Windows 11 Microsoft Windows 11

  1. Vendors
  2. Microsoft
  3. Windows 11
Do you want an email whenever new security vulnerabilities are reported in Microsoft Windows 11?

By the Year

In 2023 there have been 13 vulnerabilities in Microsoft Windows 11 with an average score of 6.8 out of ten. Last year Windows 11 had 501 security vulnerabilities published. Right now, Windows 11 is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.63

Year Vulnerabilities Average Score
2023 13 6.82
2022 501 7.45
2021 88 7.37
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Windows 11 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows 11 Security Vulnerabilities

Windows Kernel Information Disclosure Vulnerability.

CVE-2023-21776 5.5 - Medium - January 10, 2023

Windows Kernel Information Disclosure Vulnerability.

Windows NTLM Elevation of Privilege Vulnerability.

CVE-2023-21746 7.8 - High - January 10, 2023

Windows NTLM Elevation of Privilege Vulnerability.

Windows Backup Service Elevation of Privilege Vulnerability.

CVE-2023-21752 7.1 - High - January 10, 2023

Windows Backup Service Elevation of Privilege Vulnerability.

Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability.

CVE-2023-21757 7.5 - High - January 10, 2023

Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability.

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVE-2023-21758 7.5 - High - January 10, 2023

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2023-21677, CVE-2023-21683.

Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability.

CVE-2023-21759 3.3 - Low - January 10, 2023

Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability.

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2023-21760 7.1 - High - January 10, 2023

Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21678, CVE-2023-21765.

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2023-21765 7.8 - High - January 10, 2023

Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21678, CVE-2023-21760.

Windows Error Reporting Service Elevation of Privilege Vulnerability.

CVE-2023-21558 7.8 - High - January 10, 2023

Windows Error Reporting Service Elevation of Privilege Vulnerability.

Windows Overlay Filter Information Disclosure Vulnerability.

CVE-2023-21766 4.7 - Medium - January 10, 2023

Windows Overlay Filter Information Disclosure Vulnerability.

Race Condition

Windows Overlay Filter Elevation of Privilege Vulnerability.

CVE-2023-21767 7.8 - High - January 10, 2023

Windows Overlay Filter Elevation of Privilege Vulnerability.

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.

CVE-2023-21768 7.8 - High - January 10, 2023

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.

Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability.

CVE-2023-21771 7 - High - January 10, 2023

Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability.

Race Condition

Windows Error Reporting Elevation of Privilege Vulnerability.

CVE-2022-44669 7 - High - December 13, 2022

Windows Error Reporting Elevation of Privilege Vulnerability.

Race Condition

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2022-44670 8.1 - High - December 13, 2022

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44676.

TOCTTOU

Windows Hyper-V Denial of Service Vulnerability.

CVE-2022-44682 6.8 - Medium - December 13, 2022

Windows Hyper-V Denial of Service Vulnerability.

Windows SmartScreen Security Feature Bypass Vulnerability.

CVE-2022-44698 5.4 - Medium - December 13, 2022

Windows SmartScreen Security Feature Bypass Vulnerability.

AuthZ

Windows Kernel Denial of Service Vulnerability.

CVE-2022-44707 6.5 - Medium - December 13, 2022

Windows Kernel Denial of Service Vulnerability.

DirectX Graphics Kernel Elevation of Privilege Vulnerability.

CVE-2022-44710 7.8 - High - December 13, 2022

DirectX Graphics Kernel Elevation of Privilege Vulnerability.

Improper Privilege Management

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2022-44671 7.8 - High - December 13, 2022

Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41121, CVE-2022-44680, CVE-2022-44697.

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2022-44676 8.1 - High - December 13, 2022

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44670.

Race Condition

Windows Projected File System Elevation of Privilege Vulnerability.

CVE-2022-44677 7.8 - High - December 13, 2022

Windows Projected File System Elevation of Privilege Vulnerability.

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2022-44678 7.8 - High - December 13, 2022

Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44681.

Windows Graphics Component Information Disclosure Vulnerability

CVE-2022-44679 6.5 - Medium - December 13, 2022

Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41074.

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2022-44680 7.8 - High - December 13, 2022

Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41121, CVE-2022-44671, CVE-2022-44697.

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2022-44681 7.8 - High - December 13, 2022

Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44678.

Windows Kernel Elevation of Privilege Vulnerability.

CVE-2022-44683 7.8 - High - December 13, 2022

Windows Kernel Elevation of Privilege Vulnerability.

Dangling pointer

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability.

CVE-2022-44689 7.8 - High - December 13, 2022

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability.

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2022-44697 7.8 - High - December 13, 2022

Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41121, CVE-2022-44671, CVE-2022-44680.

Windows Graphics Component Information Disclosure Vulnerability

CVE-2022-41074 5.5 - Medium - December 13, 2022

Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-44679.

PowerShell Remote Code Execution Vulnerability.

CVE-2022-41076 8.5 - High - December 13, 2022

PowerShell Remote Code Execution Vulnerability.

Windows Fax Compose Form Elevation of Privilege Vulnerability.

CVE-2022-41077 7.8 - High - December 13, 2022

Windows Fax Compose Form Elevation of Privilege Vulnerability.

Windows Hyper-V Elevation of Privilege Vulnerability.

CVE-2022-41094 7.8 - High - December 13, 2022

Windows Hyper-V Elevation of Privilege Vulnerability.

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2022-41121 7.8 - High - December 13, 2022

Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44671, CVE-2022-44680, CVE-2022-44697.

Windows Contacts Remote Code Execution Vulnerability.

CVE-2022-44666 7.8 - High - December 13, 2022

Windows Contacts Remote Code Execution Vulnerability.

Windows Media Remote Code Execution Vulnerability

CVE-2022-44667 7.8 - High - December 13, 2022

Windows Media Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44668.

Windows Media Remote Code Execution Vulnerability

CVE-2022-44668 7.8 - High - December 13, 2022

Windows Media Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44667.

Windows Bluetooth Driver Information Disclosure Vulnerability.

CVE-2022-44674 5.5 - Medium - December 13, 2022

Windows Bluetooth Driver Information Disclosure Vulnerability.

Windows Bluetooth Driver Elevation of Privilege Vulnerability.

CVE-2022-44675 7.8 - High - December 13, 2022

Windows Bluetooth Driver Elevation of Privilege Vulnerability.

Windows GDI+ Information Disclosure Vulnerability.

CVE-2022-41098 6.5 - Medium - November 09, 2022

Windows GDI+ Information Disclosure Vulnerability.

Windows Scripting Languages Remote Code Execution Vulnerability

CVE-2022-41128 8.8 - High - November 09, 2022

Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability.

CVE-2022-41125 7.8 - High - November 09, 2022

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability.

Windows Scripting Languages Remote Code Execution Vulnerability

CVE-2022-41118 7.5 - High - November 09, 2022

Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41128.

Race Condition

Windows Group Policy Elevation of Privilege Vulnerability

CVE-2022-41086 6.4 - Medium - November 09, 2022

Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37992.

Race Condition

Windows Network Address Translation (NAT) Denial of Service Vulnerability.

CVE-2022-41058 7.5 - High - November 09, 2022

Windows Network Address Translation (NAT) Denial of Service Vulnerability.

Windows HTTP.sys Elevation of Privilege Vulnerability.

CVE-2022-41057 7.8 - High - November 09, 2022

Windows HTTP.sys Elevation of Privilege Vulnerability.

Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability.

CVE-2022-41056 7.5 - High - November 09, 2022

Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability.

Windows Human Interface Device Information Disclosure Vulnerability.

CVE-2022-41055 5.5 - Medium - November 09, 2022

Windows Human Interface Device Information Disclosure Vulnerability.

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2022-41048 8.8 - High - November 09, 2022

Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41047.

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2022-41047 8.8 - High - November 09, 2022

Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41048.

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVE-2022-41045 7.8 - High - November 09, 2022

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41093, CVE-2022-41100.

Race Condition

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVE-2022-41039 8.1 - High - November 09, 2022

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41044, CVE-2022-41088.

Race Condition

Windows Hyper-V Denial of Service Vulnerability.

CVE-2022-38015 6.5 - Medium - November 09, 2022

Windows Hyper-V Denial of Service Vulnerability.

Windows Group Policy Elevation of Privilege Vulnerability

CVE-2022-37992 7.8 - High - November 09, 2022

Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41086.

Windows Bind Filter Driver Elevation of Privilege Vulnerability.

CVE-2022-41114 7 - High - November 09, 2022

Windows Bind Filter Driver Elevation of Privilege Vulnerability.

Race Condition

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability.

CVE-2022-41113 7.8 - High - November 09, 2022

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability.

Windows Win32k Elevation of Privilege Vulnerability

CVE-2022-41109 7.8 - High - November 09, 2022

Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41092.

Windows Overlay Filter Elevation of Privilege Vulnerability

CVE-2022-41102 7.8 - High - November 09, 2022

Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41101.

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVE-2022-41100 7.8 - High - November 09, 2022

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41093.

Race Condition

BitLocker Security Feature Bypass Vulnerability.

CVE-2022-41099 4.6 - Medium - November 09, 2022

BitLocker Security Feature Bypass Vulnerability.

Windows Overlay Filter Elevation of Privilege Vulnerability

CVE-2022-41101 7.8 - High - November 09, 2022

Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41102.

Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability.

CVE-2022-41097 6.5 - Medium - November 09, 2022

Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability.

Microsoft DWM Core Library Elevation of Privilege Vulnerability.

CVE-2022-41096 7.8 - High - November 09, 2022

Microsoft DWM Core Library Elevation of Privilege Vulnerability.

Windows Digital Media Receiver Elevation of Privilege Vulnerability.

CVE-2022-41095 7.8 - High - November 09, 2022

Windows Digital Media Receiver Elevation of Privilege Vulnerability.

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVE-2022-41093 7.8 - High - November 09, 2022

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41100.

Race Condition

Windows Win32k Elevation of Privilege Vulnerability

CVE-2022-41092 7.8 - High - November 09, 2022

Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41109.

Windows Mark of the Web Security Feature Bypass Vulnerability

CVE-2022-41091 5.4 - Medium - November 09, 2022

Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability

CVE-2022-41090 5.9 - Medium - November 09, 2022

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41116.

Race Condition

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVE-2022-41088 8.1 - High - November 09, 2022

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41044.

Race Condition

Windows Print Spooler Elevation of Privilege Vulnerability.

CVE-2022-41073 7.8 - High - November 09, 2022

Windows Print Spooler Elevation of Privilege Vulnerability.

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability.

CVE-2022-41054 7.8 - High - November 09, 2022

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability.

Windows Kerberos Denial of Service Vulnerability.

CVE-2022-41053 7.5 - High - November 09, 2022

Windows Kerberos Denial of Service Vulnerability.

Windows Graphics Component Remote Code Execution Vulnerability.

CVE-2022-41052 7.8 - High - November 09, 2022

Windows Graphics Component Remote Code Execution Vulnerability.

Windows Extensible File Allocation Table Elevation of Privilege Vulnerability.

CVE-2022-41050 7.8 - High - November 09, 2022

Windows Extensible File Allocation Table Elevation of Privilege Vulnerability.

Windows Mark of the Web Security Feature Bypass Vulnerability

CVE-2022-41049 5.4 - Medium - November 09, 2022

Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41091.

Connected User Experiences and Telemetry Elevation of Privilege Vulnerability.

CVE-2022-38021 7 - High - October 11, 2022

Connected User Experiences and Telemetry Elevation of Privilege Vulnerability.

Race Condition

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-38022 3.3 - Low - October 11, 2022

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.

Windows Distributed File System (DFS) Information Disclosure Vulnerability.

CVE-2022-38025 5.5 - Medium - October 11, 2022

Windows Distributed File System (DFS) Information Disclosure Vulnerability.

Windows DHCP Client Information Disclosure Vulnerability.

CVE-2022-38026 5.5 - Medium - October 11, 2022

Windows DHCP Client Information Disclosure Vulnerability.

Windows Storage Elevation of Privilege Vulnerability.

CVE-2022-38027 7 - High - October 11, 2022

Windows Storage Elevation of Privilege Vulnerability.

Race Condition

Windows Print Spooler Elevation of Privilege Vulnerability.

CVE-2022-38028 7.8 - High - October 11, 2022

Windows Print Spooler Elevation of Privilege Vulnerability.

Windows ALPC Elevation of Privilege Vulnerability.

CVE-2022-38029 7 - High - October 11, 2022

Windows ALPC Elevation of Privilege Vulnerability.

Race Condition

Windows USB Serial Driver Information Disclosure Vulnerability.

CVE-2022-38030 4.3 - Medium - October 11, 2022

Windows USB Serial Driver Information Disclosure Vulnerability.

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2022-38031 8.8 - High - October 11, 2022

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37982.

Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability.

CVE-2022-38032 6.6 - Medium - October 11, 2022

Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability.

Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability.

CVE-2022-38033 6.5 - Medium - October 11, 2022

Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability.

Windows Workstation Service Elevation of Privilege Vulnerability.

CVE-2022-38034 8.8 - High - October 11, 2022

Windows Workstation Service Elevation of Privilege Vulnerability.

Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability.

CVE-2022-38036 7.5 - High - October 11, 2022

Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability.

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-38037 7.8 - High - October 11, 2022

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38038, CVE-2022-38039.

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-38038 7.8 - High - October 11, 2022

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38039.

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-38039 7.8 - High - October 11, 2022

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038.

Microsoft ODBC Driver Remote Code Execution Vulnerability.

CVE-2022-38040 8.8 - High - October 11, 2022

Microsoft ODBC Driver Remote Code Execution Vulnerability.

Windows Group Policy Preference Client Elevation of Privilege Vulnerability

CVE-2022-37994 7.8 - High - October 11, 2022

Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37999.

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVE-2022-37989 7.8 - High - October 11, 2022

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37987.

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-37990 7.8 - High - October 11, 2022

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-37991 7.8 - High - October 11, 2022

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.

Windows Group Policy Preference Client Elevation of Privilege Vulnerability

CVE-2022-37993 7.8 - High - October 11, 2022

Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37994, CVE-2022-37999.

Windows Kernel Memory Information Disclosure Vulnerability.

CVE-2022-37996 5.5 - Medium - October 11, 2022

Windows Kernel Memory Information Disclosure Vulnerability.

Windows Active Directory Certificate Services Security Feature Bypass.

CVE-2022-37978 7.5 - High - October 11, 2022

Windows Active Directory Certificate Services Security Feature Bypass.

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-37988 7.8 - High - October 11, 2022

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2022 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Windows 11
Product

subscribe