Windows Microsoft Windows

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows.

Recent Microsoft Windows Security Advisories

Advisory Title Published
CVE-2025-21245 CVE-2025-21245 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21409 CVE-2025-21409 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21238 CVE-2025-21238 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21240 CVE-2025-21240 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21223 CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21417 CVE-2025-21417 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21250 CVE-2025-21250 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21246 CVE-2025-21246 Windows Telephony Service Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21311 CVE-2025-21311 Windows NTLM V1 Elevation of Privilege Vulnerability January 14, 2025
CVE-2025-21333 CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability January 14, 2025

Known Exploited Microsoft Windows Vulnerabilities

The following Microsoft Windows vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
CVE-2025-21335 Exploit Probability: 0.1%
January 14, 2025
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
CVE-2025-21334 Exploit Probability: 0.1%
January 14, 2025
Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges.
CVE-2025-21333 Exploit Probability: 0.1%
January 14, 2025
Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.
CVE-2024-35250 Exploit Probability: 0.1%
December 16, 2024
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
CVE-2024-49138 Exploit Probability: 0.1%
December 10, 2024
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user.
CVE-2024-43451 Exploit Probability: 0.9%
November 12, 2024
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions.
CVE-2024-49039 Exploit Probability: 0.7%
November 12, 2024
Microsoft Windows MSHTML Platform Spoofing Vulnerability Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality.
CVE-2024-43573 Exploit Probability: 1.1%
October 8, 2024
Microsoft Windows Management Console Remote Code Execution Vulnerability Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution.
CVE-2024-43572 Exploit Probability: 0.1%
October 8, 2024
Microsoft Windows MSHTML Platform Spoofing Vulnerability Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.
CVE-2024-43461 Exploit Probability: 2.5%
September 16, 2024
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.
CVE-2024-38217 Exploit Probability: 0.6%
September 10, 2024
Microsoft Windows Installer Privilege Escalation Vulnerability Microsoft Windows Installer contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
CVE-2024-38014 Exploit Probability: 0.8%
September 10, 2024
Microsoft Windows Update Remote Code Execution Vulnerability Microsoft Windows Update contains an unspecified vulnerability that allows for remote code execution.
CVE-2024-43491 Exploit Probability: 0.1%
September 10, 2024
Microsoft Windows Kernel Privilege Escalation Vulnerability Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition.
CVE-2024-38106 Exploit Probability: 0.0%
August 13, 2024
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.
CVE-2024-38107 Exploit Probability: 0.0%
August 13, 2024
Microsoft Windows Scripting Engine Memory Corruption Vulnerability Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.
CVE-2024-38178 Exploit Probability: 1.4%
August 13, 2024
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file.
CVE-2024-38213 Exploit Probability: 0.3%
August 13, 2024
Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
CVE-2024-38193 Exploit Probability: 0.0%
August 13, 2024
Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script.
CVE-2018-0824 Exploit Probability: 97.0%
August 5, 2024
Microsoft Windows MSHTML Platform Spoofing Vulnerability Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.
CVE-2024-38112 Exploit Probability: 0.5%
July 9, 2024

The vulnerability CVE-2018-0824: Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.

Top 10 Riskiest Microsoft Windows Vulnerabilities

Based on the current exploit probability, these Microsoft Windows vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2015-2426 97.2% Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability
2 CVE-2017-0146 97.2% Microsoft Windows SMB Remote Code Execution Vulnerability
3 CVE-2017-8464 97.2% Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
4 CVE-2018-0824 97.0% Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability
5 CVE-2018-8174 96.7% Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
6 CVE-2018-8440 96.5% Microsoft Windows Privilege Escalation Vulnerability
7 CVE-2021-1675 96.5% Microsoft Windows Print Spooler Remote Code Execution Vulnerability
8 CVE-2014-4114 96.4% Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability
9 CVE-2021-34527 95.7% "PrintNightmare" - Microsoft Windows Print Spooler Remote Code Execution Vulnerability
10 CVE-2014-6352 95.7% Microsoft Windows Code Injection Vulnerability

By the Year

In 2025 there have been 0 vulnerabilities in Microsoft Windows. Last year, in 2024 Windows had 6 security vulnerabilities published. Right now, Windows is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 6 7.20
2023 0 0.00
2022 0 0.00
2021 2 8.30
2020 0 0.00
2019 0 0.00
2018 2 7.80

It may take a day or so for new Windows vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows Security Vulnerabilities

Windows Credential Manager NTLM Hash Leak Vulnerability

CVE-2024-45204 - December 04, 2024

A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities.

WLAN Driver Remote Denial of Service Vulnerability

CVE-2024-20137 - December 02, 2024

In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727.

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

CVE-2024-49046 7.8 - High - November 12, 2024

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Windows Task Scheduler Elevation of Privilege Vulnerability

CVE-2024-49039 8.8 - High - November 12, 2024

Windows Task Scheduler Elevation of Privilege Vulnerability

authentification

Clipboard Module Permission Bypass in Windows

CVE-2024-51525 5.5 - Medium - November 05, 2024

Permission control vulnerability in the clipboard module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Memory Corruption Vulnerability in Windows Kernel Driver for Remote Heap Mapping

CVE-2024-33029 6.7 - Medium - November 04, 2024

Memory corruption while handling the PDR in driver for getting the remote heap maps.

Dangling pointer

<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations

CVE-2021-36958 7.8 - High - August 12, 2021

<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>

<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations

CVE-2021-34481 8.8 - High - July 16, 2021

<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p><strong>UPDATE</strong> August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see <a href="https://support.microsoft.com/help/5005652">KB5005652</a>.</p>

Improper Privilege Management

Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows

CVE-2018-0598 7.8 - High - June 26, 2018

Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Untrusted Path

Untrusted search path vulnerability in the installer of Visual C++ Redistributable

CVE-2018-0599 7.8 - High - June 26, 2018

Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Untrusted Path

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code

CVE-2011-3389 - September 06, 2011

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Inadequate Encryption Strength

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008

CVE-2008-4037 - November 12, 2008

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.

authentification

ICMP information such as (1) netmask and (2) timestamp is

CVE-1999-0524 - August 01, 1997

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Information Disclosure

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Sgi Irix or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe