Windows Update Service
by Microsoft
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-36948 | 0.12 | — | 0.20 | KEV | Aug 12, 2021 | Windows Update Medic Service Elevation of Privilege Vulnerability | ||
| CVE-2024-38104 | 0.01 | — | 0.02 | Jul 9, 2024 | Windows Fax Service Remote Code Execution Vulnerability | |||
| CVE-2025-48815 | 0.00 | — | 0.00 | Jul 8, 2025 | Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-48799 | 0.00 | — | 0.01 | Jul 8, 2025 | Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-47976 | 0.00 | — | 0.00 | Jul 8, 2025 | Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-21374 | 0.00 | — | 0.01 | Jan 14, 2025 | Windows CSC Service Information Disclosure Vulnerability | |||
| CVE-2024-43530 | 0.00 | — | 0.00 | Nov 12, 2024 | Windows Update Stack Elevation of Privilege Vulnerability | |||
| CVE-2024-38202 | 0.00 | — | 0.02 | Aug 8, 2024 | Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security… | |||
| CVE-2024-35270 | 0.00 | — | 0.01 | Jul 9, 2024 | Windows iSCSI Service Denial of Service Vulnerability | |||
| CVE-2023-32056 | 0.00 | — | 0.01 | Jul 11, 2023 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | |||
| CVE-2023-35317 | 0.00 | — | 0.02 | Jul 11, 2023 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | |||
| CVE-2021-26866 | 0.00 | — | 0.01 | Mar 11, 2021 | Windows Update Service Elevation of Privilege Vulnerability | |||
| CVE-2020-17070 | 0.00 | — | 0.01 | Nov 11, 2020 | Windows Update Medic Service Elevation of Privilege Vulnerability |
- risk 0.12cvss —epss 0.20
Windows Update Medic Service Elevation of Privilege Vulnerability
- CVE-2024-38104Jul 9, 2024risk 0.01cvss —epss 0.02
Windows Fax Service Remote Code Execution Vulnerability
- CVE-2025-48815Jul 8, 2025risk 0.00cvss —epss 0.00
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-48799Jul 8, 2025risk 0.00cvss —epss 0.01
Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-47976Jul 8, 2025risk 0.00cvss —epss 0.00
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-21374Jan 14, 2025risk 0.00cvss —epss 0.01
Windows CSC Service Information Disclosure Vulnerability
- CVE-2024-43530Nov 12, 2024risk 0.00cvss —epss 0.00
Windows Update Stack Elevation of Privilege Vulnerability
- CVE-2024-38202Aug 8, 2024risk 0.00cvss —epss 0.02
Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security…
- CVE-2024-35270Jul 9, 2024risk 0.00cvss —epss 0.01
Windows iSCSI Service Denial of Service Vulnerability
- CVE-2023-32056Jul 11, 2023risk 0.00cvss —epss 0.01
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
- CVE-2023-35317Jul 11, 2023risk 0.00cvss —epss 0.02
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
- CVE-2021-26866Mar 11, 2021risk 0.00cvss —epss 0.01
Windows Update Service Elevation of Privilege Vulnerability
- CVE-2020-17070Nov 11, 2020risk 0.00cvss —epss 0.01
Windows Update Medic Service Elevation of Privilege Vulnerability