📦 Windows 7
by Microsoft
🔍 What is Windows 7?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2022-35744 is a critical remote code execution vulnerability in Windows Point-to-Point Protocol (PPP) that allows unauthenticated attackers to execute arbitrary code on affected systems. This affe...
This critical vulnerability in Windows LDAP allows remote attackers to execute arbitrary code on affected systems without authentication. It affects Windows servers and workstations running vulnerable...
This is a critical remote code execution vulnerability in Windows LDAP services that allows unauthenticated attackers to execute arbitrary code on vulnerable systems. It affects Windows servers runnin...
CVE-2022-26809 is a critical Remote Procedure Call Runtime vulnerability in Windows that allows unauthenticated attackers to execute arbitrary code remotely. Attackers can exploit this vulnerability b...
CVE-2021-43215 is a critical memory corruption vulnerability in Microsoft's iSNS Server that allows remote attackers to execute arbitrary code on affected systems. This vulnerability affects Windows S...
This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by sending specially crafted TCP/IP packets. It affects Windows operating systems with vulnerable TCP/I...
This vulnerability allows attackers to bypass Kerberos AppContainer security features in Windows, potentially enabling unauthorized access to enterprise authentication capabilities. It affects Windows...
CVE-2021-28476 is a critical remote code execution vulnerability in Windows Hyper-V's vmswitch.sys driver. It allows attackers to execute arbitrary code with SYSTEM privileges on Hyper-V host systems ...
This is a critical remote code execution vulnerability in the Windows TCP/IP stack that allows an unauthenticated attacker to execute arbitrary code with SYSTEM privileges by sending specially crafted...
This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by sending specially crafted TCP/IP packets. It affects Windows operating systems with TCP/IP networkin...
CVE-2021-24077 is a critical remote code execution vulnerability in the Windows Fax Service that allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges on affected systems. ...
CVE-2020-1467 is a critical Windows privilege escalation vulnerability that allows authenticated attackers to overwrite system files by exploiting improper hard link handling. This enables attackers t...
A memory corruption vulnerability in Windows Server DHCP service allows remote unauthenticated attackers to send specially crafted packets that could crash the DHCP server service. This affects Window...
CVE-2019-1181 is a critical pre-authentication remote code execution vulnerability in Microsoft Remote Desktop Services (formerly Terminal Services). An unauthenticated attacker can exploit it by send...
This is a critical memory corruption vulnerability in Windows DHCP client that allows remote code execution. An attacker can exploit it by sending specially crafted DHCP responses to vulnerable Window...
This vulnerability allows remote code execution through the Microsoft Windows Support Diagnostic Tool (MSDT) when processing specially crafted files. Attackers can exploit this by tricking users into ...
CVE-2022-35750 is a Win32k elevation of privilege vulnerability in Windows that allows an authenticated attacker to gain SYSTEM-level privileges on a compromised system. This affects Windows operating...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a flaw in the Secure Socket Tunneling Protocol (SSTP) service. Attackers could gain SYSTEM-level p...
This vulnerability in Windows Advanced Local Procedure Call (ALPC) allows an authenticated attacker to execute code with SYSTEM privileges by exploiting improper object handling. It affects Windows sy...
This vulnerability allows attackers to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows servers and workstations where the Print Spooler serv...
CVE-2022-30209 is an elevation of privilege vulnerability in Windows IIS Server that allows authenticated attackers to execute arbitrary code with SYSTEM privileges. This affects organizations running...
CVE-2022-30220 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver. It allows authenticated attackers to gain SYSTEM-level privileges on affected Windows sys...
This vulnerability allows an authenticated attacker to exploit a flaw in Windows Advanced Local Procedure Call (ALPC) to elevate privileges from a lower-privileged account to SYSTEM level. It affects ...
This vulnerability allows attackers to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows servers and workstations where the Print Spooler serv...
This vulnerability in the Windows Fast FAT File System Driver allows an authenticated attacker to execute arbitrary code with SYSTEM privileges. It affects Windows systems with the vulnerable driver c...
This vulnerability allows an attacker to gain SYSTEM-level privileges on Windows systems by exploiting a flaw in the Client Server Runtime Subsystem (CSRSS). It affects Windows 10, 11, and Server 2019...
This vulnerability allows an authenticated attacker to execute arbitrary code with SYSTEM privileges on affected Windows systems by exploiting a flaw in the Client Server Run-time Subsystem (CSRSS). I...
CVE-2022-22024 is a remote code execution vulnerability in the Windows Fax Service that allows an attacker to execute arbitrary code with SYSTEM privileges on affected systems. This affects Windows se...
CVE-2022-22026 is a privilege escalation vulnerability in Windows Client Server Run-time Subsystem (CSRSS) that allows authenticated attackers to gain SYSTEM-level privileges on affected systems. This...
CVE-2022-22034 is an elevation of privilege vulnerability in the Windows Graphics Component that allows an authenticated attacker to execute arbitrary code with SYSTEM privileges. This affects Windows...
This vulnerability allows an authenticated attacker to exploit a flaw in Windows Advanced Local Procedure Call (ALPC) to elevate privileges from a lower-privileged account to SYSTEM level. It affects ...
CVE-2022-22022 is an elevation of privilege vulnerability in the Windows Print Spooler service that allows authenticated attackers to execute code with SYSTEM privileges. This affects Windows systems ...
This vulnerability in the Windows Ancillary Function Driver for WinSock allows an authenticated attacker to execute arbitrary code with SYSTEM privileges. It affects Windows systems where an attacker ...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running vulnerable LDAP implementations. It affects Windows servers and clients with LDAP services enabled, pote...
This vulnerability allows an authenticated attacker to exploit the Windows Advanced Local Procedure Call (ALPC) mechanism to elevate privileges from a lower-privileged account to SYSTEM level. It affe...
This vulnerability allows an authenticated attacker on a guest virtual machine to execute arbitrary code on the Hyper-V host. It affects Windows systems running Hyper-V with virtual machines that have...
CVE-2022-30135 is an elevation of privilege vulnerability in Windows Media Center that allows authenticated attackers to execute arbitrary code with SYSTEM privileges. This affects Windows systems wit...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services. Attackers can exploit this without authentication by sending specially crafted requests t...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services. Attackers can exploit this by sending specially crafted requests to vulnerable LDAP serve...
This vulnerability allows remote code execution on Windows systems running LDAP services. Attackers can exploit it by sending specially crafted requests to a vulnerable LDAP server, potentially gainin...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services. Attackers can exploit this by sending specially crafted requests to vulnerable LDAP serve...
This vulnerability allows remote code execution when Microsoft Support Diagnostic Tool (MSDT) is invoked via URL protocol from applications like Microsoft Word. Attackers can execute arbitrary code wi...
This vulnerability allows an authenticated attacker to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows servers and workstations where the Pr...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services by sending specially crafted requests. It affects Windows servers with LDAP enabled, poten...
This vulnerability allows attackers to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows servers and workstations where the Print Spooler serv...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services. Attackers can exploit this without authentication by sending specially crafted requests t...
This vulnerability allows an authenticated attacker to execute arbitrary code with SYSTEM privileges on Windows systems. It affects Windows Remote Access Connection Manager service, enabling local pri...
This vulnerability in Microsoft Windows Media Foundation allows remote attackers to execute arbitrary code on affected systems by tricking users into opening specially crafted media files. It affects ...
CVE-2022-29115 is a remote code execution vulnerability in the Windows Fax Service that allows authenticated attackers to execute arbitrary code with SYSTEM privileges on affected systems. This affect...
CVE-2022-26925 is a Windows Local Security Authority (LSA) spoofing vulnerability that allows an authenticated attacker to impersonate any user on a domain controller, potentially gaining elevated pri...
CVE-2022-26931 is a Windows Kerberos elevation of privilege vulnerability that allows authenticated attackers to gain domain administrator privileges by exploiting improper validation of Kerberos tick...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems by sending specially crafted packets to the Point-to-Point Tunneling Protocol (PPTP) service. It affects Windows...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services. Attackers can exploit this without authentication to gain SYSTEM privileges on affected s...
CVE-2022-22019 is a critical Remote Code Execution vulnerability in the Windows Remote Procedure Call (RPC) runtime that allows an unauthenticated attacker to execute arbitrary code on vulnerable syst...
CVE-2022-26916 is a remote code execution vulnerability in Windows Fax Compose Form that allows attackers to execute arbitrary code on affected systems. This affects Windows systems with the fax servi...
This Windows vulnerability allows attackers to bypass digital signature validation, enabling them to load malicious files that appear legitimate. It affects Windows systems where file signature checki...
CVE-2020-16897 is an information disclosure vulnerability in Windows NetBIOS over TCP (NetBT) that allows attackers to read sensitive memory contents. Attackers could use leaked information to facilit...
This is a Windows privilege escalation vulnerability in the Universal Plug and Play (UPnP) service. An attacker with local access can exploit it to execute arbitrary code with SYSTEM privileges, poten...
CVE-2020-1250 is a Windows kernel information disclosure vulnerability in the win32k component. An attacker with local access can run a specially crafted application to leak kernel memory information,...
CVE-2020-1038 is a denial of service vulnerability in Windows Routing Utilities where improper memory handling allows an authenticated attacker to crash the system. It affects Windows systems with vul...
This Windows GDI vulnerability allows attackers to read sensitive memory contents, potentially exposing credentials or system information. It affects Windows users who open malicious documents or visi...
CVE-2020-1379 is a memory corruption vulnerability in Windows Media Foundation that allows attackers to execute arbitrary code with user privileges. It affects Windows systems and can be exploited thr...
CVE-2019-1125 is a Spectre Variant 1 speculative execution side-channel vulnerability in AMD, ARM, and Intel CPUs that allows attackers to read privileged memory across trust boundaries. It affects sy...
This Windows kernel vulnerability allows authenticated attackers to read kernel memory contents, potentially exposing sensitive information like passwords or encryption keys. It affects Windows system...
This is a denial of service vulnerability in Microsoft's XmlLite runtime library that improperly parses XML input. An attacker can crash XML applications by sending specially crafted XML requests. Any...
This CVE-2019-1153 is an information disclosure vulnerability in Microsoft Windows Graphics Component that allows an attacker to read memory contents they shouldn't access. It affects Windows systems ...
This Windows GDI vulnerability allows attackers to read sensitive memory contents, potentially exposing system information that could enable further attacks. It affects Windows users who open maliciou...
CVE-2019-1148 is an information disclosure vulnerability in Microsoft Windows Graphics Component that allows authenticated attackers to read memory contents they shouldn't access. This affects Windows...
This vulnerability allows a privileged attacker on a Hyper-V guest virtual machine to crash the host server by sending specially crafted network packets. It affects Microsoft Hyper-V hosts running Win...