Windows 11 24h2

windows_11_24h2

Vendor: Microsoft • 1,244 CVEs

CVEs (1,244)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-21234 1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2026-21232 1Microsoft 5Windows 11 23h2 Windows 11 24h2Windows 11 25h2+2 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21231 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21222 1Microsoft 12Windows 10 1607 Windows 10 1809Windows 10 21h2+9 more Feb 11, 2026 Feb 10, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-20846 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
CVE-2026-21265 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Jan 14, 2026 Jan 13, 2026 N/A· v4 6.4 MEDIUM· v3 N/A· v2 Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure B...Show more Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes related to Windows boot manager or Secure Boot. The operating system’s certificate update protection mechanism relies on firmware components that might contain defects, which can cause certificate trust updates to fail or behave unpredictably. This leads to potential disruption of the Secure Boot trust chain and requires careful validation and deployment to restore intended security guarantees. Certificate Authority (CA) Location Purpose Expiration Date Microsoft Corporation KEK CA 2011 KEK Signs updates to the DB and DBX 06/24/2026 Microsoft Corporation UEFI CA 2011 DB Signs 3rd party boot loaders, Option ROMs, etc. 06/27/2026 Microsoft Windows Production PCA 2011 DB Signs the Windows Boot Manager 10/19/2026 For more information see this CVE and Windows Secure Boot certificate expiration and CA updates.Show less
CVE-2026-21221 1Microsoft 3Windows 11 24h2 Windows 11 25h2Windows Server 2025 Jan 16, 2026 Jan 13, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-20962 1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 more Jan 14, 2026 Jan 13, 2026 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.
CVE-2026-20941 1Microsoft 3Windows 11 24h2 Windows 11 25h2Windows Server 2025 Jan 16, 2026 Jan 13, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
CVE-2026-20939 1Microsoft 12Windows 10 1607 Windows 10 1809Windows 10 21h2+9 more Jan 16, 2026 Jan 13, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-20938 1Microsoft 3Windows 11 23h2 Windows 11 24h2Windows 11 25h2 Jan 16, 2026 Jan 13, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2026-20937 1Microsoft 12Windows 10 1607 Windows 10 1809Windows 10 21h2+9 more Jan 16, 2026 Jan 13, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-20936 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Jan 16, 2026 Jan 13, 2026 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.
CVE-2026-20935 1Microsoft 3Windows 11 23h2 Windows 11 24h2Windows 11 25h2 Jan 16, 2026 Jan 13, 2026 N/A· v4 6.2 MEDIUM· v3 N/A· v2 Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.
CVE-2026-20934 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Jan 16, 2026 Jan 13, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20932 1Microsoft 12Windows 10 1607 Windows 10 1809Windows 10 21h2+9 more Jan 16, 2026 Jan 13, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-20931 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 26, 2026 Jan 13, 2026 N/A· v4 8.0 HIGH· v3 N/A· v2 External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-20927 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Jan 16, 2026 Jan 13, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network.
CVE-2026-20926 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Jan 16, 2026 Jan 13, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20925 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Jan 16, 2026 Jan 13, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

Previous 1...121314...63 Next