Microsoft Makers of the Windows Operating System and hundreds of products that run on it.
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Microsoft product.
Products by Microsoft Sorted by Most Security Vulnerabilities since 2018
Recent Microsoft Security Advisories
Advisory | Title | Published |
---|---|---|
CVE-2021-45985 | CVE-2021-45985 Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read | January 15, 2025 |
CVE-2025-0291 | Chromium: CVE-2025-0291 Type Confusion in V8 | January 14, 2025 |
CVE-2025-21245 | CVE-2025-21245 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21409 | CVE-2025-21409 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21240 | CVE-2025-21240 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21223 | CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21238 | CVE-2025-21238 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21250 | CVE-2025-21250 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21417 | CVE-2025-21417 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21246 | CVE-2025-21246 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
Known Exploited Microsoft Vulnerabilities
The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability |
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges. CVE-2025-21334 Exploit Probability: 0.1% |
January 14, 2025 |
Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability |
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges. CVE-2025-21333 Exploit Probability: 0.1% |
January 14, 2025 |
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability |
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges. CVE-2025-21335 Exploit Probability: 0.1% |
January 14, 2025 |
Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability |
Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges. CVE-2024-35250 Exploit Probability: 0.1% |
December 16, 2024 |
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability |
Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges. CVE-2024-49138 Exploit Probability: 0.1% |
December 10, 2024 |
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability |
Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user. CVE-2024-43451 Exploit Probability: 0.9% |
November 12, 2024 |
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability |
Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions. CVE-2024-49039 Exploit Probability: 0.7% |
November 12, 2024 |
Microsoft SharePoint Deserialization Vulnerability |
Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution. CVE-2024-38094 Exploit Probability: 0.6% |
October 22, 2024 |
Microsoft Windows Kernel TOCTOU Race Condition Vulnerability |
Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation. CVE-2024-30088 Exploit Probability: 0.7% |
October 15, 2024 |
Microsoft Windows Management Console Remote Code Execution Vulnerability |
Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution. CVE-2024-43572 Exploit Probability: 0.1% |
October 8, 2024 |
Microsoft Windows MSHTML Platform Spoofing Vulnerability |
Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality. CVE-2024-43573 Exploit Probability: 1.1% |
October 8, 2024 |
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability |
Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account. CVE-2020-0618 Exploit Probability: 97.4% |
September 18, 2024 |
Microsoft Windows MSHTML Platform Spoofing Vulnerability |
Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112. CVE-2024-43461 Exploit Probability: 2.5% |
September 16, 2024 |
Microsoft Windows Update Remote Code Execution Vulnerability |
Microsoft Windows Update contains an unspecified vulnerability that allows for remote code execution. CVE-2024-43491 Exploit Probability: 0.1% |
September 10, 2024 |
Microsoft Publisher Security Feature Bypass Vulnerability |
Microsoft Publisher contains a security feature bypass vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2024-38226 Exploit Probability: 0.1% |
September 10, 2024 |
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability |
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. CVE-2024-38217 Exploit Probability: 0.6% |
September 10, 2024 |
Microsoft Windows Installer Privilege Escalation Vulnerability |
Microsoft Windows Installer contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. CVE-2024-38014 Exploit Probability: 0.8% |
September 10, 2024 |
Microsoft Exchange Server Information Disclosure Vulnerability |
Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution. CVE-2021-31196 Exploit Probability: 6.0% |
August 21, 2024 |
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability |
Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges. CVE-2024-38107 Exploit Probability: 0.0% |
August 13, 2024 |
Microsoft Windows Kernel Privilege Escalation Vulnerability |
Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition. CVE-2024-38106 Exploit Probability: 0.0% |
August 13, 2024 |
The vulnerability CVE-2020-0618: Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.
Top 10 Riskiest Microsoft Vulnerabilities
Based on the current exploit probability, these Microsoft vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
Rank | CVE | EPSS | Vulnerability |
---|---|---|---|
1 | CVE-2019-0708 | 97.5% | "BlueKeep" Microsoft Windows Remote Desktop Remote Code Execution Vulnerability |
2 | CVE-2015-1635 | 97.5% | Microsoft HTTP.sys Remote Code Execution Vulnerability |
3 | CVE-2021-26855 | 97.5% | Microsoft OWA Exchange Control Panel (ECP) Exploit Chain |
4 | CVE-2018-8120 | 97.5% | Microsoft Win32k Privilege Escalation Vulnerability |
5 | CVE-2020-0796 | 97.5% | Microsoft SMBv3 Remote Code Execution Vulnerability |
6 | CVE-2020-0646 | 97.4% | Microsoft .NET Framework Remote Code Execution Vulnerability |
7 | CVE-2017-11882 | 97.4% | Microsoft Office memory corruption vulnerability |
8 | CVE-2020-0618 | 97.4% | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability |
9 | CVE-2021-38647 | 97.3% | Microsoft Azure Open Management Infrastructure (OMI) Remote Code Execution Vulnerability |
10 | CVE-2009-3129 | 97.3% | Microsoft Excel Featheader Record Memory Corruption Vulnerability |
By the Year
In 2025 there have been 162 vulnerabilities in Microsoft with an average score of 7.3 out of ten. Last year, in 2024 Microsoft had 1364 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Microsoft in 2025 could surpass last years number. Last year, the average CVE base score was greater by 0.29
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 162 | 7.27 |
2024 | 1364 | 7.56 |
2023 | 1465 | 7.27 |
2022 | 1299 | 7.44 |
2021 | 1112 | 7.45 |
2020 | 1207 | 7.26 |
2019 | 761 | 7.21 |
2018 | 580 | 6.89 |
It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Security Vulnerabilities
Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux
CVE-2024-50338
- January 14, 2025
Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git's documentation restricts the use of the NUL (`\0`) character and newlines to form part of the keys or values. When Git reads from standard input, it considers both LF and CRLF as newline characters for the credential protocol by virtue of calling `strbuf_getline` that calls to `strbuf_getdelim_strip_crlf`. Git also validates that a newline is not present in the value by checking for the presence of the line-feed character (LF, `\n`), and errors if this is the case. This captures both LF and CRLF-type newlines. Git Credential Manager uses the .NET standard library `StreamReader` class to read the standard input stream line-by-line and parse the `key=value` credential protocol format. The implementation of the `ReadLineAsync` method considers LF, CRLF, and CR as valid line endings. This is means that .NET considers a single CR as a valid newline character, whereas Git does not. This mismatch of newline treatment between Git and GCM means that an attacker can craft a malicious remote URL. When a user clones or otherwise interacts with a malicious repository that requires authentication, the attacker can capture credentials for another Git remote. The attack is also heightened when cloning from repositories with submodules when using the `--recursive` clone option as the user is not able to inspect the submodule remote URLs beforehand. This issue has been patched in version 2.6.1 and all users are advised to upgrade. Users unable to upgrade should only interact with trusted remote repositories, and not clone with `--recursive` to allow inspection of any submodule URLs before cloning those submodules.
Information Disclosure
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21345
7.8 - High
- January 14, 2025
Microsoft Office Visio Remote Code Execution Vulnerability
Dangling pointer
Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2025-21402
7.8 - High
- January 14, 2025
Microsoft Office OneNote Remote Code Execution Vulnerability
Improper Restriction of Names for Files and Other Resources
Windows CSC Service Elevation of Privilege Vulnerability
CVE-2025-21378
7.8 - High
- January 14, 2025
Windows CSC Service Elevation of Privilege Vulnerability
Heap-based Buffer Overflow
Windows CSC Service Information Disclosure Vulnerability
CVE-2025-21374
5.5 - Medium
- January 14, 2025
Windows CSC Service Information Disclosure Vulnerability
Out-of-bounds Read
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21372
7.8 - High
- January 14, 2025
Microsoft Brokering File System Elevation of Privilege Vulnerability
Dangling pointer
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2025-21370
7.8 - High
- January 14, 2025
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
Improper Input Validation
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21361
7.8 - High
- January 14, 2025
Microsoft Outlook Remote Code Execution Vulnerability
Improper Restriction of Names for Files and Other Resources
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2025-21360
7.8 - High
- January 14, 2025
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Improper Privilege Management
Windows Web Threat Defense User Service Information Disclosure Vulnerability
CVE-2025-21343
7.5 - High
- January 14, 2025
Windows Web Threat Defense User Service Information Disclosure Vulnerability
Improper Privilege Management
Visual Studio Elevation of Privilege Vulnerability
CVE-2025-21405
7.3 - High
- January 14, 2025
Visual Studio Elevation of Privilege Vulnerability
Authorization
On-Premises Data Gateway Information Disclosure Vulnerability
CVE-2025-21403
6.4 - Medium
- January 14, 2025
On-Premises Data Gateway Information Disclosure Vulnerability
AuthZ
Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21395
7.8 - High
- January 14, 2025
Microsoft Access Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2025-21393
6.3 - Medium
- January 14, 2025
Microsoft SharePoint Server Spoofing Vulnerability
XSS
Windows upnphost.dll Denial of Service Vulnerability
CVE-2025-21389
7.5 - High
- January 14, 2025
Windows upnphost.dll Denial of Service Vulnerability
Resource Exhaustion
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-21382
7.8 - High
- January 14, 2025
Windows Graphics Component Elevation of Privilege Vulnerability
Integer Overflow or Wraparound
Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21366
7.8 - High
- January 14, 2025
Microsoft Access Remote Code Execution Vulnerability
Dangling pointer
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21365
7.8 - High
- January 14, 2025
Microsoft Office Remote Code Execution Vulnerability
Untrusted Path
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2025-21364
7.8 - High
- January 14, 2025
Microsoft Excel Security Feature Bypass Vulnerability
Marshaling, Unmarshaling
Microsoft Word Remote Code Execution Vulnerability
CVE-2025-21363
7.8 - High
- January 14, 2025
Microsoft Word Remote Code Execution Vulnerability
Untrusted Pointer Dereference
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21362
8.4 - High
- January 14, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21357
6.7 - Medium
- January 14, 2025
Microsoft Outlook Remote Code Execution Vulnerability
Use of Uninitialized Resource
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21356
7.8 - High
- January 14, 2025
Microsoft Office Visio Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21354
8.4 - High
- January 14, 2025
Microsoft Excel Remote Code Execution Vulnerability
Untrusted Pointer Dereference
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21348
7.2 - High
- January 14, 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
AuthZ
Microsoft Office Security Feature Bypass Vulnerability
CVE-2025-21346
7.1 - High
- January 14, 2025
Microsoft Office Security Feature Bypass Vulnerability
Protection Mechanism Failure
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21411
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21413
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21409
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21417
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21344
7.8 - High
- January 14, 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
Improper Input Validation
.NET Elevation of Privilege Vulnerability
CVE-2025-21173
7.3 - High
- January 14, 2025
.NET Elevation of Privilege Vulnerability
Creation of Temporary File in Directory with Insecure Permissions
MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21332
4.3 - Medium
- January 14, 2025
MapUrlToZone Security Feature Bypass Vulnerability
Improper Resolution of Path Equivalence
Windows Security Account Manager (SAM) Denial of Service Vulnerability
CVE-2025-21313
6.5 - Medium
- January 14, 2025
Windows Security Account Manager (SAM) Denial of Service Vulnerability
Deadlock
Windows Kerberos Denial of Service Vulnerability
CVE-2025-21218
7.5 - High
- January 14, 2025
Windows Kerberos Denial of Service Vulnerability
Resource Exhaustion
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21245
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Out-of-bounds Read
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21223
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21238
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21240
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21250
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
CVE-2025-21340
5.5 - Medium
- January 14, 2025
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Authorization
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21339
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
GDI+ Remote Code Execution Vulnerability
CVE-2025-21338
7.8 - High
- January 14, 2025
GDI+ Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Windows Cryptographic Information Disclosure Vulnerability
CVE-2025-21336
5.6 - Medium
- January 14, 2025
Windows Cryptographic Information Disclosure Vulnerability
Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21331
7.3 - High
- January 14, 2025
Windows Installer Elevation of Privilege Vulnerability
insecure temporary file
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21324
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21172
7.5 - High
- January 14, 2025
.NET and Visual Studio Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21323
5.5 - Medium
- January 14, 2025
Windows Kernel Memory Information Disclosure Vulnerability
Insertion of Sensitive Information into Log File
Windows Kernel Memory Information Disclosure Vulnerability
CVE-2025-21317
5.5 - Medium
- January 14, 2025
Windows Kernel Memory Information Disclosure Vulnerability
Insertion of Sensitive Information into Log File
Windows Smart Card Reader Information Disclosure Vulnerability
CVE-2025-21312
2.4 - Low
- January 14, 2025
Windows Smart Card Reader Information Disclosure Vulnerability
Use of Uninitialized Resource
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21310
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
Windows Themes Spoofing Vulnerability
CVE-2025-21308
6.5 - Medium
- January 14, 2025
Windows Themes Spoofing Vulnerability
Information Disclosure
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVE-2025-21307
9.8 - Critical
- January 14, 2025
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
Dangling pointer
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21305
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows upnphost.dll Denial of Service Vulnerability
CVE-2025-21300
7.5 - High
- January 14, 2025
Windows upnphost.dll Denial of Service Vulnerability
Resource Exhaustion
Windows Search Service Elevation of Privilege Vulnerability
CVE-2025-21292
8.8 - High
- January 14, 2025
Windows Search Service Elevation of Privilege Vulnerability
Code Injection
Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21287
7.8 - High
- January 14, 2025
Windows Installer Elevation of Privilege Vulnerability
Improper Privilege Management
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21286
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows MapUrlToZone Denial of Service Vulnerability
CVE-2025-21276
7.5 - High
- January 14, 2025
Windows MapUrlToZone Denial of Service Vulnerability
Integer underflow
Windows App Package Installer Elevation of Privilege Vulnerability
CVE-2025-21275
7.8 - High
- January 14, 2025
Windows App Package Installer Elevation of Privilege Vulnerability
AuthZ
Windows Event Tracing Denial of Service Vulnerability
CVE-2025-21274
5.5 - Medium
- January 14, 2025
Windows Event Tracing Denial of Service Vulnerability
insecure temporary file
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21273
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21189
4.3 - Medium
- January 14, 2025
MapUrlToZone Security Feature Bypass Vulnerability
Improper Resolution of Path Equivalence
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21261
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21256
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21232
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
IP Helper Denial of Service Vulnerability
CVE-2025-21231
7.5 - High
- January 14, 2025
IP Helper Denial of Service Vulnerability
Resource Exhaustion
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21230
7.5 - High
- January 14, 2025
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Improper Input Validation
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21229
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21228
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21227
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21226
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21225
5.9 - Medium
- January 14, 2025
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Object Type Confusion
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2025-21224
8.1 - High
- January 14, 2025
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
Dangling pointer
Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21213
4.6 - Medium
- January 14, 2025
Secure Boot Security Feature Bypass Vulnerability
Authorization
Secure Boot Security Feature Bypass Vulnerability
CVE-2025-21211
6.8 - Medium
- January 14, 2025
Secure Boot Security Feature Bypass Vulnerability
Protection Mechanism Failure
Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21186
7.8 - High
- January 14, 2025
Microsoft Access Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Power Automate Remote Code Execution Vulnerability
CVE-2025-21187
7.8 - High
- January 14, 2025
Microsoft Power Automate Remote Code Execution Vulnerability
Code Injection
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
CVE-2025-21202
6.1 - Medium
- January 14, 2025
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
Authorization
Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
CVE-2025-21207
7.5 - High
- January 14, 2025
Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
Resource Exhaustion
Active Directory Federation Server Spoofing Vulnerability
CVE-2025-21193
6.5 - Medium
- January 14, 2025
Active Directory Federation Server Spoofing Vulnerability
Session Riding
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21335
7.8 - High
- January 14, 2025
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Dangling pointer
Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2025-21220
7.5 - High
- January 14, 2025
Microsoft Message Queuing Information Disclosure Vulnerability
Use of Uninitialized Resource
Windows Remote Desktop Services Denial of Service Vulnerability
CVE-2025-21330
7.5 - High
- January 14, 2025
Windows Remote Desktop Services Denial of Service Vulnerability
Resource Exhaustion
MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21328
4.3 - Medium
- January 14, 2025
MapUrlToZone Security Feature Bypass Vulnerability
Improper Resolution of Path Equivalence
MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21329
4.3 - Medium
- January 14, 2025
MapUrlToZone Security Feature Bypass Vulnerability
Improper Resolution of Path Equivalence
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21278
6.2 - Medium
- January 14, 2025
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Race Condition
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21246
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Out-of-bounds Read
Windows NTLM Spoofing Vulnerability
CVE-2025-21217
6.5 - Medium
- January 14, 2025
Windows NTLM Spoofing Vulnerability
Protection Mechanism Failure
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21334
7.8 - High
- January 14, 2025
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Dangling pointer
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21333
7.8 - High
- January 14, 2025
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Heap-based Buffer Overflow
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21341
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21219
4.3 - Medium
- January 14, 2025
MapUrlToZone Security Feature Bypass Vulnerability
Improper Resolution of Path Equivalence
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21303
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21277
7.5 - High
- January 14, 2025
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Buffer Over-read
Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2025-21269
4.3 - Medium
- January 14, 2025
Windows HTML Platforms Security Feature Bypass Vulnerability
Improper Resolution of Path Equivalence
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21270
7.5 - High
- January 14, 2025
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Resource Exhaustion
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2025-21271
7.8 - High
- January 14, 2025
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Buffer Over-read
Windows COM Server Information Disclosure Vulnerability
CVE-2025-21272
6.5 - Medium
- January 14, 2025
Windows COM Server Information Disclosure Vulnerability
Use of Uninitialized Resource
Microsoft COM for Windows Elevation of Privilege Vulnerability
CVE-2025-21281
7.8 - High
- January 14, 2025
Microsoft COM for Windows Elevation of Privilege Vulnerability
Dangling pointer