Windows 11 24h2
by Microsoft
CVEs (1,332)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54116 | 0.00 | — | 0.00 | Sep 9, 2025 | Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54115 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54114 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54112 | 0.00 | — | 0.00 | Sep 9, 2025 | Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54109 | 0.00 | — | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54108 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54107 | 0.00 | — | 0.01 | Sep 9, 2025 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | |||
| CVE-2025-54105 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54104 | 0.00 | — | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54103 | 0.00 | — | 0.00 | Sep 9, 2025 | Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally. | |||
| CVE-2025-54098 | 0.00 | — | 0.03 | Sep 9, 2025 | Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54094 | 0.00 | — | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54093 | 0.00 | — | 0.00 | Sep 9, 2025 | Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54092 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54091 | 0.00 | — | 0.00 | Sep 9, 2025 | Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53810 | 0.00 | — | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53809 | 0.00 | — | 0.01 | Sep 9, 2025 | Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network. | |||
| CVE-2025-53808 | 0.00 | — | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53807 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53805 | 0.00 | — | 0.01 | Sep 9, 2025 | Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network. |
- CVE-2025-54116Sep 9, 2025risk 0.00cvss —epss 0.00
Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally.
- CVE-2025-54115Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- CVE-2025-54114Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-54112Sep 9, 2025risk 0.00cvss —epss 0.00
Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.
- CVE-2025-54109Sep 9, 2025risk 0.00cvss —epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-54108Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
- CVE-2025-54107Sep 9, 2025risk 0.00cvss —epss 0.01
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
- CVE-2025-54105Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
- CVE-2025-54104Sep 9, 2025risk 0.00cvss —epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-54103Sep 9, 2025risk 0.00cvss —epss 0.00
Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally.
- CVE-2025-54098Sep 9, 2025risk 0.00cvss —epss 0.03
Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- CVE-2025-54094Sep 9, 2025risk 0.00cvss —epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-54093Sep 9, 2025risk 0.00cvss —epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- CVE-2025-54092Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- CVE-2025-54091Sep 9, 2025risk 0.00cvss —epss 0.00
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- CVE-2025-53810Sep 9, 2025risk 0.00cvss —epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-53809Sep 9, 2025risk 0.00cvss —epss 0.01
Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.
- CVE-2025-53808Sep 9, 2025risk 0.00cvss —epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-53807Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- CVE-2025-53805Sep 9, 2025risk 0.00cvss —epss 0.01
Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network.
Page 37 of 67