Windows 11 23h2 Microsoft Windows 11 23h2

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows 11 23h2.

By the Year

In 2025 there have been 12 vulnerabilities in Microsoft Windows 11 23h2 with an average score of 8.0 out of ten. Last year, in 2024 Windows 11 23h2 had 536 security vulnerabilities published. Right now, Windows 11 23h2 is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.65.

Year Vulnerabilities Average Score
2025 12 8.00
2024 536 7.35
2023 49 7.72
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Windows 11 23h2 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows 11 23h2 Security Vulnerabilities

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

CVE-2025-21370 8.8 - High - January 14, 2025

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Improper Input Validation

Windows CSC Service Information Disclosure Vulnerability

CVE-2025-21374 5.5 - Medium - January 14, 2025

Windows CSC Service Information Disclosure Vulnerability

Out-of-bounds Read

Windows CSC Service Elevation of Privilege Vulnerability

CVE-2025-21378 7.8 - High - January 14, 2025

Windows CSC Service Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2025-21382 7.8 - High - January 14, 2025

Windows Graphics Component Elevation of Privilege Vulnerability

Integer Overflow or Wraparound

Windows upnphost.dll Denial of Service Vulnerability

CVE-2025-21389 7.5 - High - January 14, 2025

Windows upnphost.dll Denial of Service Vulnerability

Resource Exhaustion

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21409 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21411 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21413 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21417 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVE-2025-21333 7.8 - High - January 14, 2025

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVE-2025-21334 7.8 - High - January 14, 2025

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Dangling pointer

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVE-2025-21335 7.8 - High - January 14, 2025

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Dangling pointer

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVE-2024-49110 6.8 - Medium - December 12, 2024

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Out-of-bounds Read

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVE-2024-49111 6.6 - Medium - December 12, 2024

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Hyper-V Remote Code Execution Vulnerability

CVE-2024-49117 8.8 - High - December 12, 2024

Windows Hyper-V Remote Code Execution Vulnerability

Return of Wrong Status Code

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

CVE-2024-49121 7.5 - High - December 12, 2024

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

NULL Pointer Dereference

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2024-49122 8.1 - High - December 12, 2024

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Race Condition

Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2024-49123 8.1 - High - December 12, 2024

Windows Remote Desktop Services Remote Code Execution Vulnerability

Race Condition

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

CVE-2024-49126 8.1 - High - December 12, 2024

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

Race Condition

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVE-2024-49127 8.1 - High - December 12, 2024

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Race Condition

Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2024-49132 8.1 - High - December 12, 2024

Windows Remote Desktop Services Remote Code Execution Vulnerability

Race Condition

Windows Task Scheduler Elevation of Privilege Vulnerability

CVE-2024-49072 7.8 - High - December 12, 2024

Windows Task Scheduler Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVE-2024-49073 6.8 - Medium - December 12, 2024

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Improper Input Validation

Windows Remote Desktop Services Denial of Service Vulnerability

CVE-2024-49075 7.5 - High - December 12, 2024

Windows Remote Desktop Services Denial of Service Vulnerability

Resource Exhaustion

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

CVE-2024-49076 7.8 - High - December 12, 2024

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

authentification

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVE-2024-49077 6.8 - Medium - December 12, 2024

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVE-2024-49078 6.8 - Medium - December 12, 2024

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Out-of-bounds Read

Input Method Editor (IME) Remote Code Execution Vulnerability

CVE-2024-49079 7.8 - High - December 12, 2024

Input Method Editor (IME) Remote Code Execution Vulnerability

Dangling pointer

Windows IP Routing Management Snapin Remote Code Execution Vulnerability

CVE-2024-49080 8.8 - High - December 12, 2024

Windows IP Routing Management Snapin Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVE-2024-49081 6.6 - Medium - December 12, 2024

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows File Explorer Information Disclosure Vulnerability

CVE-2024-49082 6.8 - Medium - December 12, 2024

Windows File Explorer Information Disclosure Vulnerability

Directory traversal

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVE-2024-49083 6.8 - Medium - December 12, 2024

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-49084 7 - High - December 12, 2024

Windows Kernel Elevation of Privilege Vulnerability

Race Condition

Windows Mobile Broadband Driver Information Disclosure Vulnerability

CVE-2024-49087 4.6 - Medium - December 12, 2024

Windows Mobile Broadband Driver Information Disclosure Vulnerability

Improper Input Validation

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2024-49088 7.8 - High - December 12, 2024

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Buffer Over-read

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-49089 7.2 - High - December 12, 2024

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2024-49090 7.8 - High - December 12, 2024

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Untrusted Pointer Dereference

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVE-2024-49092 6.8 - Medium - December 12, 2024

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Out-of-bounds Read

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVE-2024-49094 6.6 - Medium - December 12, 2024

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

CVE-2024-49095 7 - High - December 12, 2024

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Race Condition

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2024-49096 7.5 - High - December 12, 2024

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Resource Exhaustion

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

CVE-2024-49097 7 - High - December 12, 2024

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Race Condition

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

CVE-2024-49098 4.3 - Medium - December 12, 2024

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

Out-of-bounds Read

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

CVE-2024-49099 4.3 - Medium - December 12, 2024

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

Out-of-bounds Read

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVE-2024-49101 6.6 - Medium - December 12, 2024

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-49102 8.8 - High - December 12, 2024

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

CVE-2024-49103 4.3 - Medium - December 12, 2024

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

Out-of-bounds Read

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-49104 8.8 - High - December 12, 2024

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2024-49105 8.4 - High - December 12, 2024

Remote Desktop Client Remote Code Execution Vulnerability

Authorization

WmsRepair Service Elevation of Privilege Vulnerability

CVE-2024-49107 7.3 - High - December 12, 2024

WmsRepair Service Elevation of Privilege Vulnerability

insecure temporary file

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVE-2024-49109 6.6 - Medium - December 12, 2024

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2024-49138 7.8 - High - December 12, 2024

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows Task Scheduler Elevation of Privilege Vulnerability

CVE-2024-49039 8.8 - High - November 12, 2024

Windows Task Scheduler Elevation of Privilege Vulnerability

authentification

NTLM Hash Disclosure Spoofing Vulnerability

CVE-2024-43451 6.5 - Medium - November 12, 2024

NTLM Hash Disclosure Spoofing Vulnerability

External Control of File Name or Path

Microsoft Windows VMSwitch Elevation of Privilege Vulnerability

CVE-2024-43625 8.1 - High - November 12, 2024

Microsoft Windows VMSwitch Elevation of Privilege Vulnerability

Dangling pointer

Windows NT OS Kernel Elevation of Privilege Vulnerability

CVE-2024-43623 7.8 - High - November 12, 2024

Windows NT OS Kernel Elevation of Privilege Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2024-43622 8.8 - High - November 12, 2024

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2024-43621 8.8 - High - November 12, 2024

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2024-43620 8.8 - High - November 12, 2024

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Package Library Manager Information Disclosure Vulnerability

CVE-2024-38203 5.5 - Medium - November 12, 2024

Windows Package Library Manager Information Disclosure Vulnerability

Protection Mechanism Failure

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2024-43628 8.8 - High - November 12, 2024

Windows Telephony Service Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2024-43627 8.8 - High - November 12, 2024

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

CVE-2024-49046 7.8 - High - November 12, 2024

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

CVE-2024-43646 7.8 - High - November 12, 2024

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Untrusted Pointer Dereference

Windows Client-Side Caching Elevation of Privilege Vulnerability

CVE-2024-43644 7.8 - High - November 12, 2024

Windows Client-Side Caching Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVE-2024-43643 6.8 - Medium - November 12, 2024

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

Windows SMB Denial of Service Vulnerability

CVE-2024-43642 7.5 - High - November 12, 2024

Windows SMB Denial of Service Vulnerability

Dangling pointer

Windows Registry Elevation of Privilege Vulnerability

CVE-2024-43641 7.8 - High - November 12, 2024

Windows Registry Elevation of Privilege Vulnerability

Integer Overflow or Wraparound

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVE-2024-43640 7.8 - High - November 12, 2024

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVE-2024-43638 6.8 - Medium - November 12, 2024

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVE-2024-43637 6.8 - Medium - November 12, 2024

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

Out-of-bounds Read

Win32k Elevation of Privilege Vulnerability

CVE-2024-43636 7.8 - High - November 12, 2024

Win32k Elevation of Privilege Vulnerability

Untrusted Pointer Dereference

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2024-43635 8.8 - High - November 12, 2024

Windows Telephony Service Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVE-2024-43634 6.8 - Medium - November 12, 2024

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Hyper-V Denial of Service Vulnerability

CVE-2024-43633 6.5 - Medium - November 12, 2024

Windows Hyper-V Denial of Service Vulnerability

Sensitive Data Storage in Improperly Locked Memory

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

CVE-2024-43631 7.8 - High - November 12, 2024

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Untrusted Pointer Dereference

Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2024-43629 7.8 - High - November 12, 2024

Windows DWM Core Library Elevation of Privilege Vulnerability

Untrusted Pointer Dereference

Windows Telephony Service Elevation of Privilege Vulnerability

CVE-2024-43626 7.8 - High - November 12, 2024

Windows Telephony Service Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability

CVE-2024-43624 8.8 - High - November 12, 2024

Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability

Untrusted Pointer Dereference

Windows Update Stack Elevation of Privilege Vulnerability

CVE-2024-43530 7.8 - High - November 12, 2024

Windows Update Stack Elevation of Privilege Vulnerability

Authorization

Windows Registry Elevation of Privilege Vulnerability

CVE-2024-43452 7.5 - High - November 12, 2024

Windows Registry Elevation of Privilege Vulnerability

TOCTTOU

Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability

CVE-2024-38264 5.9 - Medium - November 12, 2024

Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability

Sensitive Data Storage in Improperly Locked Memory

Windows USB Video Class System Driver Elevation of Privilege Vulnerability