Windows 11 24h2@* Security Vulnerabilities and Issues — Windows 11 24h2@* CVE List

Summary:As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this vulnerab...

6.7CVSS5.8AI score0.01383EPSS

CVE•added 2024/11/12 6:15 p.m.•494 views

CVE-2024-38203

Windows Package Library Manager Information Disclosure Vulnerability

6.2CVSS5.8AI score0.00199EPSS

CVE•added 2024/12/12 2:4 a.m.•470 views

CVE-2024-49138

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8CVSS7.5AI score0.84734EPSS

In wild

CVE•added 2024/09/10 5:15 p.m.•461 views

CVE-2024-38014

Windows Installer Elevation of Privilege Vulnerability

7.8CVSS8.7AI score0.0957EPSS

In wild

CVE•added 2024/10/08 6:15 p.m.•456 views

CVE-2024-43573

Windows MSHTML Platform Spoofing Vulnerability

8.1CVSS7.4AI score0.08507EPSS

In wild

CVE•added 2025/02/11 6:15 p.m.•452 views

CVE-2025-21391

Windows Storage Elevation of Privilege Vulnerability

7.1CVSS7.7AI score0.04388EPSS

In wild

CVE•added 2024/11/12 6:15 p.m.•398 views

CVE-2024-49039

Windows Task Scheduler Elevation of Privilege Vulnerability

8.8CVSS8.6AI score0.48168EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•390 views

CVE-2025-24071

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS7.3AI score0.6245EPSS

CVE•added 2025/05/13 5:15 p.m.•368 views

CVE-2025-29974

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.

5.7CVSS5.6AI score0.00158EPSS

CVE•added 2024/11/12 6:15 p.m.•353 views

CVE-2024-43451

NTLM Hash Disclosure Spoofing Vulnerability

6.5CVSS6.5AI score0.89638EPSS

In wild

CVE•added 2025/02/11 6:15 p.m.•352 views

CVE-2025-21337

Windows NTFS Elevation of Privilege Vulnerability

3.3CVSS6AI score0.00089EPSS

CVE•added 2024/10/08 6:15 p.m.•343 views

CVE-2024-43583

Winlogon Elevation of Privilege Vulnerability

7.8CVSS8.4AI score0.08214EPSS

Web

CVE•added 2025/02/11 6:15 p.m.•342 views

CVE-2025-21420

Windows Disk Cleanup Tool Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.28657EPSS

CVE•added 2024/10/08 6:15 p.m.•337 views

CVE-2024-30092

Windows Hyper-V Remote Code Execution Vulnerability

8CVSS8.3AI score0.00441EPSS

CVE•added 2025/06/10 5:22 p.m.•334 views

CVE-2025-33053

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

8.8CVSS8.8AI score0.1907EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•328 views

CVE-2025-26633

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

7CVSS6.8AI score0.06953EPSS

In wild

CVE•added 2024/12/12 2:4 a.m.•326 views

CVE-2024-49112

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

9.8CVSS9.7AI score0.87025EPSS

CVE•added 2024/09/10 5:15 p.m.•325 views

CVE-2024-43461

Windows MSHTML Platform Spoofing Vulnerability

8.8CVSS9.3AI score0.09813EPSS

In wild

CVE•added 2025/01/14 6:15 p.m.•321 views

CVE-2025-21189

MapUrlToZone Security Feature Bypass Vulnerability

4.3CVSS4.6AI score0.00174EPSS

CVE•added 2025/02/11 6:15 p.m.•310 views

CVE-2025-21418

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8CVSS8.2AI score0.09977EPSS

In wild

CVE•added 2025/06/10 5:22 p.m.•304 views

CVE-2025-33065

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00056EPSS

CVE•added 2025/06/10 5:22 p.m.•300 views

CVE-2025-33052

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

5.5CVSS5.3AI score0.00144EPSS

CVE•added 2025/01/14 6:15 p.m.•299 views

CVE-2025-21335

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.05766EPSS

In wild

CVE•added 2025/01/14 6:15 p.m.•297 views

CVE-2025-21334

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.04579EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•293 views

CVE-2025-24054

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS6.5AI score0.31507EPSS

In wild

CVE•added 2024/08/13 6:15 p.m.•279 views

CVE-2024-38193

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.6447EPSS

In wild

CVE•added 2024/10/08 6:15 p.m.•277 views

CVE-2024-43584

Windows Scripting Engine Security Feature Bypass Vulnerability

8.4CVSS7.8AI score0.00371EPSS

CVE•added 2024/08/13 6:15 p.m.•272 views

CVE-2024-38178

Scripting Engine Memory Corruption Vulnerability

7.5CVSS7.4AI score0.25583EPSS

In wild

CVE•added 2024/09/10 5:15 p.m.•268 views

CVE-2024-21416

Windows TCP/IP Remote Code Execution Vulnerability

9.8CVSS9AI score0.05887EPSS

CVE•added 2025/06/10 5:23 p.m.•264 views

CVE-2025-33073

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

8.8CVSS8.7AI score0.03645EPSS

CVE•added 2025/03/11 5:16 p.m.•257 views

CVE-2025-24985

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00938EPSS

In wild

CVE•added 2024/08/13 6:15 p.m.•255 views

CVE-2024-38106

Windows Kernel Elevation of Privilege Vulnerability

7CVSS6.9AI score0.00341EPSS

In wild

CVE•added 2024/09/10 5:15 p.m.•254 views

CVE-2024-38217

Windows Mark of the Web Security Feature Bypass Vulnerability

5.4CVSS7.3AI score0.11696EPSS

In wild

CVE•added 2024/08/13 6:15 p.m.•250 views

CVE-2024-38118

Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability

5.5CVSS5.2AI score0.00585EPSS

CVE•added 2025/03/11 5:16 p.m.•247 views

CVE-2025-24993

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.02222EPSS

In wild

CVE•added 2024/08/13 6:15 p.m.•244 views

CVE-2024-38107

Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.02336EPSS

In wild

CVE•added 2024/10/08 6:15 p.m.•241 views

CVE-2024-37976

Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability

6.7CVSS7.3AI score0.0035EPSS

CVE•added 2025/03/11 5:16 p.m.•241 views

CVE-2025-24984

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

4.6CVSS6.1AI score0.17667EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•241 views

CVE-2025-24991

Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.

5.5CVSS6.5AI score0.02442EPSS

In wild

CVE•added 2024/12/12 2:4 a.m.•237 views

CVE-2024-49113

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

7.5CVSS7.5AI score0.86574EPSS

CVE•added 2025/02/11 6:15 p.m.•236 views

CVE-2025-21181

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS7.8AI score0.0823EPSS

CVE•added 2025/01/14 6:16 p.m.•227 views

CVE-2025-21413

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.027EPSS

CVE•added 2024/08/13 6:15 p.m.•226 views

CVE-2024-38155

Security Center Broker Information Disclosure Vulnerability

5.5CVSS5.3AI score0.00271EPSS

CVE•added 2024/10/08 6:15 p.m.•225 views

CVE-2024-20659

Windows Hyper-V Security Feature Bypass Vulnerability

7.1CVSS7.7AI score0.00816EPSS

CVE•added 2024/09/10 5:15 p.m.•225 views

CVE-2024-30073

Windows Security Zone Mapping Security Feature Bypass Vulnerability

7.8CVSS8.6AI score0.00558EPSS

Total number of security vulnerabilities680