Windows 11 24h2@* Security Vulnerabilities and Issues — Windows 11 24h2@* CVE List

Summary:As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this vulnerab...

6.7CVSS5.8AI score0.00705EPSS

CVE•added 2024/11/12 6:15 p.m.•492 views

CVE-2024-38203

Windows Package Library Manager Information Disclosure Vulnerability

6.2CVSS5.8AI score0.00165EPSS

CVE•added 2024/12/12 2:4 a.m.•468 views

CVE-2024-49138

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8CVSS7.5AI score0.85455EPSS

In wild

CVE•added 2024/09/10 5:15 p.m.•460 views

CVE-2024-38014

Windows Installer Elevation of Privilege Vulnerability

7.8CVSS8.7AI score0.10523EPSS

In wild

CVE•added 2024/10/08 6:15 p.m.•455 views

CVE-2024-43573

Windows MSHTML Platform Spoofing Vulnerability

8.1CVSS7.4AI score0.08507EPSS

In wild

CVE•added 2025/02/11 6:15 p.m.•449 views

CVE-2025-21391

Windows Storage Elevation of Privilege Vulnerability

7.1CVSS7.7AI score0.04061EPSS

In wild

CVE•added 2024/11/12 6:15 p.m.•393 views

CVE-2024-49039

Windows Task Scheduler Elevation of Privilege Vulnerability

8.8CVSS8.6AI score0.41323EPSS

In wildWeb

CVE•added 2025/05/13 5:15 p.m.•363 views

CVE-2025-29974

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.

5.7CVSS5.6AI score0.00087EPSS

CVE•added 2025/03/11 5:16 p.m.•362 views

CVE-2025-24071

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS7.3AI score0.51253EPSS

CVE•added 2025/02/11 6:15 p.m.•350 views

CVE-2025-21337

Windows NTFS Elevation of Privilege Vulnerability

3.3CVSS6AI score0.00083EPSS

CVE•added 2024/11/12 6:15 p.m.•346 views

CVE-2024-43451

NTLM Hash Disclosure Spoofing Vulnerability

6.5CVSS6.5AI score0.89638EPSS

In wild

CVE•added 2024/10/08 6:15 p.m.•341 views

CVE-2024-43583

Winlogon Elevation of Privilege Vulnerability

7.8CVSS8.4AI score0.08214EPSS

CVE•added 2025/02/11 6:15 p.m.•338 views

CVE-2025-21420

Windows Disk Cleanup Tool Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.31526EPSS

CVE•added 2024/10/08 6:15 p.m.•335 views

CVE-2024-30092

Windows Hyper-V Remote Code Execution Vulnerability

8CVSS8.3AI score0.00441EPSS

CVE•added 2024/09/10 5:15 p.m.•324 views

CVE-2024-43461

Windows MSHTML Platform Spoofing Vulnerability

8.8CVSS9.3AI score0.09813EPSS

In wild

CVE•added 2024/12/12 2:4 a.m.•322 views

CVE-2024-49112

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

9.8CVSS9.7AI score0.8668EPSS

CVE•added 2025/01/14 6:15 p.m.•318 views

CVE-2025-21189

MapUrlToZone Security Feature Bypass Vulnerability

4.3CVSS4.6AI score0.00174EPSS

CVE•added 2025/03/11 5:16 p.m.•310 views

CVE-2025-26633

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

7CVSS6.8AI score0.11557EPSS

In wild

CVE•added 2025/02/11 6:15 p.m.•306 views

CVE-2025-21418

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8CVSS8.2AI score0.11464EPSS

In wild

CVE•added 2025/06/10 5:22 p.m.•302 views

CVE-2025-33053

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

8.8CVSS8.8AI score0.18427EPSS

In wild

CVE•added 2025/06/10 5:22 p.m.•301 views

CVE-2025-33065

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00056EPSS

CVE•added 2025/06/10 5:22 p.m.•298 views

CVE-2025-33052

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

5.5CVSS5.3AI score0.00144EPSS

CVE•added 2025/01/14 6:15 p.m.•294 views

CVE-2025-21335

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.05766EPSS

In wild

CVE•added 2025/01/14 6:15 p.m.•292 views

CVE-2025-21334

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.04579EPSS

In wild

CVE•added 2024/08/13 6:15 p.m.•278 views

CVE-2024-38193

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.66358EPSS

In wild

CVE•added 2024/10/08 6:15 p.m.•275 views

CVE-2024-43584

Windows Scripting Engine Security Feature Bypass Vulnerability

8.4CVSS7.8AI score0.00371EPSS

CVE•added 2024/08/13 6:15 p.m.•271 views

CVE-2024-38178

Scripting Engine Memory Corruption Vulnerability

7.5CVSS7.4AI score0.18494EPSS

In wild

CVE•added 2024/09/10 5:15 p.m.•267 views

CVE-2024-21416

Windows TCP/IP Remote Code Execution Vulnerability

9.8CVSS9AI score0.05048EPSS

CVE•added 2025/03/11 5:16 p.m.•267 views

CVE-2025-24054

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS6.5AI score0.31507EPSS

In wildWeb

CVE•added 2024/08/13 6:15 p.m.•254 views

CVE-2024-38106

Windows Kernel Elevation of Privilege Vulnerability

7CVSS6.9AI score0.00367EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•254 views

CVE-2025-24985

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.01473EPSS

In wild

CVE•added 2024/09/10 5:15 p.m.•253 views

CVE-2024-38217

Windows Mark of the Web Security Feature Bypass Vulnerability

5.4CVSS7.3AI score0.14086EPSS

In wild

CVE•added 2024/08/13 6:15 p.m.•249 views

CVE-2024-38118

Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability

5.5CVSS5.2AI score0.00541EPSS

CVE•added 2025/03/11 5:16 p.m.•244 views

CVE-2025-24993

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.03137EPSS

In wild

CVE•added 2024/08/13 6:15 p.m.•242 views

CVE-2024-38107

Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.03662EPSS

In wild

CVE•added 2024/10/08 6:15 p.m.•240 views

CVE-2024-37976

Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability

6.7CVSS7.3AI score0.0035EPSS

CVE•added 2025/03/11 5:16 p.m.•239 views

CVE-2025-24984

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

4.6CVSS6.1AI score0.22265EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•239 views

CVE-2025-24991

Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.

5.5CVSS6.5AI score0.03281EPSS

In wild

CVE•added 2025/06/10 5:23 p.m.•237 views

CVE-2025-33073

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

8.8CVSS8.7AI score0.0096EPSS

Web

CVE•added 2024/12/12 2:4 a.m.•235 views

CVE-2024-49113

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

7.5CVSS7.5AI score0.87357EPSS

Web

CVE•added 2025/02/11 6:15 p.m.•234 views

CVE-2025-21181

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS7.8AI score0.07722EPSS

CVE•added 2024/08/13 6:15 p.m.•225 views

CVE-2024-38155

Security Center Broker Information Disclosure Vulnerability

5.5CVSS5.3AI score0.00251EPSS

CVE•added 2024/10/08 6:15 p.m.•224 views

CVE-2024-20659

Windows Hyper-V Security Feature Bypass Vulnerability

7.1CVSS7.7AI score0.00816EPSS

CVE•added 2024/09/10 5:15 p.m.•224 views

CVE-2024-30073

Windows Security Zone Mapping Security Feature Bypass Vulnerability

7.8CVSS8.6AI score0.00389EPSS

Total number of security vulnerabilities677