Microsoft Visual Studio40 vulnerabilities
Developer IDE

Microsoft SQL Server39 vulnerabilities
Database Server

Microsoft Azure Devops Server39 vulnerabilities

Microsoft Azure Site Recovery37 vulnerabilities

Microsoft Windows 10 190936 vulnerabilities

Microsoft Excel Viewer33 vulnerabilities

Microsoft ASP.NET Core31 vulnerabilities

Microsoft Windows Server 200427 vulnerabilities

Microsoft Windows 10 200425 vulnerabilities

Microsoft 3d Builder20 vulnerabilities

Microsoft Defender For Iot20 vulnerabilities

Microsoft Office Word Viewer20 vulnerabilities

Microsoft Windows Server 23h220 vulnerabilities

Microsoft Visio19 vulnerabilities

Microsoft Powershell19 vulnerabilities

Microsoft Remote Desktop16 vulnerabilities

Microsoft Teams15 vulnerabilities

Microsoft Word Viewer14 vulnerabilities

Microsoft Onedrive13 vulnerabilities

Microsoft Windows 10 151113 vulnerabilities

Microsoft Windows13 vulnerabilities

Microsoft Powerpoint13 vulnerabilities

Microsoft Lync12 vulnerabilities

Microsoft Windows Server 180312 vulnerabilities

Microsoft Windows 10 180312 vulnerabilities

Microsoft Raw Image Extension11 vulnerabilities

Microsoft Project11 vulnerabilities

Microsoft Skype For Business11 vulnerabilities

Microsoft 3d Viewer10 vulnerabilities

Microsoft Azure Stack Hub10 vulnerabilities

Microsoft Security Essentials10 vulnerabilities

Microsoft Azure Rtos Usbx10 vulnerabilities

Recent Microsoft Security Advisories

Advisory Title Published
CVE-2021-45985 CVE-2021-45985 Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read January 15, 2025
CVE-2025-0291 Chromium: CVE-2025-0291 Type Confusion in V8 January 14, 2025
CVE-2025-21245 CVE-2025-21245 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21409 CVE-2025-21409 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21240 CVE-2025-21240 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21223 CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21238 CVE-2025-21238 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21250 CVE-2025-21250 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21417 CVE-2025-21417 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21246 CVE-2025-21246 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025

Known Exploited Microsoft Vulnerabilities

The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
CVE-2025-21334 Exploit Probability: 0.1%
January 14, 2025
Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges.
CVE-2025-21333 Exploit Probability: 0.1%
January 14, 2025
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
CVE-2025-21335 Exploit Probability: 0.1%
January 14, 2025
Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.
CVE-2024-35250 Exploit Probability: 0.1%
December 16, 2024
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
CVE-2024-49138 Exploit Probability: 0.1%
December 10, 2024
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user.
CVE-2024-43451 Exploit Probability: 0.9%
November 12, 2024
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions.
CVE-2024-49039 Exploit Probability: 0.7%
November 12, 2024
Microsoft SharePoint Deserialization Vulnerability Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.
CVE-2024-38094 Exploit Probability: 0.6%
October 22, 2024
Microsoft Windows Kernel TOCTOU Race Condition Vulnerability Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation.
CVE-2024-30088 Exploit Probability: 0.7%
October 15, 2024
Microsoft Windows Management Console Remote Code Execution Vulnerability Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution.
CVE-2024-43572 Exploit Probability: 0.1%
October 8, 2024
Microsoft Windows MSHTML Platform Spoofing Vulnerability Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality.
CVE-2024-43573 Exploit Probability: 1.1%
October 8, 2024
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account.
CVE-2020-0618 Exploit Probability: 97.4%
September 18, 2024
Microsoft Windows MSHTML Platform Spoofing Vulnerability Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.
CVE-2024-43461 Exploit Probability: 2.5%
September 16, 2024
Microsoft Windows Update Remote Code Execution Vulnerability Microsoft Windows Update contains an unspecified vulnerability that allows for remote code execution.
CVE-2024-43491 Exploit Probability: 0.1%
September 10, 2024
Microsoft Publisher Security Feature Bypass Vulnerability Microsoft Publisher contains a security feature bypass vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.
CVE-2024-38226 Exploit Probability: 0.1%
September 10, 2024
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.
CVE-2024-38217 Exploit Probability: 0.6%
September 10, 2024
Microsoft Windows Installer Privilege Escalation Vulnerability Microsoft Windows Installer contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
CVE-2024-38014 Exploit Probability: 0.8%
September 10, 2024
Microsoft Exchange Server Information Disclosure Vulnerability Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.
CVE-2021-31196 Exploit Probability: 6.0%
August 21, 2024
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.
CVE-2024-38107 Exploit Probability: 0.0%
August 13, 2024
Microsoft Windows Kernel Privilege Escalation Vulnerability Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition.
CVE-2024-38106 Exploit Probability: 0.0%
August 13, 2024

The vulnerability CVE-2020-0618: Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.

Top 10 Riskiest Microsoft Vulnerabilities

Based on the current exploit probability, these Microsoft vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2019-0708 97.5% "BlueKeep" Microsoft Windows Remote Desktop Remote Code Execution Vulnerability
2 CVE-2015-1635 97.5% Microsoft HTTP.sys Remote Code Execution Vulnerability
3 CVE-2021-26855 97.5% Microsoft OWA Exchange Control Panel (ECP) Exploit Chain
4 CVE-2018-8120 97.5% Microsoft Win32k Privilege Escalation Vulnerability
5 CVE-2020-0796 97.5% Microsoft SMBv3 Remote Code Execution Vulnerability
6 CVE-2020-0646 97.4% Microsoft .NET Framework Remote Code Execution Vulnerability
7 CVE-2017-11882 97.4% Microsoft Office memory corruption vulnerability
8 CVE-2020-0618 97.4% Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
9 CVE-2021-38647 97.3% Microsoft Azure Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
10 CVE-2009-3129 97.3% Microsoft Excel Featheader Record Memory Corruption Vulnerability

By the Year

In 2025 there have been 162 vulnerabilities in Microsoft with an average score of 7.3 out of ten. Last year, in 2024 Microsoft had 1364 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Microsoft in 2025 could surpass last years number. Last year, the average CVE base score was greater by 0.29




Year Vulnerabilities Average Score
2025 162 7.27
2024 1364 7.56
2023 1465 7.27
2022 1299 7.44
2021 1112 7.45
2020 1207 7.26
2019 761 7.21
2018 580 6.89

It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Security Vulnerabilities

Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux

CVE-2024-50338 - January 14, 2025

Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git's documentation restricts the use of the NUL (`\0`) character and newlines to form part of the keys or values. When Git reads from standard input, it considers both LF and CRLF as newline characters for the credential protocol by virtue of calling `strbuf_getline` that calls to `strbuf_getdelim_strip_crlf`. Git also validates that a newline is not present in the value by checking for the presence of the line-feed character (LF, `\n`), and errors if this is the case. This captures both LF and CRLF-type newlines. Git Credential Manager uses the .NET standard library `StreamReader` class to read the standard input stream line-by-line and parse the `key=value` credential protocol format. The implementation of the `ReadLineAsync` method considers LF, CRLF, and CR as valid line endings. This is means that .NET considers a single CR as a valid newline character, whereas Git does not. This mismatch of newline treatment between Git and GCM means that an attacker can craft a malicious remote URL. When a user clones or otherwise interacts with a malicious repository that requires authentication, the attacker can capture credentials for another Git remote. The attack is also heightened when cloning from repositories with submodules when using the `--recursive` clone option as the user is not able to inspect the submodule remote URLs beforehand. This issue has been patched in version 2.6.1 and all users are advised to upgrade. Users unable to upgrade should only interact with trusted remote repositories, and not clone with `--recursive` to allow inspection of any submodule URLs before cloning those submodules.

Information Disclosure

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2025-21345 7.8 - High - January 14, 2025

Microsoft Office Visio Remote Code Execution Vulnerability

Dangling pointer

Microsoft Office OneNote Remote Code Execution Vulnerability

CVE-2025-21402 7.8 - High - January 14, 2025

Microsoft Office OneNote Remote Code Execution Vulnerability

Improper Restriction of Names for Files and Other Resources

Windows CSC Service Elevation of Privilege Vulnerability

CVE-2025-21378 7.8 - High - January 14, 2025

Windows CSC Service Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows CSC Service Information Disclosure Vulnerability

CVE-2025-21374 5.5 - Medium - January 14, 2025

Windows CSC Service Information Disclosure Vulnerability

Out-of-bounds Read

Microsoft Brokering File System Elevation of Privilege Vulnerability

CVE-2025-21372 7.8 - High - January 14, 2025

Microsoft Brokering File System Elevation of Privilege Vulnerability

Dangling pointer

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

CVE-2025-21370 7.8 - High - January 14, 2025

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Improper Input Validation

Microsoft Outlook Remote Code Execution Vulnerability

CVE-2025-21361 7.8 - High - January 14, 2025

Microsoft Outlook Remote Code Execution Vulnerability

Improper Restriction of Names for Files and Other Resources

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

CVE-2025-21360 7.8 - High - January 14, 2025

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Web Threat Defense User Service Information Disclosure Vulnerability

CVE-2025-21343 7.5 - High - January 14, 2025

Windows Web Threat Defense User Service Information Disclosure Vulnerability

Improper Privilege Management

Visual Studio Elevation of Privilege Vulnerability

CVE-2025-21405 7.3 - High - January 14, 2025

Visual Studio Elevation of Privilege Vulnerability

Authorization

On-Premises Data Gateway Information Disclosure Vulnerability

CVE-2025-21403 6.4 - Medium - January 14, 2025

On-Premises Data Gateway Information Disclosure Vulnerability

AuthZ

Microsoft Access Remote Code Execution Vulnerability

CVE-2025-21395 7.8 - High - January 14, 2025

Microsoft Access Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2025-21393 6.3 - Medium - January 14, 2025

Microsoft SharePoint Server Spoofing Vulnerability

XSS

Windows upnphost.dll Denial of Service Vulnerability

CVE-2025-21389 7.5 - High - January 14, 2025

Windows upnphost.dll Denial of Service Vulnerability

Resource Exhaustion

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2025-21382 7.8 - High - January 14, 2025

Windows Graphics Component Elevation of Privilege Vulnerability

Integer Overflow or Wraparound

Microsoft Access Remote Code Execution Vulnerability

CVE-2025-21366 7.8 - High - January 14, 2025

Microsoft Access Remote Code Execution Vulnerability

Dangling pointer

Microsoft Office Remote Code Execution Vulnerability

CVE-2025-21365 7.8 - High - January 14, 2025

Microsoft Office Remote Code Execution Vulnerability

Untrusted Path

Microsoft Excel Security Feature Bypass Vulnerability

CVE-2025-21364 7.8 - High - January 14, 2025

Microsoft Excel Security Feature Bypass Vulnerability

Marshaling, Unmarshaling

Microsoft Word Remote Code Execution Vulnerability

CVE-2025-21363 7.8 - High - January 14, 2025

Microsoft Word Remote Code Execution Vulnerability

Untrusted Pointer Dereference

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21362 8.4 - High - January 14, 2025

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Outlook Remote Code Execution Vulnerability

CVE-2025-21357 6.7 - Medium - January 14, 2025

Microsoft Outlook Remote Code Execution Vulnerability

Use of Uninitialized Resource

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2025-21356 7.8 - High - January 14, 2025

Microsoft Office Visio Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21354 8.4 - High - January 14, 2025

Microsoft Excel Remote Code Execution Vulnerability

Untrusted Pointer Dereference

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2025-21348 7.2 - High - January 14, 2025

Microsoft SharePoint Server Remote Code Execution Vulnerability

AuthZ

Microsoft Office Security Feature Bypass Vulnerability

CVE-2025-21346 7.1 - High - January 14, 2025

Microsoft Office Security Feature Bypass Vulnerability

Protection Mechanism Failure

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21411 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21413 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21409 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21417 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2025-21344 7.8 - High - January 14, 2025

Microsoft SharePoint Server Remote Code Execution Vulnerability

Improper Input Validation

.NET Elevation of Privilege Vulnerability

CVE-2025-21173 7.3 - High - January 14, 2025

.NET Elevation of Privilege Vulnerability

Creation of Temporary File in Directory with Insecure Permissions

MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21332 4.3 - Medium - January 14, 2025

MapUrlToZone Security Feature Bypass Vulnerability

Improper Resolution of Path Equivalence

Windows Security Account Manager (SAM) Denial of Service Vulnerability

CVE-2025-21313 6.5 - Medium - January 14, 2025

Windows Security Account Manager (SAM) Denial of Service Vulnerability

Deadlock

Windows Kerberos Denial of Service Vulnerability

CVE-2025-21218 7.5 - High - January 14, 2025

Windows Kerberos Denial of Service Vulnerability

Resource Exhaustion

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21245 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Out-of-bounds Read

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21223 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21238 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21240 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21250 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

CVE-2025-21340 5.5 - Medium - January 14, 2025

Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

Authorization

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21339 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

GDI+ Remote Code Execution Vulnerability

CVE-2025-21338 7.8 - High - January 14, 2025

GDI+ Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Cryptographic Information Disclosure Vulnerability

CVE-2025-21336 5.6 - Medium - January 14, 2025

Windows Cryptographic Information Disclosure Vulnerability

Windows Installer Elevation of Privilege Vulnerability

CVE-2025-21331 7.3 - High - January 14, 2025

Windows Installer Elevation of Privilege Vulnerability

insecure temporary file

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21324 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2025-21172 7.5 - High - January 14, 2025

.NET and Visual Studio Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Kernel Memory Information Disclosure Vulnerability

CVE-2025-21323 5.5 - Medium - January 14, 2025

Windows Kernel Memory Information Disclosure Vulnerability

Insertion of Sensitive Information into Log File

Windows Kernel Memory Information Disclosure Vulnerability

CVE-2025-21317 5.5 - Medium - January 14, 2025

Windows Kernel Memory Information Disclosure Vulnerability

Insertion of Sensitive Information into Log File

Windows Smart Card Reader Information Disclosure Vulnerability

CVE-2025-21312 2.4 - Low - January 14, 2025

Windows Smart Card Reader Information Disclosure Vulnerability

Use of Uninitialized Resource

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21310 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Themes Spoofing Vulnerability

CVE-2025-21308 6.5 - Medium - January 14, 2025

Windows Themes Spoofing Vulnerability

Information Disclosure

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

CVE-2025-21307 9.8 - Critical - January 14, 2025

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

Dangling pointer

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21305 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows upnphost.dll Denial of Service Vulnerability

CVE-2025-21300 7.5 - High - January 14, 2025

Windows upnphost.dll Denial of Service Vulnerability

Resource Exhaustion

Windows Search Service Elevation of Privilege Vulnerability

CVE-2025-21292 8.8 - High - January 14, 2025

Windows Search Service Elevation of Privilege Vulnerability

Code Injection

Windows Installer Elevation of Privilege Vulnerability

CVE-2025-21287 7.8 - High - January 14, 2025

Windows Installer Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21286 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows MapUrlToZone Denial of Service Vulnerability

CVE-2025-21276 7.5 - High - January 14, 2025

Windows MapUrlToZone Denial of Service Vulnerability

Integer underflow

Windows App Package Installer Elevation of Privilege Vulnerability

CVE-2025-21275 7.8 - High - January 14, 2025

Windows App Package Installer Elevation of Privilege Vulnerability

AuthZ

Windows Event Tracing Denial of Service Vulnerability

CVE-2025-21274 5.5 - Medium - January 14, 2025

Windows Event Tracing Denial of Service Vulnerability

insecure temporary file

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21273 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21189 4.3 - Medium - January 14, 2025

MapUrlToZone Security Feature Bypass Vulnerability

Improper Resolution of Path Equivalence

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21261 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21256 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21232 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

IP Helper Denial of Service Vulnerability

CVE-2025-21231 7.5 - High - January 14, 2025

IP Helper Denial of Service Vulnerability

Resource Exhaustion

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2025-21230 7.5 - High - January 14, 2025

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Improper Input Validation

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21229 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21228 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21227 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21226 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

CVE-2025-21225 5.9 - Medium - January 14, 2025

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Object Type Confusion

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

CVE-2025-21224 8.1 - High - January 14, 2025

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Dangling pointer

Secure Boot Security Feature Bypass Vulnerability

CVE-2025-21213 4.6 - Medium - January 14, 2025

Secure Boot Security Feature Bypass Vulnerability

Authorization

Secure Boot Security Feature Bypass Vulnerability

CVE-2025-21211 6.8 - Medium - January 14, 2025

Secure Boot Security Feature Bypass Vulnerability

Protection Mechanism Failure

Microsoft Access Remote Code Execution Vulnerability

CVE-2025-21186 7.8 - High - January 14, 2025

Microsoft Access Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft Power Automate Remote Code Execution Vulnerability

CVE-2025-21187 7.8 - High - January 14, 2025

Microsoft Power Automate Remote Code Execution Vulnerability

Code Injection

Windows Recovery Environment Agent Elevation of Privilege Vulnerability

CVE-2025-21202 6.1 - Medium - January 14, 2025

Windows Recovery Environment Agent Elevation of Privilege Vulnerability

Authorization

Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability

CVE-2025-21207 7.5 - High - January 14, 2025

Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability

Resource Exhaustion

Active Directory Federation Server Spoofing Vulnerability

CVE-2025-21193 6.5 - Medium - January 14, 2025

Active Directory Federation Server Spoofing Vulnerability

Session Riding

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVE-2025-21335 7.8 - High - January 14, 2025

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Dangling pointer

Microsoft Message Queuing Information Disclosure Vulnerability

CVE-2025-21220 7.5 - High - January 14, 2025

Microsoft Message Queuing Information Disclosure Vulnerability

Use of Uninitialized Resource

Windows Remote Desktop Services Denial of Service Vulnerability

CVE-2025-21330 7.5 - High - January 14, 2025

Windows Remote Desktop Services Denial of Service Vulnerability

Resource Exhaustion

MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21328 4.3 - Medium - January 14, 2025

MapUrlToZone Security Feature Bypass Vulnerability

Improper Resolution of Path Equivalence

MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21329 4.3 - Medium - January 14, 2025

MapUrlToZone Security Feature Bypass Vulnerability

Improper Resolution of Path Equivalence

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

CVE-2025-21278 6.2 - Medium - January 14, 2025

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Race Condition

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21246 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Out-of-bounds Read

Windows NTLM Spoofing Vulnerability

CVE-2025-21217 6.5 - Medium - January 14, 2025

Windows NTLM Spoofing Vulnerability

Protection Mechanism Failure

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVE-2025-21334 7.8 - High - January 14, 2025

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Dangling pointer

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVE-2025-21333 7.8 - High - January 14, 2025

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21341 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21219 4.3 - Medium - January 14, 2025

MapUrlToZone Security Feature Bypass Vulnerability

Improper Resolution of Path Equivalence

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21303 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2025-21277 7.5 - High - January 14, 2025

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Buffer Over-read

Windows HTML Platforms Security Feature Bypass Vulnerability

CVE-2025-21269 4.3 - Medium - January 14, 2025

Windows HTML Platforms Security Feature Bypass Vulnerability

Improper Resolution of Path Equivalence

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2025-21270 7.5 - High - January 14, 2025

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Resource Exhaustion

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2025-21271 7.8 - High - January 14, 2025

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Buffer Over-read

Windows COM Server Information Disclosure Vulnerability

CVE-2025-21272 6.5 - Medium - January 14, 2025

Windows COM Server Information Disclosure Vulnerability

Use of Uninitialized Resource

Microsoft COM for Windows Elevation of Privilege Vulnerability

CVE-2025-21281 7.8 - High - January 14, 2025

Microsoft COM for Windows Elevation of Privilege Vulnerability

Dangling pointer

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.