Microsoft Windows 10
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows 10.
Recent Microsoft Windows 10 Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2021-42297 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | November 16, 2021 |
| CVE-2021-43211 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | November 16, 2021 |
| CVE-2021-36945 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | August 10, 2021 |
By the Year
In 2025 there have been 602 vulnerabilities in Microsoft Windows 10 with an average score of 7.2 out of ten. Last year, in 2024 Windows 10 had 528 security vulnerabilities published. That is, 74 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 0.15
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 602 | 7.21 |
| 2024 | 528 | 7.36 |
| 2023 | 525 | 7.53 |
| 2022 | 525 | 7.42 |
| 2021 | 488 | 7.35 |
| 2020 | 808 | 7.37 |
| 2019 | 450 | 7.27 |
| 2018 | 259 | 6.58 |
It may take a day or so for new Windows 10 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows 10 Security Vulnerabilities
Nov 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-62213
7 - High
- November 11, 2025
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Nov 2025: Windows Kernel Elevation of Privilege Vulnerability
CVE-2025-62215
7 - High
- November 11, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
Race Condition
Nov 2025: Windows License Manager Information Disclosure Vulnerability
CVE-2025-62209
5.5 - Medium
- November 11, 2025
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
Insertion of Sensitive Information into Log File
Nov 2025: Windows License Manager Information Disclosure Vulnerability
CVE-2025-62208
5.5 - Medium
- November 11, 2025
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
Insertion of Sensitive Information into Log File
Nov 2025: DirectX Graphics Kernel Denial of Service Vulnerability
CVE-2025-60723
6.3 - Medium
- November 11, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network.
Race Condition
Nov 2025: GDI+ Remote Code Execution Vulnerability
CVE-2025-60724
9.8 - Critical
- November 11, 2025
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Nov 2025: Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnera
CVE-2025-60720
7.8 - High
- November 11, 2025
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
Buffer Over-read
Nov 2025: Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
CVE-2025-60717
7 - High
- November 11, 2025
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.
Dangling pointer
Nov 2025: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2025-60716
7 - High
- November 11, 2025
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
Dangling pointer
Nov 2025: Windows OLE Remote Code Execution Vulnerability
CVE-2025-60714
7.8 - High
- November 11, 2025
Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Nov 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-60715
8 - High
- November 11, 2025
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Heap-based Buffer Overflow
Nov 2025: Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
CVE-2025-59515
7 - High
- November 11, 2025
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.
Dangling pointer
Nov 2025: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
CVE-2025-59514
7.8 - High
- November 11, 2025
Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
Improper Privilege Management
Nov 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-62452
8 - High
- November 11, 2025
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Heap-based Buffer Overflow
Nov 2025: Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
CVE-2025-62219
7 - High
- November 11, 2025
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.
Double-free
Nov 2025: Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
CVE-2025-62218
7 - High
- November 11, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.
Race Condition
Nov 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-62217
7 - High
- November 11, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Race Condition
Nov 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-60719
7 - High
- November 11, 2025
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Untrusted Pointer Dereference
Nov 2025: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-60709
7.8 - High
- November 11, 2025
Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Out-of-bounds Read
Nov 2025: Storvsp.sys Driver Denial of Service Vulnerability
CVE-2025-60708
6.5 - Medium
- November 11, 2025
Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.
Untrusted Pointer Dereference
Nov 2025: Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability
CVE-2025-60707
7.8 - High
- November 11, 2025
Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.
Dangling pointer
Nov 2025: Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2025-60705
7.8 - High
- November 11, 2025
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
Authorization
Nov 2025: Windows Hyper-V Information Disclosure Vulnerability
CVE-2025-60706
5.5 - Medium
- November 11, 2025
Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Nov 2025: Windows Kerberos Elevation of Privilege Vulnerability
CVE-2025-60704
7.5 - High
- November 11, 2025
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.
Missing Cryptographic Step
Nov 2025: Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability
CVE-2025-59513
5.5 - Medium
- November 11, 2025
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Nov 2025: Windows Remote Desktop Services Elevation of Privilege Vulnerability
CVE-2025-60703
7.8 - High
- November 11, 2025
Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Untrusted Pointer Dereference
Nov 2025: Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2025-59511
7.8 - High
- November 11, 2025
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
External Control of File Name or Path
Nov 2025: Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability
CVE-2025-59512
7.8 - High
- November 11, 2025
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
Authorization
Nov 2025: Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability
CVE-2025-59510
5.5 - Medium
- November 11, 2025
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.
insecure temporary file
Nov 2025: Windows Speech Recognition Information Disclosure Vulnerability
CVE-2025-59509
5.5 - Medium
- November 11, 2025
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
Insertion of Sensitive Information Into Sent Data
Nov 2025: Windows Speech Recognition Elevation of Privilege Vulnerability
CVE-2025-59508
7 - High
- November 11, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
Race Condition
Nov 2025: Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2025-59507
7 - High
- November 11, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
Race Condition
Nov 2025: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2025-59506
7 - High
- November 11, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
Race Condition
Nov 2025: Windows Smart Card Reader Elevation of Privilege Vulnerability
CVE-2025-59505
7.8 - High
- November 11, 2025
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.
Double-free
Oct 2025: Windows Bluetooth Service Elevation of Privilege Vulnerability
CVE-2025-59289
7 - High
- October 14, 2025
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
Double-free
Oct 2025: Windows Authentication Elevation of Privilege Vulnerability
CVE-2025-59278
7.8 - High
- October 14, 2025
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
Improper Validation of Specified Type of Input
Oct 2025: Windows Authentication Elevation of Privilege Vulnerability
CVE-2025-59275
7.8 - High
- October 14, 2025
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
Improper Validation of Specified Type of Input
Oct 2025: Windows Search Service Denial of Service Vulnerability
CVE-2025-59253
5.5 - Medium
- October 14, 2025
Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
Authorization
Oct 2025: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2025-59230
7.8 - High
- October 14, 2025
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Authorization
Oct 2025: NTLM Hash Disclosure Spoofing Vulnerability
CVE-2025-59244
6.5 - Medium
- October 14, 2025
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
External Control of File Name or Path
Oct 2025: Microsoft Windows File Explorer Spoofing Vulnerability
CVE-2025-59214
6.5 - Medium
- October 14, 2025
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
Information Disclosure
Oct 2025: Windows Push Notification Information Disclosure Vulnerability
CVE-2025-59209
5.5 - Medium
- October 14, 2025
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.
Information Disclosure
Oct 2025: Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-59205
7 - High
- October 14, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Race Condition
Oct 2025: Windows MapUrlToZone Information Disclosure Vulnerability
CVE-2025-59208
7.1 - High
- October 14, 2025
Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Oct 2025: Windows Search Service Denial of Service Vulnerability
CVE-2025-59198
5 - Medium
- October 14, 2025
Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
Improper Input Validation
Oct 2025: Windows State Repository API Server File Information Disclosure Vulnerability
CVE-2025-59203
5.5 - Medium
- October 14, 2025
Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.
Insertion of Sensitive Information into Log File
Oct 2025: Windows ETL Channel Information Disclosure Vulnerability
CVE-2025-59197
5.5 - Medium
- October 14, 2025
Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.
Insertion of Sensitive Information into Log File
Oct 2025: Windows Management Services Elevation of Privilege Vulnerability
CVE-2025-59193
7 - High
- October 14, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
Race Condition
Oct 2025: Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2025-59191
7.8 - High
- October 14, 2025
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Oct 2025: Storport.sys Driver Elevation of Privilege Vulnerability
CVE-2025-59192
7.8 - High
- October 14, 2025
Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.
Buffer Over-read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows 10 or by Microsoft? Click the Watch button to subscribe.
