Windows 10 1607
by Microsoft
CVEs (3,413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-27917 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27908 | Hig | 0.46 | 7.0 | 0.02 | Apr 14, 2026 | Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26182 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26177 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26174 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26173 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26152 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26151 | Hig | 0.46 | 7.1 | 0.01 | Apr 14, 2026 | Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-24285 | Hig | 0.46 | 7.0 | 0.00 | Mar 10, 2026 | Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. | ||
| CVE-2020-17103 | Hig | 0.46 | 7.0 | 0.27 | Dec 10, 2020 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||
| CVE-2018-8399 | Hig | 0.46 | 7.0 | 0.01 | Aug 15, 2018 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8404. | ||
| CVE-2018-8170 | Hig | 0.46 | 7.0 | 0.01 | May 9, 2018 | An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka "Windows Image Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers. | ||
| CVE-2018-0809 | Hig | 0.46 | 7.0 | 0.01 | Feb 15, 2018 | The Windows kernel in Windows 10, versions 1703 and 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0742,… | ||
| CVE-2026-47648 | Hig | 0.45 | 7.0 | 0.00 | Jun 9, 2026 | Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42984 | Hig | 0.45 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34335 | Hig | 0.45 | 7.0 | 0.00 | Jun 9, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-50507 | Med | 0.44 | 6.8 | 0.05 | Jun 9, 2026 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2026-45608 | Med | 0.44 | 6.8 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally. | ||
| CVE-2026-41097 | Med | 0.44 | 6.7 | 0.01 | May 12, 2026 | Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-32170 | Med | 0.44 | 6.7 | 0.00 | May 12, 2026 | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. |
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.02
Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.1epss 0.01
Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.27
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.01
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8404.
- risk 0.46cvss 7.0epss 0.01
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka "Windows Image Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.
- risk 0.46cvss 7.0epss 0.01
The Windows kernel in Windows 10, versions 1703 and 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0742,…
- risk 0.45cvss 7.0epss 0.00
Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.
- risk 0.45cvss 7.0epss 0.00
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.45cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.8epss 0.05
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.44cvss 6.8epss 0.00
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
- risk 0.44cvss 6.7epss 0.01
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
- risk 0.44cvss 6.7epss 0.00
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
Page 12 of 171