Microsoft Windows
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows.
Recent Microsoft Windows Security Advisories
Advisory | Title | Published |
---|---|---|
CVE-2025-21245 | CVE-2025-21245 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21409 | CVE-2025-21409 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21238 | CVE-2025-21238 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21240 | CVE-2025-21240 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21223 | CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21417 | CVE-2025-21417 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21250 | CVE-2025-21250 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21246 | CVE-2025-21246 Windows Telephony Service Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21311 | CVE-2025-21311 Windows NTLM V1 Elevation of Privilege Vulnerability | January 14, 2025 |
CVE-2025-21333 | CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | January 14, 2025 |
Known Exploited Microsoft Windows Vulnerabilities
The following Microsoft Windows vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability |
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges. CVE-2025-21335 Exploit Probability: 0.1% |
January 14, 2025 |
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability |
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges. CVE-2025-21334 Exploit Probability: 0.1% |
January 14, 2025 |
Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability |
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges. CVE-2025-21333 Exploit Probability: 0.1% |
January 14, 2025 |
Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability |
Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges. CVE-2024-35250 Exploit Probability: 0.1% |
December 16, 2024 |
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability |
Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges. CVE-2024-49138 Exploit Probability: 0.1% |
December 10, 2024 |
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability |
Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user. CVE-2024-43451 Exploit Probability: 0.9% |
November 12, 2024 |
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability |
Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions. CVE-2024-49039 Exploit Probability: 0.7% |
November 12, 2024 |
Microsoft Windows MSHTML Platform Spoofing Vulnerability |
Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality. CVE-2024-43573 Exploit Probability: 1.1% |
October 8, 2024 |
Microsoft Windows Management Console Remote Code Execution Vulnerability |
Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution. CVE-2024-43572 Exploit Probability: 0.1% |
October 8, 2024 |
Microsoft Windows MSHTML Platform Spoofing Vulnerability |
Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112. CVE-2024-43461 Exploit Probability: 2.5% |
September 16, 2024 |
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability |
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. CVE-2024-38217 Exploit Probability: 0.6% |
September 10, 2024 |
Microsoft Windows Installer Privilege Escalation Vulnerability |
Microsoft Windows Installer contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. CVE-2024-38014 Exploit Probability: 0.8% |
September 10, 2024 |
Microsoft Windows Update Remote Code Execution Vulnerability |
Microsoft Windows Update contains an unspecified vulnerability that allows for remote code execution. CVE-2024-43491 Exploit Probability: 0.1% |
September 10, 2024 |
Microsoft Windows Kernel Privilege Escalation Vulnerability |
Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition. CVE-2024-38106 Exploit Probability: 0.0% |
August 13, 2024 |
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability |
Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges. CVE-2024-38107 Exploit Probability: 0.0% |
August 13, 2024 |
Microsoft Windows Scripting Engine Memory Corruption Vulnerability |
Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL. CVE-2024-38178 Exploit Probability: 1.4% |
August 13, 2024 |
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability |
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file. CVE-2024-38213 Exploit Probability: 0.3% |
August 13, 2024 |
Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability |
Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. CVE-2024-38193 Exploit Probability: 0.0% |
August 13, 2024 |
Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability |
Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script. CVE-2018-0824 Exploit Probability: 97.0% |
August 5, 2024 |
Microsoft Windows MSHTML Platform Spoofing Vulnerability |
Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability. CVE-2024-38112 Exploit Probability: 0.5% |
July 9, 2024 |
The vulnerability CVE-2018-0824: Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.
Top 10 Riskiest Microsoft Windows Vulnerabilities
Based on the current exploit probability, these Microsoft Windows vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
Rank | CVE | EPSS | Vulnerability |
---|---|---|---|
1 | CVE-2015-2426 | 97.2% | Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability |
2 | CVE-2017-0146 | 97.2% | Microsoft Windows SMB Remote Code Execution Vulnerability |
3 | CVE-2017-8464 | 97.2% | Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability |
4 | CVE-2018-0824 | 97.0% | Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability |
5 | CVE-2018-8174 | 96.7% | Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability |
6 | CVE-2018-8440 | 96.5% | Microsoft Windows Privilege Escalation Vulnerability |
7 | CVE-2021-1675 | 96.5% | Microsoft Windows Print Spooler Remote Code Execution Vulnerability |
8 | CVE-2014-4114 | 96.4% | Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability |
9 | CVE-2021-34527 | 95.7% | "PrintNightmare" - Microsoft Windows Print Spooler Remote Code Execution Vulnerability |
10 | CVE-2014-6352 | 95.7% | Microsoft Windows Code Injection Vulnerability |
By the Year
In 2025 there have been 0 vulnerabilities in Microsoft Windows. Last year, in 2024 Windows had 6 security vulnerabilities published. Right now, Windows is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 6 | 7.20 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 2 | 8.30 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 2 | 7.80 |
It may take a day or so for new Windows vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows Security Vulnerabilities
Windows Credential Manager NTLM Hash Leak Vulnerability
CVE-2024-45204
- December 04, 2024
A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities.
WLAN Driver Remote Denial of Service Vulnerability
CVE-2024-20137
- December 02, 2024
In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727.
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-49046
7.8 - High
- November 12, 2024
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2024-49039
8.8 - High
- November 12, 2024
Windows Task Scheduler Elevation of Privilege Vulnerability
authentification
Clipboard Module Permission Bypass in Windows
CVE-2024-51525
5.5 - Medium
- November 05, 2024
Permission control vulnerability in the clipboard module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Memory Corruption Vulnerability in Windows Kernel Driver for Remote Heap Mapping
CVE-2024-33029
6.7 - Medium
- November 04, 2024
Memory corruption while handling the PDR in driver for getting the remote heap maps.
Dangling pointer
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations
CVE-2021-36958
7.8 - High
- August 12, 2021
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations
CVE-2021-34481
8.8 - High
- July 16, 2021
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p><strong>UPDATE</strong> August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see <a href="https://support.microsoft.com/help/5005652">KB5005652</a>.</p>
Improper Privilege Management
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows
CVE-2018-0598
7.8 - High
- June 26, 2018
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Untrusted Path
Untrusted search path vulnerability in the installer of Visual C++ Redistributable
CVE-2018-0599
7.8 - High
- June 26, 2018
Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Untrusted Path
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code
CVE-2011-3389
- September 06, 2011
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Inadequate Encryption Strength
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
CVE-2008-4037
- November 12, 2008
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
authentification
ICMP information such as (1) netmask and (2) timestamp is
CVE-1999-0524
- August 01, 1997
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sgi Irix or by Microsoft? Click the Watch button to subscribe.