Microsoft Windows
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows.
Recent Microsoft Windows Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2025-49691 | CVE-2025-49691 Windows Miracast Wireless Display Remote Code Execution Vulnerability | July 8, 2025 |
| CVE-2025-49744 | CVE-2025-49744 Windows Graphics Component Elevation of Privilege Vulnerability | July 8, 2025 |
| CVE-2025-49742 | CVE-2025-49742 Windows Graphics Component Remote Code Execution Vulnerability | July 8, 2025 |
| CVE-2025-49740 | CVE-2025-49740 Windows SmartScreen Security Feature Bypass Vulnerability | July 8, 2025 |
| CVE-2025-47999 | CVE-2025-47999 Windows Hyper-V Denial of Service Vulnerability | July 8, 2025 |
| CVE-2025-49732 | CVE-2025-49732 Windows Graphics Component Elevation of Privilege Vulnerability | July 8, 2025 |
| CVE-2025-49730 | CVE-2025-49730 Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability | July 8, 2025 |
| CVE-2025-49729 | CVE-2025-49729 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | July 8, 2025 |
| CVE-2025-49725 | CVE-2025-49725 Windows Notification Elevation of Privilege Vulnerability | July 8, 2025 |
| CVE-2025-49724 | CVE-2025-49724 Windows Connected Devices Platform Service Remote Code Execution Vulnerability | July 8, 2025 |
Known Exploited Microsoft Windows Vulnerabilities
The following Microsoft Windows vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Windows Scripting Engine Type Confusion Vulnerability |
Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL. CVE-2025-30397 Exploit Probability: 16.4% |
May 13, 2025 |
| Microsoft Windows DWM Core Library Use-After-Free Vulnerability |
Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. CVE-2025-30400 Exploit Probability: 3.7% |
May 13, 2025 |
| Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability |
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. CVE-2025-32701 Exploit Probability: 4.2% |
May 13, 2025 |
| Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability |
Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator. CVE-2025-32709 Exploit Probability: 4.2% |
May 13, 2025 |
| Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability |
Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally. CVE-2025-32706 Exploit Probability: 12.1% |
May 13, 2025 |
| Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability |
Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network. CVE-2025-24054 Exploit Probability: 29.4% |
April 17, 2025 |
| Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability |
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. CVE-2025-29824 Exploit Probability: 2.7% |
April 8, 2025 |
| Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability |
Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code with a physical attack. CVE-2025-24985 Exploit Probability: 1.2% |
March 11, 2025 |
| Microsoft Windows Win32k Use-After-Free Vulnerability |
Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. CVE-2025-24983 Exploit Probability: 1.5% |
March 11, 2025 |
| Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability |
Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to execute code over a network. CVE-2025-26633 Exploit Probability: 6.3% |
March 11, 2025 |
| Microsoft Windows NTFS Information Disclosure Vulnerability |
Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an authorized attacker to disclose information locally. An attacker who successfully exploited this vulnerability could potentially read portions of heap memory. CVE-2025-24984 Exploit Probability: 18.7% |
March 11, 2025 |
| Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability |
Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that could allow an authorized attacker to execute code locally. CVE-2025-24993 Exploit Probability: 5.5% |
March 11, 2025 |
| Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability |
Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that could allow for information disclosure. CVE-2025-24991 Exploit Probability: 3.1% |
March 11, 2025 |
| Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability |
Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. CVE-2018-8639 Exploit Probability: 20.4% |
March 3, 2025 |
| Microsoft Windows Storage Link Following Vulnerability |
Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable. CVE-2025-21391 Exploit Probability: 4.2% |
February 11, 2025 |
| Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability |
Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. CVE-2025-21418 Exploit Probability: 12.2% |
February 11, 2025 |
| Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability |
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges. CVE-2025-21333 Exploit Probability: 56.7% |
January 14, 2025 |
| Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability |
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges. CVE-2025-21335 Exploit Probability: 6.1% |
January 14, 2025 |
| Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability |
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges. CVE-2025-21334 Exploit Probability: 4.6% |
January 14, 2025 |
| Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability |
Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges. CVE-2024-35250 Exploit Probability: 55.0% |
December 16, 2024 |
5 known exploited Microsoft Windows vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Microsoft Windows Vulnerabilities
Based on the current exploit probability, these Microsoft Windows vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2021-1675 | 94.3% | Microsoft Windows Print Spooler Remote Code Execution Vulnerability |
| 2 | CVE-2018-8174 | 94.3% | Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability |
| 3 | CVE-2021-34527 | 94.3% | "PrintNightmare" - Microsoft Windows Print Spooler Remote Code Execution Vulnerability |
| 4 | CVE-2014-6332 | 94.1% | Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerabil |
| 5 | CVE-2017-0146 | 93.8% | Microsoft Windows SMB Remote Code Execution Vulnerability |
| 6 | CVE-2024-21412 | 93.8% | Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability |
| 7 | CVE-2021-36942 | 93.6% | Microsoft Windows Local Security Authority (LSA) Spoofing |
| 8 | CVE-2020-1350 | 93.6% | "SigRed" - Microsoft Windows Domain Name System (DNS) Server Remote Code Execution Vulnerability |
| 9 | CVE-2022-30190 | 93.6% | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability |
| 10 | CVE-2017-8464 | 93.5% | Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability |
EOL Dates
Ensure that you are using a supported version of Microsoft Windows. Here are some end of life, and end of support dates for Microsoft Windows.
| Release | EOL | End of Support | Status |
|---|---|---|---|
| 11-24h2-iot-lts | October 10, 2034 | October 9, 2029 |
Active
Microsoft Windows 11-24h2-iot-lts will become EOL in 9 years (in 2034). |
| 11-24h2-e-lts | October 9, 2029 | October 9, 2029 |
Active
Microsoft Windows 11-24h2-e-lts will become EOL in 4 years (in 2029). |
| 11-24h2-e | October 12, 2027 | October 12, 2027 |
Active
Microsoft Windows 11-24h2-e will become EOL in two years (in 2027). |
| 11-24h2-w | October 13, 2026 | October 13, 2026 |
Active
Microsoft Windows 11-24h2-w will become EOL next year, in October 2026. |
| 11-23h2-e | November 10, 2026 | November 10, 2026 |
Active
Microsoft Windows 11-23h2-e will become EOL next year, in November 2026. |
| 11-23h2-w | November 11, 2025 | November 11, 2025 |
EOL This Year
Microsoft Windows 11-23h2-w will become EOL this year, in November 2025. |
| 10-22h2 | October 14, 2025 | October 14, 2025 |
EOL This Year
Microsoft Windows 10-22h2 will become EOL this year, in October 2025. |
| 11-22h2-e | October 14, 2025 | October 14, 2025 |
EOL This Year
Microsoft Windows 11-22h2-e will become EOL this year, in October 2025. |
| 11-22h2-w | October 8, 2024 | October 8, 2024 |
EOL
Microsoft Windows 11-22h2-w became EOL in 2024 and supported ended in 2024 |
| 10-21h2-iot-lts | January 13, 2032 | January 12, 2027 |
Active
Microsoft Windows 10-21h2-iot-lts will become EOL in 7 years (in 2032). |
| 10-21h2-e-lts | January 12, 2027 | January 12, 2027 |
Active
Microsoft Windows 10-21h2-e-lts will become EOL in two years (in 2027). |
| 10-21h2-e | June 11, 2024 | June 11, 2024 |
EOL
Microsoft Windows 10-21h2-e became EOL in 2024 and supported ended in 2024 |
| 10-21h2-w | June 13, 2023 | June 13, 2023 |
EOL
Microsoft Windows 10-21h2-w became EOL in 2023 and supported ended in 2023 |
| 11-21h2-e | October 8, 2024 | October 8, 2024 |
EOL
Microsoft Windows 11-21h2-e became EOL in 2024 and supported ended in 2024 |
| 11-21h2-w | October 10, 2023 | October 10, 2023 |
EOL
Microsoft Windows 11-21h2-w became EOL in 2023 and supported ended in 2023 |
| 10-21h1 | December 13, 2022 | December 13, 2022 |
EOL
Microsoft Windows 10-21h1 became EOL in 2022 and supported ended in 2022 |
| 10-20h2-e | May 9, 2023 | May 9, 2023 |
EOL
Microsoft Windows 10-20h2-e became EOL in 2023 and supported ended in 2023 |
| 10-20h2-w | May 10, 2022 | May 10, 2022 |
EOL
Microsoft Windows 10-20h2-w became EOL in 2022 and supported ended in 2022 |
| 10-2004 | December 14, 2021 | December 14, 2021 |
EOL
Microsoft Windows 10-2004 became EOL in 2021 and supported ended in 2021 |
| 10-1909-e | May 10, 2022 | May 10, 2022 |
EOL
Microsoft Windows 10-1909-e became EOL in 2022 and supported ended in 2022 |
By the Year
In 2025 there have been 0 vulnerabilities in Microsoft Windows. Last year, in 2024 Windows had 6 security vulnerabilities published. Right now, Windows is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 6 | 6.62 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 8.30 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 2 | 7.80 |
It may take a day or so for new Windows vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows Security Vulnerabilities
Windows Credential Manager NTLM Hash Leak Vulnerability
CVE-2024-45204
4.3 - Medium
- December 04, 2024
A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities.
WLAN Driver Remote Denial of Service Vulnerability
CVE-2024-20137
- December 02, 2024
In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727.
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-49046
7.8 - High
- November 12, 2024
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2024-49039
8.8 - High
- November 12, 2024
Windows Task Scheduler Elevation of Privilege Vulnerability
authentification
Clipboard Module Permission Bypass in Windows
CVE-2024-51525
5.5 - Medium
- November 05, 2024
Permission control vulnerability in the clipboard module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Memory Corruption Vulnerability in Windows Kernel Driver for Remote Heap Mapping
CVE-2024-33029
6.7 - Medium
- November 04, 2024
Memory corruption while handling the PDR in driver for getting the remote heap maps.
Dangling pointer
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations
CVE-2021-36958
7.8 - High
- August 12, 2021
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations
CVE-2021-34481
8.8 - High
- July 16, 2021
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p><strong>UPDATE</strong> August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see <a href="https://support.microsoft.com/help/5005652">KB5005652</a>.</p>
Improper Privilege Management
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows
CVE-2018-0598
7.8 - High
- June 26, 2018
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Untrusted Path
Untrusted search path vulnerability in the installer of Visual C++ Redistributable
CVE-2018-0599
7.8 - High
- June 26, 2018
Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Untrusted Path
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows
CVE-2015-4716
- October 21, 2015
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.
Directory traversal
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code
CVE-2011-3389
- September 06, 2011
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Inadequate Encryption Strength
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
CVE-2008-4037
- November 12, 2008
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
authentification
ICMP information such as (1) netmask and (2) timestamp is
CVE-1999-0524
- August 01, 1997
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sgi Irix or by Microsoft? Click the Watch button to subscribe.
