Windows 11 24h2

windows_11_24h2

Vendor: Microsoft • 1,244 CVEs

CVEs (1,244)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-45585 1Microsoft 4Windows 11 24h2 Windows 11 25h2Windows 11 26h1+1 more May 22, 2026 May 20, 2026 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability...Show more Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel. What impact to service availability/management could be caused by implementing the mitigations? Implementing these mitigations will not impact service availability or management operations. Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available? No. The security update will maintain the mitigation's behavior once the security update is installed. I am using TPM+PIN, am I at risk of this vulnerability being exploited No, if you are using TPM+PIN the vulnerability is not exploitable.Show less
CVE-2026-42896 1Microsoft 4Windows 11 24h2 Windows 11 25h2Windows 11 26h1+1 more May 14, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42825 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-41097 1Microsoft 11Windows 10 1809 Windows 10 21h2Windows 10 22h2+8 more May 15, 2026 May 12, 2026 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-41096 1Microsoft 6Windows 11 23h2 Windows 11 24h2Windows 11 25h2+3 more May 15, 2026 May 12, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
CVE-2026-41088 1Microsoft 9Windows 10 21h2 Windows 10 22h2Windows 11 23h2+6 more Jun 1, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-40415 1Microsoft 11Windows 10 1809 Windows 10 21h2Windows 10 22h2+8 more May 15, 2026 May 12, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2026-40414 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Jun 1, 2026 May 12, 2026 N/A· v4 7.4 HIGH· v3 N/A· v2 Windows TCP/IP Denial of Service Vulnerability
CVE-2026-40413 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Jun 1, 2026 May 12, 2026 N/A· v4 7.4 HIGH· v3 N/A· v2 Windows TCP/IP Denial of Service Vulnerability
CVE-2026-40410 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 15, 2026 May 12, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
CVE-2026-40408 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 15, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-40407 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 15, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40406 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 15, 2026 May 12, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
CVE-2026-40405 1Microsoft 4Windows 11 24h2 Windows 11 25h2Windows 11 26h1+1 more May 15, 2026 May 12, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
CVE-2026-40403 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 15, 2026 May 12, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-40401 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Jun 1, 2026 May 12, 2026 N/A· v4 7.1 HIGH· v3 N/A· v2 Windows TCP/IP Denial of Service Vulnerability
CVE-2026-40399 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Jun 1, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-40398 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 15, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-40397 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Jun 1, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40382 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 15, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

12 3 4 5...63 Next