Windows 10 1607
by Microsoft
CVEs (3,413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-17097 | Low | 0.22 | 3.3 | 0.01 | Dec 10, 2020 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | ||
| CVE-2025-21333 | 0.21 | — | 0.10 | KEV | Jan 14, 2025 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | ||
| CVE-2024-38193 | 0.21 | — | 0.28 | KEV | Aug 13, 2024 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||
| CVE-2024-26169 | 0.21 | — | 0.04 | KEV | Mar 12, 2024 | Windows Error Reporting Service Elevation of Privilege Vulnerability | ||
| CVE-2023-21759 | Low | 0.21 | 3.3 | 0.01 | Jan 10, 2023 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | ||
| CVE-2022-38022 | Low | 0.21 | 3.3 | 0.01 | Oct 11, 2022 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2018-8482 | Low | 0.21 | 3.1 | 0.05 | Oct 10, 2018 | An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server… | ||
| CVE-2025-33073 | 0.19 | — | 0.65 | KEV | Jun 10, 2025 | Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-33053 | 0.19 | — | 0.82 | KEV | Jun 10, 2025 | External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. | ||
| CVE-2024-43451 | 0.19 | — | 0.82 | KEV | Nov 12, 2024 | NTLM Hash Disclosure Spoofing Vulnerability | ||
| CVE-2024-38112 | 0.19 | — | 0.84 | KEV | Jul 9, 2024 | Windows MSHTML Platform Spoofing Vulnerability | ||
| CVE-2024-35250 | 0.19 | — | 0.25 | KEV | Jun 11, 2024 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||
| CVE-2025-29824 | 0.18 | — | 0.18 | KEV | Apr 8, 2025 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-30397 | 0.17 | — | 0.22 | KEV | May 13, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. | ||
| CVE-2024-38213 | 0.17 | — | 0.13 | KEV | Aug 13, 2024 | Windows Mark of the Web Security Feature Bypass Vulnerability | ||
| CVE-2024-29988 | 0.17 | — | 0.45 | KEV | Apr 9, 2024 | SmartScreen Prompt Security Feature Bypass Vulnerability | ||
| CVE-2025-24054 | 0.16 | — | 0.59 | KEV | Mar 11, 2025 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2024-43572 | 0.16 | — | 0.61 | KEV | Oct 8, 2024 | Microsoft Management Console Remote Code Execution Vulnerability | ||
| CVE-2025-62215 | 0.15 | — | 0.06 | KEV | Nov 11, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-21513 | 0.14 | — | 0.15 | KEV | Feb 10, 2026 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. |
- risk 0.22cvss 3.3epss 0.01
Windows Digital Media Receiver Elevation of Privilege Vulnerability
- risk 0.21cvss —epss 0.10
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
- risk 0.21cvss —epss 0.28
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- risk 0.21cvss —epss 0.04
Windows Error Reporting Service Elevation of Privilege Vulnerability
- risk 0.21cvss 3.3epss 0.01
Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability
- risk 0.21cvss 3.3epss 0.01
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.21cvss 3.1epss 0.05
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…
- risk 0.19cvss —epss 0.65
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
- risk 0.19cvss —epss 0.82
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
- risk 0.19cvss —epss 0.82
NTLM Hash Disclosure Spoofing Vulnerability
- risk 0.19cvss —epss 0.84
Windows MSHTML Platform Spoofing Vulnerability
- risk 0.19cvss —epss 0.25
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
- risk 0.18cvss —epss 0.18
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.17cvss —epss 0.22
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
- risk 0.17cvss —epss 0.13
Windows Mark of the Web Security Feature Bypass Vulnerability
- risk 0.17cvss —epss 0.45
SmartScreen Prompt Security Feature Bypass Vulnerability
- risk 0.16cvss —epss 0.59
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
- risk 0.16cvss —epss 0.61
Microsoft Management Console Remote Code Execution Vulnerability
- risk 0.15cvss —epss 0.06
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.14cvss —epss 0.15
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
Page 109 of 171