Windows 10 1607
by Microsoft
CVEs (3,413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33827 | Hig | 0.53 | 8.1 | 0.01 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | ||
| CVE-2016-3237 | Hig | 0.53 | 7.5 | 0.17 | Aug 9, 2016 | Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle attackers to bypass authentication via vectors related to a… | ||
| CVE-2016-3203 | Hig | 0.53 | 7.8 | 0.33 | Jun 16, 2016 | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability." | ||
| CVE-2026-20931 | Hig | 0.52 | 8.0 | 0.01 | Jan 13, 2026 | External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2018-8209 | Hig | 0.52 | 8.0 | 0.03 | Jun 14, 2018 | An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10… | ||
| CVE-2016-3356 | Hig | 0.52 | 7.8 | 0.19 | Sep 14, 2016 | The Graphics Device Interface (GDI) in Microsoft Windows 10 1607 allows remote attackers to execute arbitrary code via a crafted document, aka "GDI Remote Code Execution Vulnerability." | ||
| CVE-2026-48583 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-48578 | Hig | 0.51 | 7.9 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-48576 | Hig | 0.51 | 7.9 | 0.01 | Jun 9, 2026 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-48575 | Hig | 0.51 | 7.9 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-48574 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-48573 | Hig | 0.51 | 7.9 | 0.01 | Jun 9, 2026 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-48570 | Hig | 0.51 | 7.9 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-48568 | Hig | 0.51 | 7.9 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-47656 | Hig | 0.51 | 7.9 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-45658 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2026-45656 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-45638 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45637 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45636 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. |
- risk 0.53cvss 8.1epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 7.5epss 0.17
Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle attackers to bypass authentication via vectors related to a…
- risk 0.53cvss 7.8epss 0.33
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability."
- risk 0.52cvss 8.0epss 0.01
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
- risk 0.52cvss 8.0epss 0.03
An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10…
- risk 0.52cvss 7.8epss 0.19
The Graphics Device Interface (GDI) in Microsoft Windows 10 1607 allows remote attackers to execute arbitrary code via a crafted document, aka "GDI Remote Code Execution Vulnerability."
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.9epss 0.00
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
- risk 0.51cvss 7.9epss 0.01
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
- risk 0.51cvss 7.9epss 0.00
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.9epss 0.01
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
- risk 0.51cvss 7.9epss 0.00
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
- risk 0.51cvss 7.9epss 0.00
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
- risk 0.51cvss 7.9epss 0.00
Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
- risk 0.51cvss 7.8epss 0.00
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.51cvss 7.8epss 0.00
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
Page 3 of 171