Windows 11 24h2 Microsoft Windows 11 24h2

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows 11 24h2.

By the Year

In 2025 there have been 402 vulnerabilities in Microsoft Windows 11 24h2 with an average score of 7.2 out of ten. Last year, in 2024 Windows 11 24h2 had 216 security vulnerabilities published. That is, 186 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 0.20

Year Vulnerabilities Average Score
2025 402 7.24
2024 216 7.43
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Windows 11 24h2 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows 11 24h2 Security Vulnerabilities

Protection mechanism failure in Windows SmartScreen

CVE-2025-49740 8.8 - High - July 08, 2025

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

Protection Mechanism Failure

Integer overflow or wraparound in Microsoft Graphics Component

CVE-2025-49742 7.8 - High - July 08, 2025

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Integer Overflow or Wraparound

Heap-based buffer overflow in Microsoft Graphics Component

CVE-2025-49744 7 - High - July 08, 2025

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Race Condition

Missing authorization in Windows StateRepository API

CVE-2025-49723 8.8 - High - July 08, 2025

Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.

AuthZ

Use after free in Windows Connected Devices Platform Service

CVE-2025-49724 8.8 - High - July 08, 2025

Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.

Dangling pointer

Use after free in Windows Notification

CVE-2025-49725 7.8 - High - July 08, 2025

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

Dangling pointer

Use after free in Windows Notification

CVE-2025-49726 7.8 - High - July 08, 2025

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

Dangling pointer

Heap-based buffer overflow in Windows Win32K - GRFX

CVE-2025-49727 7 - High - July 08, 2025

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler

CVE-2025-49730 7.8 - High - July 08, 2025

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Heap-based buffer overflow in Microsoft Graphics Component

CVE-2025-49732 7.8 - High - July 08, 2025

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Use after free in Windows Win32K - ICOMP

CVE-2025-49733 7.8 - High - July 08, 2025

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Dangling pointer

External control of file name or path in Windows Storage

CVE-2025-49760 3.5 - Low - July 08, 2025

External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.

External Control of File Name or Path

Processor optimization removal or modification of security-critical code in Windows Kernel

CVE-2025-26636 5.5 - Medium - July 08, 2025

Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.

Processor Optimization Removal or Modification of Security-critical Code

Insufficient UI warning of dangerous operations in Remote Desktop Client

CVE-2025-33054 8.1 - High - July 08, 2025

Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.

Insufficient UI Warning of Dangerous Operations

Improper access control in Microsoft PC Manager

CVE-2025-47993 7.8 - High - July 08, 2025

Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Authorization

Use after free in Microsoft Input Method Editor (IME)

CVE-2025-47991 7.8 - High - July 08, 2025

Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Dangling pointer

Heap-based buffer overflow in Windows Cred SSProvider Protocol

CVE-2025-47987 7.8 - High - July 08, 2025

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

Integer Overflow or Wraparound

Use after free in Universal Print Management Service

CVE-2025-47986 8.8 - High - July 08, 2025

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Dangling pointer

Untrusted pointer dereference in Windows Event Tracing

CVE-2025-47985 7.8 - High - July 08, 2025

Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

Untrusted Pointer Dereference

Protection mechanism failure in Windows GDI

CVE-2025-47984 7.5 - High - July 08, 2025

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

Protection Mechanism Failure

Improper input validation in Windows Storage VSP Driver

CVE-2025-47982 7.8 - High - July 08, 2025

Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Improper Input Validation

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation

CVE-2025-47981 9.8 - Critical - July 08, 2025

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component

CVE-2025-47980 6.2 - Medium - July 08, 2025

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

Information Disclosure

Use after free in Windows SSDP Service

CVE-2025-47976 7.8 - High - July 08, 2025

Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Dangling pointer

Double free in Windows SSDP Service

CVE-2025-47975 7 - High - July 08, 2025

Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Double-free

Buffer over-read in Virtual Hard Disk (VHDX)

CVE-2025-47973 7.8 - High - July 08, 2025

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Buffer Over-read

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME)

CVE-2025-47972 8 - High - July 08, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.

Race Condition

Buffer over-read in Virtual Hard Disk (VHDX)

CVE-2025-47971 7.8 - High - July 08, 2025

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Buffer Over-read

Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave

CVE-2025-47159 7.8 - High - July 08, 2025

Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

Protection Mechanism Failure

Integer underflow (wrap or wraparound) in Windows MBT Transport driver

CVE-2025-47996 7.8 - High - July 08, 2025

Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

Out-of-bounds Read

Use after free in Windows Media

CVE-2025-49682 7.3 - High - July 08, 2025

Use after free in Windows Media allows an authorized attacker to elevate privileges locally.

Dangling pointer

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock

CVE-2025-49661 7.8 - High - July 08, 2025

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Untrusted Pointer Dereference

Use after free in Windows Event Tracing

CVE-2025-49660 7.8 - High - July 08, 2025

Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

Dangling pointer

Buffer over-read in Windows TDX.sys

CVE-2025-49659 7.8 - High - July 08, 2025

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

Buffer Over-read

Out-of-bounds read in Windows TDX.sys

CVE-2025-49658 5.5 - Medium - July 08, 2025

Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Cryptographic issues in Windows Cryptographic Services

CVE-2025-48823 5.9 - Medium - July 08, 2025

Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.

Out-of-bounds read in Windows Hyper-V

CVE-2025-48822 8.6 - High - July 08, 2025

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Use after free in Windows Universal Plug and Play (UPnP) Device Host

CVE-2025-48821 7.1 - High - July 08, 2025

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Dangling pointer

Improper link resolution before file access ('link following') in Windows AppX Deployment Service

CVE-2025-48820 7.8 - High - July 08, 2025

Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.

insecure temporary file

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host

CVE-2025-48819 7.1 - High - July 08, 2025

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Sensitive Data Storage in Improperly Locked Memory

Time-of-check time-of-use (toctou) race condition in Windows BitLocker

CVE-2025-48818 6.8 - Medium - July 08, 2025

Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

TOCTTOU

Relative path traversal in Remote Desktop Client

CVE-2025-48817 8.8 - High - July 08, 2025

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Authorization

Integer overflow or wraparound in HID class driver

CVE-2025-48816 7.8 - High - July 08, 2025

Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.

Out-of-bounds Read

Access of resource using incompatible type ('type confusion') in Windows SSDP Service

CVE-2025-48815 7.8 - High - July 08, 2025

Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Object Type Confusion

Missing authentication for critical function in Windows Remote Desktop Licensing Service

CVE-2025-48814 7.5 - High - July 08, 2025

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.

Missing Authentication for Critical Function

Improper link resolution before file access ('link following') in Windows Performance Recorder

CVE-2025-49680 7.3 - High - July 08, 2025

Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.

insecure temporary file

Buffer over-read in Storage Port Driver

CVE-2025-49684 5.5 - Medium - July 08, 2025

Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.

Buffer Over-read

Integer overflow or wraparound in Virtual Hard Disk (VHDX)

CVE-2025-49683 7.8 - High - July 08, 2025

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

Integer Overflow or Wraparound

Null pointer dereference in Windows TCP/IP

CVE-2025-49686 7.8 - High - July 08, 2025

Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

NULL Pointer Dereference

Numeric truncation error in Windows Shell

CVE-2025-49679 7.8 - High - July 08, 2025

Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.

Numeric Truncation Error

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows 11 22h2 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe