Windows Microsoft Windows

Do you want an email whenever new security vulnerabilities are reported in Microsoft Windows?

Recent Microsoft Windows Security Advisories

Advisory Title Published
CVE-2023-28303 Windows Snipping Tool Information Disclosure Vulnerability March 24, 2023
CVE-2023-23402 Windows Media Remote Code Execution Vulnerability March 14, 2023
CVE-2023-23400 Windows DNS Server Remote Code Execution Vulnerability March 14, 2023
CVE-2023-23388 Windows Bluetooth Driver Elevation of Privilege Vulnerability March 14, 2023
CVE-2023-23410 Windows HTTP.sys Elevation of Privilege Vulnerability March 14, 2023
CVE-2023-23404 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability March 14, 2023
CVE-2023-23385 Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability March 14, 2023
CVE-2023-23407 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability March 14, 2023
CVE-2023-23401 Windows Media Remote Code Execution Vulnerability March 14, 2023
CVE-2023-23411 Windows Hyper-V Denial of Service Vulnerability March 14, 2023

Known Exploited Microsoft Windows Vulnerabilities

The following Microsoft Windows vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. CVE-2023-24880 March 14, 2023
Microsoft Windows Graphic Component Privilege Escalation Vulnerability Microsoft Windows Graphic Component contains an unspecified vulnerability which allows for privilege escalation. CVE-2023-21823 February 14, 2023
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation. CVE-2023-23376 February 14, 2023
Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-21674 January 10, 2023
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2022-41049 November 14, 2022
Microsoft Windows Scripting Languages Remote Code Execution Vulnerability Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution. CVE-2022-41128 November 8, 2022
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2022-41091 November 8, 2022
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability which allows an attacker to gain SYSTEM-level privileges. CVE-2022-41125 November 8, 2022
Microsoft Windows Print Spooler Privilege Escalation Vulnerability Microsoft Windows Print Spooler contains an unspecified vulnerability which allows an attacker to gain SYSTEM-level privileges. CVE-2022-41073 November 8, 2022
Microsoft Windows Remote Code Execution Vulnerability Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user. CVE-2010-2568 September 15, 2022
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation. CVE-2022-37969 September 14, 2022
Microsoft Windows Runtime Remote Code Execution Vulnerability Microsoft Windows Runtime contains an unspecified vulnerability which allows for remote code execution. CVE-2022-21971 August 18, 2022
Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability Microsoft Windows CSRSS contains an unspecified vulnerability which allows for privilege escalation to SYSTEM privileges. CVE-2022-22047 July 12, 2022
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application. CVE-2022-30190 June 14, 2022
Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code. CVE-2012-0151 June 8, 2022
Microsoft Windows Open Type Font Remote Code Execution Vulnerability A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system. CVE-2016-7256 May 25, 2022
Microsoft Windows Mount Manager Privilege Escalation Vulnerability A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links. CVE-2015-1769 May 25, 2022
Microsoft Windows TS WebProxy Directory Traversal Vulnerability Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges. CVE-2015-0016 May 25, 2022
Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system. CVE-2016-3393 May 25, 2022
Microsoft Windows Remote Code Execution Vulnerability A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts. CVE-2014-4148 May 25, 2022

By the Year

In 2023 there have been 0 vulnerabilities in Microsoft Windows . Windows did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2023 0 0.00
2022 0 0.00
2021 2 7.80
2020 0 0.00
2019 0 0.00
2018 2 7.80

It may take a day or so for new Windows vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows Security Vulnerabilities

Windows Print Spooler Remote Code Execution Vulnerability

CVE-2021-36958 7.8 - High - August 12, 2021

Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36947.

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2021-34481 7.8 - High - July 16, 2021

Windows Print Spooler Elevation of Privilege Vulnerability

Improper Privilege Management

Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows

CVE-2018-0598 7.8 - High - June 26, 2018

Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Untrusted Path

Untrusted search path vulnerability in the installer of Visual C++ Redistributable

CVE-2018-0599 7.8 - High - June 26, 2018

Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Untrusted Path

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code

CVE-2011-3389 - September 06, 2011

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Inadequate Encryption Strength

ICMP information such as (1) netmask and (2) timestamp is

CVE-1999-0524 - August 01, 1997

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Information Disclosure

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Sgi Irix or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe