Windows 10 Microsoft Windows 10

stack.watch can email you when security vulnerabilities are reported in Microsoft Windows 10. You can add multiple products that you use with Windows 10 to create your own personal software stack watcher.

By the Year

In 2021 there have been 92 vulnerabilities in Microsoft Windows 10 with an average score of 7.5 out of ten. Last year Windows 10 had 802 security vulnerabilities published. Right now, Windows 10 is on track to have less security vulnerabilities in 2021 than it did last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.13.

Year Vulnerabilities Average Score
2021 92 7.55
2020 802 7.42
2019 448 7.37
2018 257 6.58

It may take a day or so for new Windows 10 vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft Windows 10 Security Vulnerabilities

Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1732 7.8 - High - February 25, 2021

Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.

CVE-2021-1732 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Camera Codec Pack Remote Code Execution Vulnerability

CVE-2021-24091 8.8 - High - February 25, 2021

Windows Camera Codec Pack Remote Code Execution Vulnerability

CVE-2021-24091 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

Windows Mobile Device Management Information Disclosure Vulnerability

CVE-2021-24084 5.5 - Medium - February 25, 2021

Windows Mobile Device Management Information Disclosure Vulnerability

CVE-2021-24084 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Windows Installer Elevation of Privilege Vulnerability

CVE-2021-1727 7.8 - High - February 25, 2021

Windows Installer Elevation of Privilege Vulnerability

CVE-2021-1727 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Address Book Remote Code Execution Vulnerability

CVE-2021-24083 7.8 - High - February 25, 2021

Windows Address Book Remote Code Execution Vulnerability

CVE-2021-24083 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-24103 7.8 - High - February 25, 2021

Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24102.

CVE-2021-24103 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Graphics Component Remote Code Execution Vulnerability

CVE-2021-24093 8.8 - High - February 25, 2021

Windows Graphics Component Remote Code Execution Vulnerability

CVE-2021-24093 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Backup Engine Information Disclosure Vulnerability

CVE-2021-24079 5.5 - Medium - February 25, 2021

Windows Backup Engine Information Disclosure Vulnerability

CVE-2021-24079 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Windows Remote Procedure Call Information Disclosure Vulnerability

CVE-2021-1734 7.5 - High - February 25, 2021

Windows Remote Procedure Call Information Disclosure Vulnerability

CVE-2021-1734 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1722 9.8 - Critical - February 25, 2021

Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24077.

CVE-2021-1722 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Windows Local Spooler Remote Code Execution Vulnerability

CVE-2021-24088 8.8 - High - February 25, 2021

Windows Local Spooler Remote Code Execution Vulnerability

CVE-2021-24088 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-24074 9.8 - Critical - February 25, 2021

Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24094.

CVE-2021-24074 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Microsoft Windows Codecs Library Remote Code Execution Vulnerability

CVE-2021-24081 7.8 - High - February 25, 2021

Microsoft Windows Codecs Library Remote Code Execution Vulnerability

CVE-2021-24081 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-24094 9.8 - Critical - February 25, 2021

Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24074.

CVE-2021-24094 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Windows DirectX Information Disclosure Vulnerability

CVE-2021-24106 5.5 - Medium - February 25, 2021

Windows DirectX Information Disclosure Vulnerability

CVE-2021-24106 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

PFX Encryption Security Feature Bypass Vulnerability

CVE-2021-1731 5.5 - Medium - February 25, 2021

PFX Encryption Security Feature Bypass Vulnerability

CVE-2021-1731 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-24102 7.8 - High - February 25, 2021

Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24103.

CVE-2021-24102 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-24077 9.8 - Critical - February 25, 2021

Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1722.

CVE-2021-24077 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Windows Trust Verification API Denial of Service Vulnerability

CVE-2021-24080 6.5 - Medium - February 25, 2021

Windows Trust Verification API Denial of Service Vulnerability

CVE-2021-24080 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1698 7.8 - High - February 25, 2021

Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1732.

CVE-2021-1698 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Microsoft Windows Security Feature Bypass Vulnerability

CVE-2020-17162 8.8 - High - February 25, 2021

Microsoft Windows Security Feature Bypass Vulnerability

CVE-2020-17162 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability

CVE-2021-24082 6.5 - Medium - February 25, 2021

Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability

CVE-2021-24082 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Console Driver Denial of Service Vulnerability

CVE-2021-24098 5.5 - Medium - February 25, 2021

Windows Console Driver Denial of Service Vulnerability

CVE-2021-24098 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Windows Network File System Denial of Service Vulnerability

CVE-2021-24075 6.8 - Medium - February 25, 2021

Windows Network File System Denial of Service Vulnerability

CVE-2021-24075 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Windows Kernel Elevation of Privilege Vulnerability

CVE-2021-24096 7.8 - High - February 25, 2021

Windows Kernel Elevation of Privilege Vulnerability

CVE-2021-24096 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows TCP/IP Denial of Service Vulnerability

CVE-2021-24086 7.5 - High - February 25, 2021

Windows TCP/IP Denial of Service Vulnerability

CVE-2021-24086 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Windows PKU2U Elevation of Privilege Vulnerability

CVE-2021-25195 7.8 - High - February 25, 2021

Windows PKU2U Elevation of Privilege Vulnerability

CVE-2021-25195 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Microsoft Windows VMSwitch Information Disclosure Vulnerability

CVE-2021-24076 5.5 - Medium - February 25, 2021

Microsoft Windows VMSwitch Information Disclosure Vulnerability

CVE-2021-24076 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Microsoft SharePoint Spoofing Vulnerability

CVE-2021-1726 8 - High - February 25, 2021

Microsoft SharePoint Spoofing Vulnerability

CVE-2021-1726 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2021-1704 7.8 - High - January 12, 2021

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2021-1704 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1693 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688.

CVE-2021-1693 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique

CVE-2021-1670 5.5 - Medium - January 12, 2021

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1663, CVE-2021-1672.

CVE-2021-1670 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows DNS Query Information Disclosure Vulnerability

CVE-2021-1637 5.5 - Medium - January 12, 2021

Windows DNS Query Information Disclosure Vulnerability

CVE-2021-1637 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Microsoft splwow64 Elevation of Privilege Vulnerability

CVE-2021-1648 7.8 - High - January 12, 2021

Microsoft splwow64 Elevation of Privilege Vulnerability

CVE-2021-1648 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique

CVE-2021-1683 5.5 - Medium - January 12, 2021

Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1638, CVE-2021-1684.

CVE-2021-1683 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Event Tracing Elevation of Privilege Vulnerability

CVE-2021-1662 7.8 - High - January 12, 2021

Windows Event Tracing Elevation of Privilege Vulnerability

CVE-2021-1662 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Docker Information Disclosure Vulnerability

CVE-2021-1645 5.5 - Medium - January 12, 2021

Windows Docker Information Disclosure Vulnerability

CVE-2021-1645 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique

CVE-2021-1672 5.5 - Medium - January 12, 2021

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1663, CVE-2021-1670.

CVE-2021-1672 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1652 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1652 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Hyper-V Denial of Service Vulnerability This CVE ID is unique

CVE-2021-1692 7.7 - High - January 12, 2021

Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-1691.

CVE-2021-1692 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 3.1 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1680 7.8 - High - January 12, 2021

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1651.

CVE-2021-1680 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1655 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1655 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability

CVE-2021-1674 8.8 - High - January 12, 2021

Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability

CVE-2021-1674 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows LUAFV Elevation of Privilege Vulnerability

CVE-2021-1706 8.8 - High - January 12, 2021

Windows LUAFV Elevation of Privilege Vulnerability

CVE-2021-1706 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability

CVE-2021-1676 5.5 - Medium - January 12, 2021

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability

CVE-2021-1676 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1685 7.8 - High - January 12, 2021

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1642.

CVE-2021-1685 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1690 7.8 - High - January 12, 2021

Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1681, CVE-2021-1686, CVE-2021-1687.

CVE-2021-1690 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows CryptoAPI Denial of Service Vulnerability

CVE-2021-1679 6.5 - Medium - January 12, 2021

Windows CryptoAPI Denial of Service Vulnerability

CVE-2021-1679 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Windows InstallService Elevation of Privilege Vulnerability

CVE-2021-1697 7.8 - High - January 12, 2021

Windows InstallService Elevation of Privilege Vulnerability

CVE-2021-1697 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

NTLM Security Feature Bypass Vulnerability

CVE-2021-1678 7.5 - High - January 12, 2021

NTLM Security Feature Bypass Vulnerability

CVE-2021-1678 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1673 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1673 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Remote Desktop Security Feature Bypass Vulnerability

CVE-2021-1669 8.8 - High - January 12, 2021

Windows Remote Desktop Security Feature Bypass Vulnerability

CVE-2021-1669 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

AuthZ

Windows Installer Elevation of Privilege Vulnerability

CVE-2021-1661 7.8 - High - January 12, 2021

Windows Installer Elevation of Privilege Vulnerability

CVE-2021-1661 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1701 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700.

CVE-2021-1701 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique

CVE-2021-1663 5.5 - Medium - January 12, 2021

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1670, CVE-2021-1672.

CVE-2021-1663 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1654 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1654 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Update Stack Elevation of Privilege Vulnerability

CVE-2021-1694 9.8 - Critical - January 12, 2021

Windows Update Stack Elevation of Privilege Vulnerability

CVE-2021-1694 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Improper Privilege Management

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1671 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1671 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Multipoint Management Elevation of Privilege Vulnerability

CVE-2021-1689 7.8 - High - January 12, 2021

Windows Multipoint Management Elevation of Privilege Vulnerability

CVE-2021-1689 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1666 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1666 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

CVE-2021-1650 7.8 - High - January 12, 2021

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

CVE-2021-1650 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1660 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1660 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows GDI+ Information Disclosure Vulnerability

CVE-2021-1708 5.7 - Medium - January 12, 2021

Windows GDI+ Information Disclosure Vulnerability

CVE-2021-1708 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1664 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1664 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1681 7.8 - High - January 12, 2021

Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1686, CVE-2021-1687, CVE-2021-1690.

CVE-2021-1681 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1686 7.8 - High - January 12, 2021

Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1681, CVE-2021-1687, CVE-2021-1690.

CVE-2021-1686 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability

CVE-2021-1668 7.8 - High - January 12, 2021

Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability

CVE-2021-1668 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1687 7.8 - High - January 12, 2021

Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1681, CVE-2021-1686, CVE-2021-1690.

CVE-2021-1687 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1667 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1667 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Win32k Elevation of Privilege Vulnerability

CVE-2021-1709 7.8 - High - January 12, 2021

Windows Win32k Elevation of Privilege Vulnerability

CVE-2021-1709 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Kernel Elevation of Privilege Vulnerability

CVE-2021-1682 7.8 - High - January 12, 2021

Windows Kernel Elevation of Privilege Vulnerability

CVE-2021-1682 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows (modem.sys) Information Disclosure Vulnerability

CVE-2021-1699 5.5 - Medium - January 12, 2021

Windows (modem.sys) Information Disclosure Vulnerability

CVE-2021-1699 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1651 7.8 - High - January 12, 2021

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1680.

CVE-2021-1651 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1658 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1658 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Graphics Component Information Disclosure Vulnerability

CVE-2021-1696 5.5 - Medium - January 12, 2021

Windows Graphics Component Information Disclosure Vulnerability

CVE-2021-1696 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

GDI+ Remote Code Execution Vulnerability

CVE-2021-1665 7.8 - High - January 12, 2021

GDI+ Remote Code Execution Vulnerability

CVE-2021-1665 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1642 7.8 - High - January 12, 2021

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1685.

CVE-2021-1642 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique

CVE-2021-1684 5.5 - Medium - January 12, 2021

Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1638, CVE-2021-1683.

CVE-2021-1684 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2021-1695 7.8 - High - January 12, 2021

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2021-1695 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Hyper-V Denial of Service Vulnerability This CVE ID is unique

CVE-2021-1691 7.7 - High - January 12, 2021

Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-1692.

CVE-2021-1691 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 3.1 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1700 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1701.

CVE-2021-1700 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

CVE-2021-1710 7.8 - High - January 12, 2021

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

CVE-2021-1710 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1688 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1693.

CVE-2021-1688 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability

CVE-2021-1702 7.8 - High - January 12, 2021

Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability

CVE-2021-1702 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Event Logging Service Elevation of Privilege Vulnerability

CVE-2021-1703 7.8 - High - January 12, 2021

Windows Event Logging Service Elevation of Privilege Vulnerability

CVE-2021-1703 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Fax Compose Form Remote Code Execution Vulnerability

CVE-2021-1657 7.8 - High - January 12, 2021

Windows Fax Compose Form Remote Code Execution Vulnerability

CVE-2021-1657 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1659 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1659 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

TPM Device Driver Information Disclosure Vulnerability

CVE-2021-1656 5.5 - Medium - January 12, 2021

TPM Device Driver Information Disclosure Vulnerability

CVE-2021-1656 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique

CVE-2021-1638 5.5 - Medium - January 12, 2021

Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1683, CVE-2021-1684.

CVE-2021-1638 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

AuthZ

Active Template Library Elevation of Privilege Vulnerability

CVE-2021-1649 7.8 - High - January 12, 2021

Active Template Library Elevation of Privilege Vulnerability

CVE-2021-1649 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1653 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1653 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows WLAN Service Elevation of Privilege Vulnerability

CVE-2021-1646 7.8 - High - January 12, 2021

Windows WLAN Service Elevation of Privilege Vulnerability

CVE-2021-1646 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-17134 7.8 - High - December 10, 2020

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17103, CVE-2020-17136.

CVE-2020-17134 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-16964 7.8 - High - December 10, 2020

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963.

CVE-2020-16964 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-16962 7.8 - High - December 10, 2020

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16963, CVE-2020-16964.

CVE-2020-16962 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows SMB Information Disclosure Vulnerability

CVE-2020-17140 6.5 - Medium - December 10, 2020

Windows SMB Information Disclosure Vulnerability

CVE-2020-17140 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

DirectX Graphics Kernel Elevation of Privilege Vulnerability

CVE-2020-17137 7.8 - High - December 10, 2020

DirectX Graphics Kernel Elevation of Privilege Vulnerability

CVE-2020-17137 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-16961 7.8 - High - December 10, 2020

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.

CVE-2020-16961 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Lock Screen Security Feature Bypass Vulnerability

CVE-2020-17099 6.8 - Medium - December 10, 2020

Windows Lock Screen Security Feature Bypass Vulnerability

CVE-2020-17099 can be explotited with physical access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.9 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows GDI+ Information Disclosure Vulnerability

CVE-2020-17098 5.5 - Medium - December 10, 2020

Windows GDI+ Information Disclosure Vulnerability

CVE-2020-17098 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.