📦 Windows 11
by Microsoft
🔍 What is Windows 11?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This critical vulnerability in Windows LDAP allows remote attackers to execute arbitrary code on affected systems without authentication. It affects Windows servers and workstations running vulnerable...
This is a critical remote code execution vulnerability in Windows LDAP services that allows unauthenticated attackers to execute arbitrary code on vulnerable systems. It affects Windows servers runnin...
CVE-2022-26809 is a critical Remote Procedure Call Runtime vulnerability in Windows that allows unauthenticated attackers to execute arbitrary code remotely. Attackers can exploit this vulnerability b...
This is a critical remote code execution vulnerability in Windows Network File System (NFS) that allows unauthenticated attackers to execute arbitrary code on vulnerable systems. It affects Windows se...
This is a critical remote code execution vulnerability in Windows Network File System (NFS) that allows unauthenticated attackers to execute arbitrary code on vulnerable systems. It affects Windows se...
This vulnerability allows an authenticated attacker on a guest virtual machine to execute arbitrary code with elevated privileges on the Hyper-V host. It affects Windows systems running Hyper-V virtua...
CVE-2022-21907 is a critical remote code execution vulnerability in the Windows HTTP Protocol Stack (http.sys) that allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges by...
This is a critical remote code execution vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions. Attackers can exploit this vulnerability by sending specially crafted packets to vuln...
CVE-2021-43215 is a critical memory corruption vulnerability in Microsoft's iSNS Server that allows remote attackers to execute arbitrary code on affected systems. This vulnerability affects Windows S...
CVE-2021-26443 is a remote code execution vulnerability in Microsoft's Virtual Machine Bus (VMBus) that allows an authenticated attacker to execute arbitrary code with SYSTEM privileges on a target Hy...
This vulnerability in Windows Advanced Local Procedure Call (ALPC) allows an authenticated attacker to execute code with SYSTEM privileges by exploiting improper object handling. It affects Windows sy...
This vulnerability allows attackers to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows servers and workstations where the Print Spooler serv...
CVE-2022-30209 is an elevation of privilege vulnerability in Windows IIS Server that allows authenticated attackers to execute arbitrary code with SYSTEM privileges. This affects organizations running...
CVE-2022-30220 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver. It allows authenticated attackers to gain SYSTEM-level privileges on affected Windows sys...
CVE-2022-30222 is a remote code execution vulnerability in Windows Shell that allows attackers to execute arbitrary code on affected systems. Attackers can exploit this vulnerability by tricking users...
This vulnerability allows an authenticated attacker to exploit a flaw in Windows Advanced Local Procedure Call (ALPC) to elevate privileges from a lower-privileged account to SYSTEM level. It affects ...
This vulnerability allows attackers to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows servers and workstations where the Print Spooler serv...
This vulnerability in the Windows Fast FAT File System Driver allows an authenticated attacker to execute arbitrary code with SYSTEM privileges. It affects Windows systems with the vulnerable driver c...
This vulnerability allows an authenticated attacker to execute arbitrary code with SYSTEM privileges on affected Windows systems by exploiting a flaw in the Client Server Run-time Subsystem (CSRSS). I...
CVE-2022-22024 is a remote code execution vulnerability in the Windows Fax Service that allows an attacker to execute arbitrary code with SYSTEM privileges on affected systems. This affects Windows se...
CVE-2022-22026 is a privilege escalation vulnerability in Windows Client Server Run-time Subsystem (CSRSS) that allows authenticated attackers to gain SYSTEM-level privileges on affected systems. This...
CVE-2022-22034 is an elevation of privilege vulnerability in the Windows Graphics Component that allows an authenticated attacker to execute arbitrary code with SYSTEM privileges. This affects Windows...
This vulnerability allows an authenticated attacker to exploit a flaw in Windows Advanced Local Procedure Call (ALPC) to elevate privileges from a lower-privileged account to SYSTEM level. It affects ...
CVE-2022-22022 is an elevation of privilege vulnerability in the Windows Print Spooler service that allows authenticated attackers to execute code with SYSTEM privileges. This affects Windows systems ...
This vulnerability in the Windows Ancillary Function Driver for WinSock allows an authenticated attacker to execute arbitrary code with SYSTEM privileges. It affects Windows systems where an attacker ...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running vulnerable LDAP implementations. It affects Windows servers and clients with LDAP services enabled, pote...
This vulnerability allows an authenticated attacker to exploit the Windows Advanced Local Procedure Call (ALPC) mechanism to elevate privileges from a lower-privileged account to SYSTEM level. It affe...
This vulnerability allows an authenticated attacker on a guest virtual machine to execute arbitrary code on the Hyper-V host. It affects Windows systems running Hyper-V with virtual machines that have...
This vulnerability allows attackers to escalate privileges on Windows systems by exploiting a flaw in Kerberos authentication. Attackers can gain SYSTEM-level access by manipulating redirected logon b...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running vulnerable LDAP implementations. Attackers can exploit this by sending specially crafted requests to LDA...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services. Attackers can exploit this without authentication by sending specially crafted requests t...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services. Attackers can exploit this by sending specially crafted requests to vulnerable LDAP serve...
This vulnerability allows remote code execution on Windows systems running LDAP services. Attackers can exploit it by sending specially crafted requests to a vulnerable LDAP server, potentially gainin...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services. Attackers can exploit this by sending specially crafted requests to vulnerable LDAP serve...
CVE-2022-32230 is a denial-of-service vulnerability in Microsoft Windows SMBv3 where a malformed FileNormalizedNameInformation request causes a null pointer dereference, leading to a Blue Screen of De...
This vulnerability allows an authenticated attacker to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows servers and workstations where the Pr...
This vulnerability allows an attacker to elevate privileges on Windows systems by exploiting a flaw in Windows Push Notifications Apps. Attackers could gain SYSTEM-level access by running specially cr...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services by sending specially crafted requests. It affects Windows servers with LDAP enabled, poten...
This vulnerability allows attackers to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows servers and workstations where the Print Spooler serv...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services. Attackers can exploit this without authentication by sending specially crafted requests t...
This vulnerability allows an authenticated attacker to execute arbitrary code with SYSTEM privileges on Windows systems. It affects Windows Remote Access Connection Manager service, enabling local pri...
This vulnerability in Microsoft Windows Media Foundation allows remote attackers to execute arbitrary code on affected systems by tricking users into opening specially crafted media files. It affects ...
This vulnerability allows an authenticated attacker to execute code with SYSTEM privileges on Windows systems. It affects Windows Digital Media Receiver functionality, primarily impacting Windows 10 a...
CVE-2022-29115 is a remote code execution vulnerability in the Windows Fax Service that allows authenticated attackers to execute arbitrary code with SYSTEM privileges on affected systems. This affect...
CVE-2022-26913 is a Windows authentication information disclosure vulnerability that allows an attacker to obtain sensitive authentication information from a targeted system. This affects Windows syst...
This is a remote code execution vulnerability in the Windows Graphics Component that allows an attacker to execute arbitrary code on affected systems. It affects Windows operating systems and can be e...
CVE-2022-26931 is a Windows Kerberos elevation of privilege vulnerability that allows authenticated attackers to gain domain administrator privileges by exploiting improper validation of Kerberos tick...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems by sending specially crafted packets to the Point-to-Point Tunneling Protocol (PPTP) service. It affects Windows...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services. Attackers can exploit this without authentication to gain SYSTEM privileges on affected s...
CVE-2022-22016 is an elevation of privilege vulnerability in Windows PlayToManager that allows authenticated attackers to gain SYSTEM-level privileges on affected systems. This affects Windows clients...