Microsoft Windows
Recent Microsoft Windows Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2021-40475 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | October 12, 2021 |
| CVE-2021-40476 | Windows AppContainer Elevation Of Privilege Vulnerability | October 12, 2021 |
| CVE-2021-36953 | Windows TCP/IP Denial of Service Vulnerability | October 12, 2021 |
| CVE-2021-41347 | Windows AppX Deployment Service Elevation of Privilege Vulnerability | October 12, 2021 |
| CVE-2021-40455 | Windows Installer Spoofing Vulnerability | October 12, 2021 |
| CVE-2021-38663 | Windows exFAT File System Information Disclosure Vulnerability | October 12, 2021 |
| CVE-2021-40456 | Windows AD FS Security Feature Bypass Vulnerability | October 12, 2021 |
| CVE-2021-36970 | Windows Print Spooler Spoofing Vulnerability | October 12, 2021 |
| CVE-2021-40443 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | October 12, 2021 |
| CVE-2021-38662 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | October 12, 2021 |
By the Year
In 2021 there have been 2 vulnerabilities in Microsoft Windows with an average score of 7.8 out of ten. Windows did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2021 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2021 | 2 | 7.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 2 | 7.80 |
It may take a day or so for new Windows vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows Security Vulnerabilities
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36958
7.8 - High
- August 12, 2021
Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36947.
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-34481
7.8 - High
- July 16, 2021
Windows Print Spooler Elevation of Privilege Vulnerability
Improper Privilege Management
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows
CVE-2018-0598
7.8 - High
- June 26, 2018
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Untrusted Path
Untrusted search path vulnerability in the installer of Visual C++ Redistributable
CVE-2018-0599
7.8 - High
- June 26, 2018
Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Untrusted Path
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code
CVE-2011-3389
- September 06, 2011
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows or by Microsoft? Click the Watch button to subscribe.
