Microsoft Windows
Do you want an email whenever new security vulnerabilities are reported in Microsoft Windows?
Recent Microsoft Windows Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2023-28303 | Windows Snipping Tool Information Disclosure Vulnerability | March 24, 2023 |
| CVE-2023-23402 | Windows Media Remote Code Execution Vulnerability | March 14, 2023 |
| CVE-2023-23400 | Windows DNS Server Remote Code Execution Vulnerability | March 14, 2023 |
| CVE-2023-23388 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | March 14, 2023 |
| CVE-2023-23410 | Windows HTTP.sys Elevation of Privilege Vulnerability | March 14, 2023 |
| CVE-2023-23404 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | March 14, 2023 |
| CVE-2023-23385 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability | March 14, 2023 |
| CVE-2023-23407 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | March 14, 2023 |
| CVE-2023-23401 | Windows Media Remote Code Execution Vulnerability | March 14, 2023 |
| CVE-2023-23411 | Windows Hyper-V Denial of Service Vulnerability | March 14, 2023 |
Known Exploited Microsoft Windows Vulnerabilities
The following Microsoft Windows vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. CVE-2023-24880 | March 14, 2023 |
| Microsoft Windows Graphic Component Privilege Escalation Vulnerability | Microsoft Windows Graphic Component contains an unspecified vulnerability which allows for privilege escalation. CVE-2023-21823 | February 14, 2023 |
| Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation. CVE-2023-23376 | February 14, 2023 |
| Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability | Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-21674 | January 10, 2023 |
| Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2022-41049 | November 14, 2022 |
| Microsoft Windows Scripting Languages Remote Code Execution Vulnerability | Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution. CVE-2022-41128 | November 8, 2022 |
| Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2022-41091 | November 8, 2022 |
| Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability | Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability which allows an attacker to gain SYSTEM-level privileges. CVE-2022-41125 | November 8, 2022 |
| Microsoft Windows Print Spooler Privilege Escalation Vulnerability | Microsoft Windows Print Spooler contains an unspecified vulnerability which allows an attacker to gain SYSTEM-level privileges. CVE-2022-41073 | November 8, 2022 |
| Microsoft Windows Remote Code Execution Vulnerability | Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user. CVE-2010-2568 | September 15, 2022 |
| Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation. CVE-2022-37969 | September 14, 2022 |
| Microsoft Windows Runtime Remote Code Execution Vulnerability | Microsoft Windows Runtime contains an unspecified vulnerability which allows for remote code execution. CVE-2022-21971 | August 18, 2022 |
| Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability | Microsoft Windows CSRSS contains an unspecified vulnerability which allows for privilege escalation to SYSTEM privileges. CVE-2022-22047 | July 12, 2022 |
| Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application. CVE-2022-30190 | June 14, 2022 |
| Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability | The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code. CVE-2012-0151 | June 8, 2022 |
| Microsoft Windows Open Type Font Remote Code Execution Vulnerability | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system. CVE-2016-7256 | May 25, 2022 |
| Microsoft Windows Mount Manager Privilege Escalation Vulnerability | A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links. CVE-2015-1769 | May 25, 2022 |
| Microsoft Windows TS WebProxy Directory Traversal Vulnerability | Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges. CVE-2015-0016 | May 25, 2022 |
| Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability | A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system. CVE-2016-3393 | May 25, 2022 |
| Microsoft Windows Remote Code Execution Vulnerability | A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts. CVE-2014-4148 | May 25, 2022 |
By the Year
In 2023 there have been 0 vulnerabilities in Microsoft Windows . Windows did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 7.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 2 | 7.80 |
It may take a day or so for new Windows vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows Security Vulnerabilities
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36958
7.8 - High
- August 12, 2021
Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36947.
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-34481
7.8 - High
- July 16, 2021
Windows Print Spooler Elevation of Privilege Vulnerability
Improper Privilege Management
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows
CVE-2018-0598
7.8 - High
- June 26, 2018
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Untrusted Path
Untrusted search path vulnerability in the installer of Visual C++ Redistributable
CVE-2018-0599
7.8 - High
- June 26, 2018
Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Untrusted Path
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code
CVE-2011-3389
- September 06, 2011
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Inadequate Encryption Strength
ICMP information such as (1) netmask and (2) timestamp is
CVE-1999-0524
- August 01, 1997
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sgi Irix or by Microsoft? Click the Watch button to subscribe.
