Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6849 vulnerabilities found for Windows Server 2019 by Microsoft
VAR-202008-0248
Vulnerability from variot - Updated: 2026-04-10 22:12An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. The Microsoft Windows Netlogon Remote Protocol (MS-NRPC) reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. plural Microsoft Windows The product contains an elevation of privilege vulnerability. Both Microsoft Windows and Microsoft Windows Server are products of Microsoft Corporation. Microsoft Windows is an operating system for personal devices. Microsoft Windows Server is a server operating system. Netlogon is a service used to register all SRV resource records for domain controllers. The following products and versions are affected: Microsoft Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 1903, Windows Server 1909, Windows Server 2004. A flaw was found in the way samba handled file and directory permissions. (CVE-2020-14318) A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-1472). 8) - aarch64, noarch, ppc64le, s390x, x86_64
The following packages have been upgraded to a later upstream version: samba (4.13.3).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-24
https://security.gentoo.org/
Severity: Normal Title: Samba: Multiple vulnerabilities Date: December 24, 2020 Bugs: #743433, #751724 ID: 202012-24
Synopsis
Multiple vulnerabilities have been found in Samba, the worst of which could result in a Denial of Service condition.
Background
Samba is a suite of SMB and CIFS client/server programs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-fs/samba < 4.12.9 >= 4.12.9
Description
Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Samba users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/samba-4.12.9"
References
[ 1 ] CVE-2020-14318 https://nvd.nist.gov/vuln/detail/CVE-2020-14318 [ 2 ] CVE-2020-14323 https://nvd.nist.gov/vuln/detail/CVE-2020-14323 [ 3 ] CVE-2020-14383 https://nvd.nist.gov/vuln/detail/CVE-2020-14383 [ 4 ] CVE-2020-1472 https://nvd.nist.gov/vuln/detail/CVE-2020-1472
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202012-24
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: samba security and bug fix update Advisory ID: RHSA-2020:5439-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5439 Issue date: 2020-12-15 CVE Names: CVE-2020-1472 CVE-2020-14318 CVE-2020-14323 =====================================================================
- Summary:
An update for samba is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.
Security Fix(es):
-
samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)
-
samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)
-
samba: Unprivileged user can crash winbind (CVE-2020-14323)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
The 'require_membership_of' documentation in pam_winbind manpage is incorrect (BZ#1853272)
-
Malfunctioning %U substitution in valid users option (BZ#1868917)
-
Regression: smbd and nmbd are restarted when samba-winbind package is upgraded (BZ#1878205)
-
winbindd memory leak on wbinfo -u with security=ADS (BZ#1892313)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the smb service will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1853272 - The 'require_membership_of' documentation in pam_winbind manpage is incorrect [rhel-7.9.z] 1868917 - Malfunctioning %U substitution in valid users option [rhel-7.9.z] 1878205 - Regression: smbd and nmbd are restarted when samba-winbind package is upgraded [rhel-7.9.z] 1879822 - CVE-2020-1472 samba: Netlogon elevation of privilege vulnerability (Zerologon) 1891685 - CVE-2020-14323 samba: Unprivileged user can crash winbind 1892313 - winbindd memory leak on wbinfo -u with security=ADS [rhel-7.9.z] 1892631 - CVE-2020-14318 samba: Missing handle permissions check in SMB1/2/3 ChangeNotify
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: samba-4.10.16-9.el7_9.src.rpm
noarch: samba-common-4.10.16-9.el7_9.noarch.rpm
x86_64: libsmbclient-4.10.16-9.el7_9.i686.rpm libsmbclient-4.10.16-9.el7_9.x86_64.rpm libwbclient-4.10.16-9.el7_9.i686.rpm libwbclient-4.10.16-9.el7_9.x86_64.rpm samba-client-4.10.16-9.el7_9.x86_64.rpm samba-client-libs-4.10.16-9.el7_9.i686.rpm samba-client-libs-4.10.16-9.el7_9.x86_64.rpm samba-common-libs-4.10.16-9.el7_9.i686.rpm samba-common-libs-4.10.16-9.el7_9.x86_64.rpm samba-common-tools-4.10.16-9.el7_9.x86_64.rpm samba-debuginfo-4.10.16-9.el7_9.i686.rpm samba-debuginfo-4.10.16-9.el7_9.x86_64.rpm samba-krb5-printing-4.10.16-9.el7_9.x86_64.rpm samba-libs-4.10.16-9.el7_9.i686.rpm samba-libs-4.10.16-9.el7_9.x86_64.rpm samba-winbind-4.10.16-9.el7_9.x86_64.rpm samba-winbind-clients-4.10.16-9.el7_9.x86_64.rpm samba-winbind-modules-4.10.16-9.el7_9.i686.rpm samba-winbind-modules-4.10.16-9.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: samba-pidl-4.10.16-9.el7_9.noarch.rpm
x86_64: libsmbclient-devel-4.10.16-9.el7_9.i686.rpm libsmbclient-devel-4.10.16-9.el7_9.x86_64.rpm libwbclient-devel-4.10.16-9.el7_9.i686.rpm libwbclient-devel-4.10.16-9.el7_9.x86_64.rpm samba-4.10.16-9.el7_9.x86_64.rpm samba-dc-4.10.16-9.el7_9.x86_64.rpm samba-dc-libs-4.10.16-9.el7_9.x86_64.rpm samba-debuginfo-4.10.16-9.el7_9.i686.rpm samba-debuginfo-4.10.16-9.el7_9.x86_64.rpm samba-devel-4.10.16-9.el7_9.i686.rpm samba-devel-4.10.16-9.el7_9.x86_64.rpm samba-python-4.10.16-9.el7_9.i686.rpm samba-python-4.10.16-9.el7_9.x86_64.rpm samba-python-test-4.10.16-9.el7_9.x86_64.rpm samba-test-4.10.16-9.el7_9.x86_64.rpm samba-test-libs-4.10.16-9.el7_9.i686.rpm samba-test-libs-4.10.16-9.el7_9.x86_64.rpm samba-vfs-glusterfs-4.10.16-9.el7_9.x86_64.rpm samba-winbind-krb5-locator-4.10.16-9.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: samba-4.10.16-9.el7_9.src.rpm
noarch: samba-common-4.10.16-9.el7_9.noarch.rpm
x86_64: libsmbclient-4.10.16-9.el7_9.i686.rpm libsmbclient-4.10.16-9.el7_9.x86_64.rpm libwbclient-4.10.16-9.el7_9.i686.rpm libwbclient-4.10.16-9.el7_9.x86_64.rpm samba-client-4.10.16-9.el7_9.x86_64.rpm samba-client-libs-4.10.16-9.el7_9.i686.rpm samba-client-libs-4.10.16-9.el7_9.x86_64.rpm samba-common-libs-4.10.16-9.el7_9.i686.rpm samba-common-libs-4.10.16-9.el7_9.x86_64.rpm samba-common-tools-4.10.16-9.el7_9.x86_64.rpm samba-debuginfo-4.10.16-9.el7_9.i686.rpm samba-debuginfo-4.10.16-9.el7_9.x86_64.rpm samba-libs-4.10.16-9.el7_9.i686.rpm samba-libs-4.10.16-9.el7_9.x86_64.rpm samba-winbind-4.10.16-9.el7_9.x86_64.rpm samba-winbind-clients-4.10.16-9.el7_9.x86_64.rpm samba-winbind-modules-4.10.16-9.el7_9.i686.rpm samba-winbind-modules-4.10.16-9.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: samba-pidl-4.10.16-9.el7_9.noarch.rpm
x86_64: libsmbclient-devel-4.10.16-9.el7_9.i686.rpm libsmbclient-devel-4.10.16-9.el7_9.x86_64.rpm libwbclient-devel-4.10.16-9.el7_9.i686.rpm libwbclient-devel-4.10.16-9.el7_9.x86_64.rpm samba-4.10.16-9.el7_9.x86_64.rpm samba-dc-4.10.16-9.el7_9.x86_64.rpm samba-dc-libs-4.10.16-9.el7_9.x86_64.rpm samba-debuginfo-4.10.16-9.el7_9.i686.rpm samba-debuginfo-4.10.16-9.el7_9.x86_64.rpm samba-devel-4.10.16-9.el7_9.i686.rpm samba-devel-4.10.16-9.el7_9.x86_64.rpm samba-krb5-printing-4.10.16-9.el7_9.x86_64.rpm samba-python-4.10.16-9.el7_9.i686.rpm samba-python-4.10.16-9.el7_9.x86_64.rpm samba-python-test-4.10.16-9.el7_9.x86_64.rpm samba-test-4.10.16-9.el7_9.x86_64.rpm samba-test-libs-4.10.16-9.el7_9.i686.rpm samba-test-libs-4.10.16-9.el7_9.x86_64.rpm samba-vfs-glusterfs-4.10.16-9.el7_9.x86_64.rpm samba-winbind-krb5-locator-4.10.16-9.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: samba-4.10.16-9.el7_9.src.rpm
noarch: samba-common-4.10.16-9.el7_9.noarch.rpm
ppc64: libsmbclient-4.10.16-9.el7_9.ppc.rpm libsmbclient-4.10.16-9.el7_9.ppc64.rpm libwbclient-4.10.16-9.el7_9.ppc.rpm libwbclient-4.10.16-9.el7_9.ppc64.rpm samba-4.10.16-9.el7_9.ppc64.rpm samba-client-4.10.16-9.el7_9.ppc64.rpm samba-client-libs-4.10.16-9.el7_9.ppc.rpm samba-client-libs-4.10.16-9.el7_9.ppc64.rpm samba-common-libs-4.10.16-9.el7_9.ppc.rpm samba-common-libs-4.10.16-9.el7_9.ppc64.rpm samba-common-tools-4.10.16-9.el7_9.ppc64.rpm samba-debuginfo-4.10.16-9.el7_9.ppc.rpm samba-debuginfo-4.10.16-9.el7_9.ppc64.rpm samba-krb5-printing-4.10.16-9.el7_9.ppc64.rpm samba-libs-4.10.16-9.el7_9.ppc.rpm samba-libs-4.10.16-9.el7_9.ppc64.rpm samba-winbind-4.10.16-9.el7_9.ppc64.rpm samba-winbind-clients-4.10.16-9.el7_9.ppc64.rpm samba-winbind-modules-4.10.16-9.el7_9.ppc.rpm samba-winbind-modules-4.10.16-9.el7_9.ppc64.rpm
ppc64le: libsmbclient-4.10.16-9.el7_9.ppc64le.rpm libwbclient-4.10.16-9.el7_9.ppc64le.rpm samba-4.10.16-9.el7_9.ppc64le.rpm samba-client-4.10.16-9.el7_9.ppc64le.rpm samba-client-libs-4.10.16-9.el7_9.ppc64le.rpm samba-common-libs-4.10.16-9.el7_9.ppc64le.rpm samba-common-tools-4.10.16-9.el7_9.ppc64le.rpm samba-debuginfo-4.10.16-9.el7_9.ppc64le.rpm samba-krb5-printing-4.10.16-9.el7_9.ppc64le.rpm samba-libs-4.10.16-9.el7_9.ppc64le.rpm samba-winbind-4.10.16-9.el7_9.ppc64le.rpm samba-winbind-clients-4.10.16-9.el7_9.ppc64le.rpm samba-winbind-modules-4.10.16-9.el7_9.ppc64le.rpm
s390x: libsmbclient-4.10.16-9.el7_9.s390.rpm libsmbclient-4.10.16-9.el7_9.s390x.rpm libwbclient-4.10.16-9.el7_9.s390.rpm libwbclient-4.10.16-9.el7_9.s390x.rpm samba-4.10.16-9.el7_9.s390x.rpm samba-client-4.10.16-9.el7_9.s390x.rpm samba-client-libs-4.10.16-9.el7_9.s390.rpm samba-client-libs-4.10.16-9.el7_9.s390x.rpm samba-common-libs-4.10.16-9.el7_9.s390.rpm samba-common-libs-4.10.16-9.el7_9.s390x.rpm samba-common-tools-4.10.16-9.el7_9.s390x.rpm samba-debuginfo-4.10.16-9.el7_9.s390.rpm samba-debuginfo-4.10.16-9.el7_9.s390x.rpm samba-krb5-printing-4.10.16-9.el7_9.s390x.rpm samba-libs-4.10.16-9.el7_9.s390.rpm samba-libs-4.10.16-9.el7_9.s390x.rpm samba-winbind-4.10.16-9.el7_9.s390x.rpm samba-winbind-clients-4.10.16-9.el7_9.s390x.rpm samba-winbind-modules-4.10.16-9.el7_9.s390.rpm samba-winbind-modules-4.10.16-9.el7_9.s390x.rpm
x86_64: libsmbclient-4.10.16-9.el7_9.i686.rpm libsmbclient-4.10.16-9.el7_9.x86_64.rpm libwbclient-4.10.16-9.el7_9.i686.rpm libwbclient-4.10.16-9.el7_9.x86_64.rpm samba-4.10.16-9.el7_9.x86_64.rpm samba-client-4.10.16-9.el7_9.x86_64.rpm samba-client-libs-4.10.16-9.el7_9.i686.rpm samba-client-libs-4.10.16-9.el7_9.x86_64.rpm samba-common-libs-4.10.16-9.el7_9.i686.rpm samba-common-libs-4.10.16-9.el7_9.x86_64.rpm samba-common-tools-4.10.16-9.el7_9.x86_64.rpm samba-debuginfo-4.10.16-9.el7_9.i686.rpm samba-debuginfo-4.10.16-9.el7_9.x86_64.rpm samba-krb5-printing-4.10.16-9.el7_9.x86_64.rpm samba-libs-4.10.16-9.el7_9.i686.rpm samba-libs-4.10.16-9.el7_9.x86_64.rpm samba-python-4.10.16-9.el7_9.i686.rpm samba-python-4.10.16-9.el7_9.x86_64.rpm samba-winbind-4.10.16-9.el7_9.x86_64.rpm samba-winbind-clients-4.10.16-9.el7_9.x86_64.rpm samba-winbind-modules-4.10.16-9.el7_9.i686.rpm samba-winbind-modules-4.10.16-9.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Resilient Storage (v. 7):
ppc64le: ctdb-4.10.16-9.el7_9.ppc64le.rpm ctdb-tests-4.10.16-9.el7_9.ppc64le.rpm samba-debuginfo-4.10.16-9.el7_9.ppc64le.rpm
s390x: ctdb-4.10.16-9.el7_9.s390x.rpm ctdb-tests-4.10.16-9.el7_9.s390x.rpm samba-debuginfo-4.10.16-9.el7_9.s390x.rpm
x86_64: ctdb-4.10.16-9.el7_9.x86_64.rpm ctdb-tests-4.10.16-9.el7_9.x86_64.rpm samba-debuginfo-4.10.16-9.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: samba-pidl-4.10.16-9.el7_9.noarch.rpm
ppc64: libsmbclient-devel-4.10.16-9.el7_9.ppc.rpm libsmbclient-devel-4.10.16-9.el7_9.ppc64.rpm libwbclient-devel-4.10.16-9.el7_9.ppc.rpm libwbclient-devel-4.10.16-9.el7_9.ppc64.rpm samba-dc-4.10.16-9.el7_9.ppc64.rpm samba-dc-libs-4.10.16-9.el7_9.ppc64.rpm samba-debuginfo-4.10.16-9.el7_9.ppc.rpm samba-debuginfo-4.10.16-9.el7_9.ppc64.rpm samba-devel-4.10.16-9.el7_9.ppc.rpm samba-devel-4.10.16-9.el7_9.ppc64.rpm samba-python-4.10.16-9.el7_9.ppc.rpm samba-python-4.10.16-9.el7_9.ppc64.rpm samba-python-test-4.10.16-9.el7_9.ppc64.rpm samba-test-4.10.16-9.el7_9.ppc64.rpm samba-test-libs-4.10.16-9.el7_9.ppc.rpm samba-test-libs-4.10.16-9.el7_9.ppc64.rpm samba-winbind-krb5-locator-4.10.16-9.el7_9.ppc64.rpm
ppc64le: libsmbclient-devel-4.10.16-9.el7_9.ppc64le.rpm libwbclient-devel-4.10.16-9.el7_9.ppc64le.rpm samba-dc-4.10.16-9.el7_9.ppc64le.rpm samba-dc-libs-4.10.16-9.el7_9.ppc64le.rpm samba-debuginfo-4.10.16-9.el7_9.ppc64le.rpm samba-devel-4.10.16-9.el7_9.ppc64le.rpm samba-python-4.10.16-9.el7_9.ppc64le.rpm samba-python-test-4.10.16-9.el7_9.ppc64le.rpm samba-test-4.10.16-9.el7_9.ppc64le.rpm samba-test-libs-4.10.16-9.el7_9.ppc64le.rpm samba-winbind-krb5-locator-4.10.16-9.el7_9.ppc64le.rpm
s390x: libsmbclient-devel-4.10.16-9.el7_9.s390.rpm libsmbclient-devel-4.10.16-9.el7_9.s390x.rpm libwbclient-devel-4.10.16-9.el7_9.s390.rpm libwbclient-devel-4.10.16-9.el7_9.s390x.rpm samba-dc-4.10.16-9.el7_9.s390x.rpm samba-dc-libs-4.10.16-9.el7_9.s390x.rpm samba-debuginfo-4.10.16-9.el7_9.s390.rpm samba-debuginfo-4.10.16-9.el7_9.s390x.rpm samba-devel-4.10.16-9.el7_9.s390.rpm samba-devel-4.10.16-9.el7_9.s390x.rpm samba-python-4.10.16-9.el7_9.s390.rpm samba-python-4.10.16-9.el7_9.s390x.rpm samba-python-test-4.10.16-9.el7_9.s390x.rpm samba-test-4.10.16-9.el7_9.s390x.rpm samba-test-libs-4.10.16-9.el7_9.s390.rpm samba-test-libs-4.10.16-9.el7_9.s390x.rpm samba-winbind-krb5-locator-4.10.16-9.el7_9.s390x.rpm
x86_64: libsmbclient-devel-4.10.16-9.el7_9.i686.rpm libsmbclient-devel-4.10.16-9.el7_9.x86_64.rpm libwbclient-devel-4.10.16-9.el7_9.i686.rpm libwbclient-devel-4.10.16-9.el7_9.x86_64.rpm samba-dc-4.10.16-9.el7_9.x86_64.rpm samba-dc-libs-4.10.16-9.el7_9.x86_64.rpm samba-debuginfo-4.10.16-9.el7_9.i686.rpm samba-debuginfo-4.10.16-9.el7_9.x86_64.rpm samba-devel-4.10.16-9.el7_9.i686.rpm samba-devel-4.10.16-9.el7_9.x86_64.rpm samba-python-test-4.10.16-9.el7_9.x86_64.rpm samba-test-4.10.16-9.el7_9.x86_64.rpm samba-test-libs-4.10.16-9.el7_9.i686.rpm samba-test-libs-4.10.16-9.el7_9.x86_64.rpm samba-vfs-glusterfs-4.10.16-9.el7_9.x86_64.rpm samba-winbind-krb5-locator-4.10.16-9.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: samba-4.10.16-9.el7_9.src.rpm
noarch: samba-common-4.10.16-9.el7_9.noarch.rpm
x86_64: libsmbclient-4.10.16-9.el7_9.i686.rpm libsmbclient-4.10.16-9.el7_9.x86_64.rpm libwbclient-4.10.16-9.el7_9.i686.rpm libwbclient-4.10.16-9.el7_9.x86_64.rpm samba-4.10.16-9.el7_9.x86_64.rpm samba-client-4.10.16-9.el7_9.x86_64.rpm samba-client-libs-4.10.16-9.el7_9.i686.rpm samba-client-libs-4.10.16-9.el7_9.x86_64.rpm samba-common-libs-4.10.16-9.el7_9.i686.rpm samba-common-libs-4.10.16-9.el7_9.x86_64.rpm samba-common-tools-4.10.16-9.el7_9.x86_64.rpm samba-debuginfo-4.10.16-9.el7_9.i686.rpm samba-debuginfo-4.10.16-9.el7_9.x86_64.rpm samba-krb5-printing-4.10.16-9.el7_9.x86_64.rpm samba-libs-4.10.16-9.el7_9.i686.rpm samba-libs-4.10.16-9.el7_9.x86_64.rpm samba-python-4.10.16-9.el7_9.i686.rpm samba-python-4.10.16-9.el7_9.x86_64.rpm samba-winbind-4.10.16-9.el7_9.x86_64.rpm samba-winbind-clients-4.10.16-9.el7_9.x86_64.rpm samba-winbind-modules-4.10.16-9.el7_9.i686.rpm samba-winbind-modules-4.10.16-9.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: samba-pidl-4.10.16-9.el7_9.noarch.rpm
x86_64: libsmbclient-devel-4.10.16-9.el7_9.i686.rpm libsmbclient-devel-4.10.16-9.el7_9.x86_64.rpm libwbclient-devel-4.10.16-9.el7_9.i686.rpm libwbclient-devel-4.10.16-9.el7_9.x86_64.rpm samba-dc-4.10.16-9.el7_9.x86_64.rpm samba-dc-libs-4.10.16-9.el7_9.x86_64.rpm samba-debuginfo-4.10.16-9.el7_9.i686.rpm samba-debuginfo-4.10.16-9.el7_9.x86_64.rpm samba-devel-4.10.16-9.el7_9.i686.rpm samba-devel-4.10.16-9.el7_9.x86_64.rpm samba-python-test-4.10.16-9.el7_9.x86_64.rpm samba-test-4.10.16-9.el7_9.x86_64.rpm samba-test-libs-4.10.16-9.el7_9.i686.rpm samba-test-libs-4.10.16-9.el7_9.x86_64.rpm samba-vfs-glusterfs-4.10.16-9.el7_9.x86_64.rpm samba-winbind-krb5-locator-4.10.16-9.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1472 https://access.redhat.com/security/cve/CVE-2020-14318 https://access.redhat.com/security/cve/CVE-2020-14323 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX9idqtzjgjWX9erEAQhLxg//aGgge7wuhwtrhosIFhpoMEPD3hrlBtLk 5uRe7SaKoJa65TxAbnAD2IRP118/bZyXkS4zi1NMW3cDubvdz+pXJEq5Avfp28qp 7HcfGUKrgcDzRXlAUGBMk9P7kfCUx+jiGluhO/qsFs3TbMxcZoQ8HJxP1php4tCd ibIHVRPRS8Z+o2SzwvSW0AnkYJTTBGCht0JZKN9rIaWwljYgUXW1Fy9CTAGd48Jc EcRDHn4sDNGKl60g77e/7FVpIz7HjNyD+AWtVx8hhf6IguJnPJF9LnP1Msu0fjMd K1eCVDOwlIbZYE11+bJ28sy90HEzsihUO5KJgUgn1yj28JVaezm6dm9TT8RG/N0P 6p4tJhW8OkmVgM7ltbPI6ENfyFih/LWKekEc0LUxbFUmD3u/aytwl8OaF/0vxdGV L/7fY5QIAdLKsgNrDl817XAHmtVaarwg6swfM/iOwICatlNiAIeEr4hbCc/ZvkCI iiVLKa64AXcBuIXBERa4lzqqjeCbAc0vuXG5zyk9wY23fORfrxZBYvU9SSfstubQ OR3F7Q3wDX9Nx7pdYnSmwwhHnVq8kNXO62agaKvlmQ3Z7exeLzdDM6Wy1wdXpYzi 4bPulpSOhcwDieCQLfPb+fMo13lbkfLX1eX1PeG0pK/nv//KBkkiTp1nLlHwRZzM 2lNVzS89G3A= =hQrq -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-4510-2 September 17, 2020
samba vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Samba would allow unintended access to files over the network. This update provides the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme.
This update fixes the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which will force a secure netlogon channel. This may result in compatibility issues with older devices. A future update may allow a finer-grained control over this setting.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9
In general, a standard system update will make all the necessary changes. See the following link for examples: https://www.samba.org/samba/security/CVE-2020-1472.html
In addition, this update adds additional server checks for the protocol attack in the client-specified challenge to provide some protection when 'server schannel = no/auto' and avoid the false-positive results when running the proof-of-concept exploit. Description:
Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "samba",
"scope": "lt",
"trust": 1.0,
"vendor": "samba",
"version": "4.10.18"
},
{
"_id": null,
"model": "windows server 2004",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"_id": null,
"model": "samba",
"scope": "lt",
"trust": 1.0,
"vendor": "samba",
"version": "4.11.13"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"_id": null,
"model": "windows server 20h2",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows server 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"_id": null,
"model": "samba",
"scope": "lt",
"trust": 1.0,
"vendor": "samba",
"version": "4.12.7"
},
{
"_id": null,
"model": "windows server 2012",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"_id": null,
"model": "windows server 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "samba",
"scope": "gte",
"trust": 1.0,
"vendor": "samba",
"version": "4.11.0"
},
{
"_id": null,
"model": "samba",
"scope": "gte",
"trust": 1.0,
"vendor": "samba",
"version": "4.12.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"_id": null,
"model": "windows server 1909",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"_id": null,
"model": "windows server 1903",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"_id": null,
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows server 2012",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "directory server",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "4.4.5-0101"
},
{
"_id": null,
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"_id": null,
"model": "microsoft windows server 2019",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"_id": null,
"model": "microsoft windows server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2008 r2 for x64-based systems sp1"
},
{
"_id": null,
"model": "microsoft windows server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2016"
},
{
"_id": null,
"model": "microsoft windows server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019"
},
{
"_id": null,
"model": "microsoft windows server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2012"
},
{
"_id": null,
"model": "microsoft windows server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2012 (server core installation)"
},
{
"_id": null,
"model": "microsoft windows server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "1903 (server core installation)"
},
{
"_id": null,
"model": "microsoft windows server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2012 r2 (server core installation)"
},
{
"_id": null,
"model": "microsoft windows server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2004 (server core installation)"
},
{
"_id": null,
"model": "microsoft windows server 2008",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"_id": null,
"model": "microsoft windows server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2008 r2 for x64-based systems sp1 (server core installation)"
},
{
"_id": null,
"model": "microsoft windows server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2012 r2"
},
{
"_id": null,
"model": "microsoft windows server 2012",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"_id": null,
"model": "microsoft windows server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "1909 (server core installation)"
},
{
"_id": null,
"model": "microsoft windows server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2016 (server core installation)"
},
{
"_id": null,
"model": "microsoft windows server 2016",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"_id": null,
"model": "microsoft windows server 2019",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "(server core installation)"
},
{
"_id": null,
"model": "microsoft windows server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 (server core installation)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008530"
},
{
"db": "NVD",
"id": "CVE-2020-1472"
}
]
},
"credits": {
"_id": null,
"data": "This document was written by Eric Hatleback, Art Manion, and Will Dormann.We have not received a statement from the vendor.",
"sources": [
{
"db": "CERT/CC",
"id": "VU#490028"
}
],
"trust": 0.8
},
"cve": "CVE-2020-1472",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-1472",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-167626",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-1472",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "secure@microsoft.com",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-1472",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008530",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-1472",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2020-1472",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-1472",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-548",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-167626",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-1472",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167626"
},
{
"db": "VULMON",
"id": "CVE-2020-1472"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-548"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008530"
},
{
"db": "NVD",
"id": "CVE-2020-1472"
},
{
"db": "NVD",
"id": "CVE-2020-1472"
}
]
},
"description": {
"_id": null,
"data": "An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. \nTo exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. \nMicrosoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. \nFor guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). \nWhen the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. The Microsoft Windows Netlogon Remote Protocol (MS-NRPC) reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. plural Microsoft Windows The product contains an elevation of privilege vulnerability. Both Microsoft Windows and Microsoft Windows Server are products of Microsoft Corporation. Microsoft Windows is an operating system for personal devices. Microsoft Windows Server is a server operating system. Netlogon is a service used to register all SRV resource records for domain controllers. The following products and versions are affected: Microsoft Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 1903, Windows Server 1909, Windows Server 2004. A flaw was found in the way samba handled file and directory permissions. (CVE-2020-14318)\nA null pointer dereference flaw was found in Samba\u0027s winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-1472). 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nThe following packages have been upgraded to a later upstream version:\nsamba (4.13.3). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202012-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Samba: Multiple vulnerabilities\n Date: December 24, 2020\n Bugs: #743433, #751724\n ID: 202012-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Samba, the worst of which\ncould result in a Denial of Service condition. \n\nBackground\n==========\n\nSamba is a suite of SMB and CIFS client/server programs. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-fs/samba \u003c 4.12.9 \u003e= 4.12.9\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Samba. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Samba users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-fs/samba-4.12.9\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-14318\n https://nvd.nist.gov/vuln/detail/CVE-2020-14318\n[ 2 ] CVE-2020-14323\n https://nvd.nist.gov/vuln/detail/CVE-2020-14323\n[ 3 ] CVE-2020-14383\n https://nvd.nist.gov/vuln/detail/CVE-2020-14383\n[ 4 ] CVE-2020-1472\n https://nvd.nist.gov/vuln/detail/CVE-2020-1472\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202012-24\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: samba security and bug fix update\nAdvisory ID: RHSA-2020:5439-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5439\nIssue date: 2020-12-15\nCVE Names: CVE-2020-1472 CVE-2020-14318 CVE-2020-14323 \n=====================================================================\n\n1. Summary:\n\nAn update for samba is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nSamba is an open-source implementation of the Server Message Block (SMB)\nprotocol and the related Common Internet File System (CIFS) protocol, which\nallow PC-compatible machines to share files, printers, and various\ninformation. \n\nSecurity Fix(es):\n\n* samba: Netlogon elevation of privilege vulnerability (Zerologon)\n(CVE-2020-1472)\n\n* samba: Missing handle permissions check in SMB1/2/3 ChangeNotify\n(CVE-2020-14318)\n\n* samba: Unprivileged user can crash winbind (CVE-2020-14323)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* The \u0027require_membership_of\u0027 documentation in pam_winbind manpage is\nincorrect (BZ#1853272)\n\n* Malfunctioning %U substitution in valid users option (BZ#1868917)\n\n* Regression: smbd and nmbd are restarted when samba-winbind package is\nupgraded (BZ#1878205)\n\n* winbindd memory leak on wbinfo -u with security=ADS (BZ#1892313)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the smb service will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1853272 - The \u0027require_membership_of\u0027 documentation in pam_winbind manpage is incorrect [rhel-7.9.z]\n1868917 - Malfunctioning %U substitution in valid users option [rhel-7.9.z]\n1878205 - Regression: smbd and nmbd are restarted when samba-winbind package is upgraded [rhel-7.9.z]\n1879822 - CVE-2020-1472 samba: Netlogon elevation of privilege vulnerability (Zerologon)\n1891685 - CVE-2020-14323 samba: Unprivileged user can crash winbind\n1892313 - winbindd memory leak on wbinfo -u with security=ADS [rhel-7.9.z]\n1892631 - CVE-2020-14318 samba: Missing handle permissions check in SMB1/2/3 ChangeNotify\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nsamba-4.10.16-9.el7_9.src.rpm\n\nnoarch:\nsamba-common-4.10.16-9.el7_9.noarch.rpm\n\nx86_64:\nlibsmbclient-4.10.16-9.el7_9.i686.rpm\nlibsmbclient-4.10.16-9.el7_9.x86_64.rpm\nlibwbclient-4.10.16-9.el7_9.i686.rpm\nlibwbclient-4.10.16-9.el7_9.x86_64.rpm\nsamba-client-4.10.16-9.el7_9.x86_64.rpm\nsamba-client-libs-4.10.16-9.el7_9.i686.rpm\nsamba-client-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-common-libs-4.10.16-9.el7_9.i686.rpm\nsamba-common-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-common-tools-4.10.16-9.el7_9.x86_64.rpm\nsamba-debuginfo-4.10.16-9.el7_9.i686.rpm\nsamba-debuginfo-4.10.16-9.el7_9.x86_64.rpm\nsamba-krb5-printing-4.10.16-9.el7_9.x86_64.rpm\nsamba-libs-4.10.16-9.el7_9.i686.rpm\nsamba-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-clients-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-modules-4.10.16-9.el7_9.i686.rpm\nsamba-winbind-modules-4.10.16-9.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nsamba-pidl-4.10.16-9.el7_9.noarch.rpm\n\nx86_64:\nlibsmbclient-devel-4.10.16-9.el7_9.i686.rpm\nlibsmbclient-devel-4.10.16-9.el7_9.x86_64.rpm\nlibwbclient-devel-4.10.16-9.el7_9.i686.rpm\nlibwbclient-devel-4.10.16-9.el7_9.x86_64.rpm\nsamba-4.10.16-9.el7_9.x86_64.rpm\nsamba-dc-4.10.16-9.el7_9.x86_64.rpm\nsamba-dc-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-debuginfo-4.10.16-9.el7_9.i686.rpm\nsamba-debuginfo-4.10.16-9.el7_9.x86_64.rpm\nsamba-devel-4.10.16-9.el7_9.i686.rpm\nsamba-devel-4.10.16-9.el7_9.x86_64.rpm\nsamba-python-4.10.16-9.el7_9.i686.rpm\nsamba-python-4.10.16-9.el7_9.x86_64.rpm\nsamba-python-test-4.10.16-9.el7_9.x86_64.rpm\nsamba-test-4.10.16-9.el7_9.x86_64.rpm\nsamba-test-libs-4.10.16-9.el7_9.i686.rpm\nsamba-test-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-vfs-glusterfs-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-krb5-locator-4.10.16-9.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nsamba-4.10.16-9.el7_9.src.rpm\n\nnoarch:\nsamba-common-4.10.16-9.el7_9.noarch.rpm\n\nx86_64:\nlibsmbclient-4.10.16-9.el7_9.i686.rpm\nlibsmbclient-4.10.16-9.el7_9.x86_64.rpm\nlibwbclient-4.10.16-9.el7_9.i686.rpm\nlibwbclient-4.10.16-9.el7_9.x86_64.rpm\nsamba-client-4.10.16-9.el7_9.x86_64.rpm\nsamba-client-libs-4.10.16-9.el7_9.i686.rpm\nsamba-client-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-common-libs-4.10.16-9.el7_9.i686.rpm\nsamba-common-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-common-tools-4.10.16-9.el7_9.x86_64.rpm\nsamba-debuginfo-4.10.16-9.el7_9.i686.rpm\nsamba-debuginfo-4.10.16-9.el7_9.x86_64.rpm\nsamba-libs-4.10.16-9.el7_9.i686.rpm\nsamba-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-clients-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-modules-4.10.16-9.el7_9.i686.rpm\nsamba-winbind-modules-4.10.16-9.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nsamba-pidl-4.10.16-9.el7_9.noarch.rpm\n\nx86_64:\nlibsmbclient-devel-4.10.16-9.el7_9.i686.rpm\nlibsmbclient-devel-4.10.16-9.el7_9.x86_64.rpm\nlibwbclient-devel-4.10.16-9.el7_9.i686.rpm\nlibwbclient-devel-4.10.16-9.el7_9.x86_64.rpm\nsamba-4.10.16-9.el7_9.x86_64.rpm\nsamba-dc-4.10.16-9.el7_9.x86_64.rpm\nsamba-dc-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-debuginfo-4.10.16-9.el7_9.i686.rpm\nsamba-debuginfo-4.10.16-9.el7_9.x86_64.rpm\nsamba-devel-4.10.16-9.el7_9.i686.rpm\nsamba-devel-4.10.16-9.el7_9.x86_64.rpm\nsamba-krb5-printing-4.10.16-9.el7_9.x86_64.rpm\nsamba-python-4.10.16-9.el7_9.i686.rpm\nsamba-python-4.10.16-9.el7_9.x86_64.rpm\nsamba-python-test-4.10.16-9.el7_9.x86_64.rpm\nsamba-test-4.10.16-9.el7_9.x86_64.rpm\nsamba-test-libs-4.10.16-9.el7_9.i686.rpm\nsamba-test-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-vfs-glusterfs-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-krb5-locator-4.10.16-9.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsamba-4.10.16-9.el7_9.src.rpm\n\nnoarch:\nsamba-common-4.10.16-9.el7_9.noarch.rpm\n\nppc64:\nlibsmbclient-4.10.16-9.el7_9.ppc.rpm\nlibsmbclient-4.10.16-9.el7_9.ppc64.rpm\nlibwbclient-4.10.16-9.el7_9.ppc.rpm\nlibwbclient-4.10.16-9.el7_9.ppc64.rpm\nsamba-4.10.16-9.el7_9.ppc64.rpm\nsamba-client-4.10.16-9.el7_9.ppc64.rpm\nsamba-client-libs-4.10.16-9.el7_9.ppc.rpm\nsamba-client-libs-4.10.16-9.el7_9.ppc64.rpm\nsamba-common-libs-4.10.16-9.el7_9.ppc.rpm\nsamba-common-libs-4.10.16-9.el7_9.ppc64.rpm\nsamba-common-tools-4.10.16-9.el7_9.ppc64.rpm\nsamba-debuginfo-4.10.16-9.el7_9.ppc.rpm\nsamba-debuginfo-4.10.16-9.el7_9.ppc64.rpm\nsamba-krb5-printing-4.10.16-9.el7_9.ppc64.rpm\nsamba-libs-4.10.16-9.el7_9.ppc.rpm\nsamba-libs-4.10.16-9.el7_9.ppc64.rpm\nsamba-winbind-4.10.16-9.el7_9.ppc64.rpm\nsamba-winbind-clients-4.10.16-9.el7_9.ppc64.rpm\nsamba-winbind-modules-4.10.16-9.el7_9.ppc.rpm\nsamba-winbind-modules-4.10.16-9.el7_9.ppc64.rpm\n\nppc64le:\nlibsmbclient-4.10.16-9.el7_9.ppc64le.rpm\nlibwbclient-4.10.16-9.el7_9.ppc64le.rpm\nsamba-4.10.16-9.el7_9.ppc64le.rpm\nsamba-client-4.10.16-9.el7_9.ppc64le.rpm\nsamba-client-libs-4.10.16-9.el7_9.ppc64le.rpm\nsamba-common-libs-4.10.16-9.el7_9.ppc64le.rpm\nsamba-common-tools-4.10.16-9.el7_9.ppc64le.rpm\nsamba-debuginfo-4.10.16-9.el7_9.ppc64le.rpm\nsamba-krb5-printing-4.10.16-9.el7_9.ppc64le.rpm\nsamba-libs-4.10.16-9.el7_9.ppc64le.rpm\nsamba-winbind-4.10.16-9.el7_9.ppc64le.rpm\nsamba-winbind-clients-4.10.16-9.el7_9.ppc64le.rpm\nsamba-winbind-modules-4.10.16-9.el7_9.ppc64le.rpm\n\ns390x:\nlibsmbclient-4.10.16-9.el7_9.s390.rpm\nlibsmbclient-4.10.16-9.el7_9.s390x.rpm\nlibwbclient-4.10.16-9.el7_9.s390.rpm\nlibwbclient-4.10.16-9.el7_9.s390x.rpm\nsamba-4.10.16-9.el7_9.s390x.rpm\nsamba-client-4.10.16-9.el7_9.s390x.rpm\nsamba-client-libs-4.10.16-9.el7_9.s390.rpm\nsamba-client-libs-4.10.16-9.el7_9.s390x.rpm\nsamba-common-libs-4.10.16-9.el7_9.s390.rpm\nsamba-common-libs-4.10.16-9.el7_9.s390x.rpm\nsamba-common-tools-4.10.16-9.el7_9.s390x.rpm\nsamba-debuginfo-4.10.16-9.el7_9.s390.rpm\nsamba-debuginfo-4.10.16-9.el7_9.s390x.rpm\nsamba-krb5-printing-4.10.16-9.el7_9.s390x.rpm\nsamba-libs-4.10.16-9.el7_9.s390.rpm\nsamba-libs-4.10.16-9.el7_9.s390x.rpm\nsamba-winbind-4.10.16-9.el7_9.s390x.rpm\nsamba-winbind-clients-4.10.16-9.el7_9.s390x.rpm\nsamba-winbind-modules-4.10.16-9.el7_9.s390.rpm\nsamba-winbind-modules-4.10.16-9.el7_9.s390x.rpm\n\nx86_64:\nlibsmbclient-4.10.16-9.el7_9.i686.rpm\nlibsmbclient-4.10.16-9.el7_9.x86_64.rpm\nlibwbclient-4.10.16-9.el7_9.i686.rpm\nlibwbclient-4.10.16-9.el7_9.x86_64.rpm\nsamba-4.10.16-9.el7_9.x86_64.rpm\nsamba-client-4.10.16-9.el7_9.x86_64.rpm\nsamba-client-libs-4.10.16-9.el7_9.i686.rpm\nsamba-client-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-common-libs-4.10.16-9.el7_9.i686.rpm\nsamba-common-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-common-tools-4.10.16-9.el7_9.x86_64.rpm\nsamba-debuginfo-4.10.16-9.el7_9.i686.rpm\nsamba-debuginfo-4.10.16-9.el7_9.x86_64.rpm\nsamba-krb5-printing-4.10.16-9.el7_9.x86_64.rpm\nsamba-libs-4.10.16-9.el7_9.i686.rpm\nsamba-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-python-4.10.16-9.el7_9.i686.rpm\nsamba-python-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-clients-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-modules-4.10.16-9.el7_9.i686.rpm\nsamba-winbind-modules-4.10.16-9.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Resilient Storage (v. 7):\n\nppc64le:\nctdb-4.10.16-9.el7_9.ppc64le.rpm\nctdb-tests-4.10.16-9.el7_9.ppc64le.rpm\nsamba-debuginfo-4.10.16-9.el7_9.ppc64le.rpm\n\ns390x:\nctdb-4.10.16-9.el7_9.s390x.rpm\nctdb-tests-4.10.16-9.el7_9.s390x.rpm\nsamba-debuginfo-4.10.16-9.el7_9.s390x.rpm\n\nx86_64:\nctdb-4.10.16-9.el7_9.x86_64.rpm\nctdb-tests-4.10.16-9.el7_9.x86_64.rpm\nsamba-debuginfo-4.10.16-9.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nsamba-pidl-4.10.16-9.el7_9.noarch.rpm\n\nppc64:\nlibsmbclient-devel-4.10.16-9.el7_9.ppc.rpm\nlibsmbclient-devel-4.10.16-9.el7_9.ppc64.rpm\nlibwbclient-devel-4.10.16-9.el7_9.ppc.rpm\nlibwbclient-devel-4.10.16-9.el7_9.ppc64.rpm\nsamba-dc-4.10.16-9.el7_9.ppc64.rpm\nsamba-dc-libs-4.10.16-9.el7_9.ppc64.rpm\nsamba-debuginfo-4.10.16-9.el7_9.ppc.rpm\nsamba-debuginfo-4.10.16-9.el7_9.ppc64.rpm\nsamba-devel-4.10.16-9.el7_9.ppc.rpm\nsamba-devel-4.10.16-9.el7_9.ppc64.rpm\nsamba-python-4.10.16-9.el7_9.ppc.rpm\nsamba-python-4.10.16-9.el7_9.ppc64.rpm\nsamba-python-test-4.10.16-9.el7_9.ppc64.rpm\nsamba-test-4.10.16-9.el7_9.ppc64.rpm\nsamba-test-libs-4.10.16-9.el7_9.ppc.rpm\nsamba-test-libs-4.10.16-9.el7_9.ppc64.rpm\nsamba-winbind-krb5-locator-4.10.16-9.el7_9.ppc64.rpm\n\nppc64le:\nlibsmbclient-devel-4.10.16-9.el7_9.ppc64le.rpm\nlibwbclient-devel-4.10.16-9.el7_9.ppc64le.rpm\nsamba-dc-4.10.16-9.el7_9.ppc64le.rpm\nsamba-dc-libs-4.10.16-9.el7_9.ppc64le.rpm\nsamba-debuginfo-4.10.16-9.el7_9.ppc64le.rpm\nsamba-devel-4.10.16-9.el7_9.ppc64le.rpm\nsamba-python-4.10.16-9.el7_9.ppc64le.rpm\nsamba-python-test-4.10.16-9.el7_9.ppc64le.rpm\nsamba-test-4.10.16-9.el7_9.ppc64le.rpm\nsamba-test-libs-4.10.16-9.el7_9.ppc64le.rpm\nsamba-winbind-krb5-locator-4.10.16-9.el7_9.ppc64le.rpm\n\ns390x:\nlibsmbclient-devel-4.10.16-9.el7_9.s390.rpm\nlibsmbclient-devel-4.10.16-9.el7_9.s390x.rpm\nlibwbclient-devel-4.10.16-9.el7_9.s390.rpm\nlibwbclient-devel-4.10.16-9.el7_9.s390x.rpm\nsamba-dc-4.10.16-9.el7_9.s390x.rpm\nsamba-dc-libs-4.10.16-9.el7_9.s390x.rpm\nsamba-debuginfo-4.10.16-9.el7_9.s390.rpm\nsamba-debuginfo-4.10.16-9.el7_9.s390x.rpm\nsamba-devel-4.10.16-9.el7_9.s390.rpm\nsamba-devel-4.10.16-9.el7_9.s390x.rpm\nsamba-python-4.10.16-9.el7_9.s390.rpm\nsamba-python-4.10.16-9.el7_9.s390x.rpm\nsamba-python-test-4.10.16-9.el7_9.s390x.rpm\nsamba-test-4.10.16-9.el7_9.s390x.rpm\nsamba-test-libs-4.10.16-9.el7_9.s390.rpm\nsamba-test-libs-4.10.16-9.el7_9.s390x.rpm\nsamba-winbind-krb5-locator-4.10.16-9.el7_9.s390x.rpm\n\nx86_64:\nlibsmbclient-devel-4.10.16-9.el7_9.i686.rpm\nlibsmbclient-devel-4.10.16-9.el7_9.x86_64.rpm\nlibwbclient-devel-4.10.16-9.el7_9.i686.rpm\nlibwbclient-devel-4.10.16-9.el7_9.x86_64.rpm\nsamba-dc-4.10.16-9.el7_9.x86_64.rpm\nsamba-dc-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-debuginfo-4.10.16-9.el7_9.i686.rpm\nsamba-debuginfo-4.10.16-9.el7_9.x86_64.rpm\nsamba-devel-4.10.16-9.el7_9.i686.rpm\nsamba-devel-4.10.16-9.el7_9.x86_64.rpm\nsamba-python-test-4.10.16-9.el7_9.x86_64.rpm\nsamba-test-4.10.16-9.el7_9.x86_64.rpm\nsamba-test-libs-4.10.16-9.el7_9.i686.rpm\nsamba-test-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-vfs-glusterfs-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-krb5-locator-4.10.16-9.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nsamba-4.10.16-9.el7_9.src.rpm\n\nnoarch:\nsamba-common-4.10.16-9.el7_9.noarch.rpm\n\nx86_64:\nlibsmbclient-4.10.16-9.el7_9.i686.rpm\nlibsmbclient-4.10.16-9.el7_9.x86_64.rpm\nlibwbclient-4.10.16-9.el7_9.i686.rpm\nlibwbclient-4.10.16-9.el7_9.x86_64.rpm\nsamba-4.10.16-9.el7_9.x86_64.rpm\nsamba-client-4.10.16-9.el7_9.x86_64.rpm\nsamba-client-libs-4.10.16-9.el7_9.i686.rpm\nsamba-client-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-common-libs-4.10.16-9.el7_9.i686.rpm\nsamba-common-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-common-tools-4.10.16-9.el7_9.x86_64.rpm\nsamba-debuginfo-4.10.16-9.el7_9.i686.rpm\nsamba-debuginfo-4.10.16-9.el7_9.x86_64.rpm\nsamba-krb5-printing-4.10.16-9.el7_9.x86_64.rpm\nsamba-libs-4.10.16-9.el7_9.i686.rpm\nsamba-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-python-4.10.16-9.el7_9.i686.rpm\nsamba-python-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-clients-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-modules-4.10.16-9.el7_9.i686.rpm\nsamba-winbind-modules-4.10.16-9.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nsamba-pidl-4.10.16-9.el7_9.noarch.rpm\n\nx86_64:\nlibsmbclient-devel-4.10.16-9.el7_9.i686.rpm\nlibsmbclient-devel-4.10.16-9.el7_9.x86_64.rpm\nlibwbclient-devel-4.10.16-9.el7_9.i686.rpm\nlibwbclient-devel-4.10.16-9.el7_9.x86_64.rpm\nsamba-dc-4.10.16-9.el7_9.x86_64.rpm\nsamba-dc-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-debuginfo-4.10.16-9.el7_9.i686.rpm\nsamba-debuginfo-4.10.16-9.el7_9.x86_64.rpm\nsamba-devel-4.10.16-9.el7_9.i686.rpm\nsamba-devel-4.10.16-9.el7_9.x86_64.rpm\nsamba-python-test-4.10.16-9.el7_9.x86_64.rpm\nsamba-test-4.10.16-9.el7_9.x86_64.rpm\nsamba-test-libs-4.10.16-9.el7_9.i686.rpm\nsamba-test-libs-4.10.16-9.el7_9.x86_64.rpm\nsamba-vfs-glusterfs-4.10.16-9.el7_9.x86_64.rpm\nsamba-winbind-krb5-locator-4.10.16-9.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1472\nhttps://access.redhat.com/security/cve/CVE-2020-14318\nhttps://access.redhat.com/security/cve/CVE-2020-14323\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX9idqtzjgjWX9erEAQhLxg//aGgge7wuhwtrhosIFhpoMEPD3hrlBtLk\n5uRe7SaKoJa65TxAbnAD2IRP118/bZyXkS4zi1NMW3cDubvdz+pXJEq5Avfp28qp\n7HcfGUKrgcDzRXlAUGBMk9P7kfCUx+jiGluhO/qsFs3TbMxcZoQ8HJxP1php4tCd\nibIHVRPRS8Z+o2SzwvSW0AnkYJTTBGCht0JZKN9rIaWwljYgUXW1Fy9CTAGd48Jc\nEcRDHn4sDNGKl60g77e/7FVpIz7HjNyD+AWtVx8hhf6IguJnPJF9LnP1Msu0fjMd\nK1eCVDOwlIbZYE11+bJ28sy90HEzsihUO5KJgUgn1yj28JVaezm6dm9TT8RG/N0P\n6p4tJhW8OkmVgM7ltbPI6ENfyFih/LWKekEc0LUxbFUmD3u/aytwl8OaF/0vxdGV\nL/7fY5QIAdLKsgNrDl817XAHmtVaarwg6swfM/iOwICatlNiAIeEr4hbCc/ZvkCI\niiVLKa64AXcBuIXBERa4lzqqjeCbAc0vuXG5zyk9wY23fORfrxZBYvU9SSfstubQ\nOR3F7Q3wDX9Nx7pdYnSmwwhHnVq8kNXO62agaKvlmQ3Z7exeLzdDM6Wy1wdXpYzi\n4bPulpSOhcwDieCQLfPb+fMo13lbkfLX1eX1PeG0pK/nv//KBkkiTp1nLlHwRZzM\n2lNVzS89G3A=\n=hQrq\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. =========================================================================\nUbuntu Security Notice USN-4510-2\nSeptember 17, 2020\n\nsamba vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSamba would allow unintended access to files over the network. This update provides\nthe corresponding update for Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n Tom Tervoort discovered that the Netlogon protocol implemented by Samba\n incorrectly handled the authentication scheme. \n\n This update fixes the issue by changing the \"server schannel\" setting to\n default to \"yes\", instead of \"auto\", which will force a secure netlogon\n channel. This may result in compatibility issues with older devices. A\n future update may allow a finer-grained control over this setting. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9\n\nIn general, a standard system update will make all the necessary changes. See the following link for\nexamples: https://www.samba.org/samba/security/CVE-2020-1472.html\n\nIn addition, this update adds additional server checks for the protocol\nattack in the client-specified challenge to provide some protection when\n\u0027server schannel = no/auto\u0027 and avoid the false-positive results when\nrunning the proof-of-concept exploit. Description:\n\nRed Hat Gluster Storage is a software only scale-out storage solution that\nprovides flexible and affordable unstructured data storage. It unifies data\nstorage and infrastructure, increases performance, and improves\navailability and manageability to meet enterprise-level storage challenges. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1472"
},
{
"db": "CERT/CC",
"id": "VU#490028"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008530"
},
{
"db": "VULHUB",
"id": "VHN-167626"
},
{
"db": "VULMON",
"id": "CVE-2020-1472"
},
{
"db": "PACKETSTORM",
"id": "162645"
},
{
"db": "PACKETSTORM",
"id": "160717"
},
{
"db": "PACKETSTORM",
"id": "159206"
},
{
"db": "PACKETSTORM",
"id": "160507"
},
{
"db": "PACKETSTORM",
"id": "159207"
},
{
"db": "PACKETSTORM",
"id": "159414"
},
{
"db": "PACKETSTORM",
"id": "164406"
}
],
"trust": 3.15
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-167626",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167626"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-1472",
"trust": 4.9
},
{
"db": "CERT/CC",
"id": "VU#490028",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "160127",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "159190",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/09/17/2",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "160507",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162645",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159207",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160717",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159414",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95778184",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008530",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202008-548",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "49071",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164406",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.4143",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3188",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6539",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3219",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3239",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2781",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3417",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4436",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3303",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1706",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "160823",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021100615",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052030",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042837",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021063032",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48189",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48563",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2020110151",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159206",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-98378",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-167626",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-1472",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#490028"
},
{
"db": "VULHUB",
"id": "VHN-167626"
},
{
"db": "VULMON",
"id": "CVE-2020-1472"
},
{
"db": "PACKETSTORM",
"id": "162645"
},
{
"db": "PACKETSTORM",
"id": "160717"
},
{
"db": "PACKETSTORM",
"id": "159206"
},
{
"db": "PACKETSTORM",
"id": "160507"
},
{
"db": "PACKETSTORM",
"id": "159207"
},
{
"db": "PACKETSTORM",
"id": "159414"
},
{
"db": "PACKETSTORM",
"id": "164406"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-548"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008530"
},
{
"db": "NVD",
"id": "CVE-2020-1472"
}
]
},
"id": "VAR-202008-0248",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-167626"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:12:41.202000Z",
"patch": {
"_id": null,
"data": [
{
"title": "CVE-2020-1472\u00a0|\u00a0Netlogon\u00a0Elevation\u00a0of\u00a0Privilege\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://techcommunity.microsoft.com/t5/microsoft-365-defender/zerologon-is-now-detected-by-microsoft-defender-for-identity-cve/ba-p/1734034"
},
{
"title": "Red Hat: Moderate: samba security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205439 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: samba: CVE-2020-1472",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=158adc4a67e7a9fc23bf2da40547c403"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-1472 log"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1469",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1469"
},
{
"title": "CVE-2020-1472 POC",
"trust": 0.1,
"url": "https://github.com/Fa1c0n35/CVE-2020-1472 "
},
{
"title": "https://github.com/murataydemir/CVE-2020-1472",
"trust": 0.1,
"url": "https://github.com/murataydemir/CVE-2020-1472 "
},
{
"title": "CVE-2020-1472 POC",
"trust": 0.1,
"url": "https://github.com/npocmak/CVE-2020-1472 "
},
{
"title": "CVE-2020-1472\nExploit",
"trust": 0.1,
"url": "https://github.com/VoidSec/CVE-2020-1472 "
},
{
"title": "CVE-2020-1472",
"trust": 0.1,
"url": "https://github.com/sv3nbeast/CVE-2020-1472 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-1472"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008530"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Insufficient use of random values (CWE-330) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-269",
"trust": 0.1
},
{
"problemtype": "CWE-330",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167626"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008530"
},
{
"db": "NVD",
"id": "CVE-2020-1472"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.3,
"url": "https://www.kb.cert.org/vuls/id/490028"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/159190/zerologon-proof-of-concept.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/160127/zerologon-netlogon-privilege-escalation.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1472"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202012-24"
},
{
"trust": 1.7,
"url": "https://www.synology.com/security/advisory/synology_sa_20_21"
},
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1472"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2020/09/17/2"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00080.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00086.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4510-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4510-2/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4559-1/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/st6x3a2xxymgd4inr26dq4fp4qsm753b/"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2020-1472"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h4otfbl6ydvfh2tbjfjie4fmhpjeejk3/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tapqqzzat4tg3xvrtafv2y3s7oahfbup/"
},
{
"trust": 0.8,
"url": "cve-2020-1472 "
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95778184/"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20200812-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2020/at200033.html"
},
{
"trust": 0.8,
"url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h4otfbl6ydvfh2tbjfjie4fmhpjeejk3/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tapqqzzat4tg3xvrtafv2y3s7oahfbup/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/st6x3a2xxymgd4inr26dq4fp4qsm753b/"
},
{
"trust": 0.6,
"url": "https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-046.pdf"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-samba-affects-ibm-netezza-host-management/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1706"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162645/red-hat-security-advisory-2021-1647-01.html"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2020-1472"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052030"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-windows-vulnerabilities-of-august-2020-33057"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164406/red-hat-security-advisory-2021-3723-01.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020110151"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4143/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2781"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160823/understanding-and-exploiting-zerologon.html"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-notices/huawei-sn-20200925-01-netlogon-cn"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4436/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021063032"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160507/red-hat-security-advisory-2020-5439-01.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48189"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48563"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160717/gentoo-linux-security-advisory-202012-24.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3417/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3219/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6539"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-windows-samba-privilege-escalation-via-active-directory-domain-services-zerologon-33336"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3239/"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/49071"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042837"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159207/ubuntu-security-notice-usn-4510-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3303"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021100615"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159414/ubuntu-security-notice-usn-4559-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3188/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14323"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14318"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14318"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14323"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1472"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4510-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1647"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/5435971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14383"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.30"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5439"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4510-2"
},
{
"trust": 0.1,
"url": "https://www.samba.org/samba/security/cve-2020-1472.html"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4559-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.31"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/samba/2:4.11.6+dfsg-0ubuntu1.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.20"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20254"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20254"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3723"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#490028"
},
{
"db": "VULHUB",
"id": "VHN-167626"
},
{
"db": "PACKETSTORM",
"id": "162645"
},
{
"db": "PACKETSTORM",
"id": "160717"
},
{
"db": "PACKETSTORM",
"id": "159206"
},
{
"db": "PACKETSTORM",
"id": "160507"
},
{
"db": "PACKETSTORM",
"id": "159207"
},
{
"db": "PACKETSTORM",
"id": "159414"
},
{
"db": "PACKETSTORM",
"id": "164406"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-548"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008530"
},
{
"db": "NVD",
"id": "CVE-2020-1472"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#490028",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-167626",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-1472",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162645",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "160717",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159206",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "160507",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159207",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159414",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164406",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202008-548",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008530",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-1472",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-09-16T00:00:00",
"db": "CERT/CC",
"id": "VU#490028",
"ident": null
},
{
"date": "2020-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-167626",
"ident": null
},
{
"date": "2020-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1472",
"ident": null
},
{
"date": "2021-05-19T14:02:40",
"db": "PACKETSTORM",
"id": "162645",
"ident": null
},
{
"date": "2020-12-24T17:21:15",
"db": "PACKETSTORM",
"id": "160717",
"ident": null
},
{
"date": "2020-09-17T14:07:24",
"db": "PACKETSTORM",
"id": "159206",
"ident": null
},
{
"date": "2020-12-15T15:48:52",
"db": "PACKETSTORM",
"id": "160507",
"ident": null
},
{
"date": "2020-09-17T14:07:32",
"db": "PACKETSTORM",
"id": "159207",
"ident": null
},
{
"date": "2020-09-30T15:54:06",
"db": "PACKETSTORM",
"id": "159414",
"ident": null
},
{
"date": "2021-10-05T14:54:07",
"db": "PACKETSTORM",
"id": "164406",
"ident": null
},
{
"date": "2020-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-548",
"ident": null
},
{
"date": "2020-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008530",
"ident": null
},
{
"date": "2020-08-17T19:15:15.117000",
"db": "NVD",
"id": "CVE-2020-1472",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#490028",
"ident": null
},
{
"date": "2022-04-26T00:00:00",
"db": "VULHUB",
"id": "VHN-167626",
"ident": null
},
{
"date": "2024-01-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1472",
"ident": null
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-548",
"ident": null
},
{
"date": "2024-02-21T01:01:00",
"db": "JVNDB",
"id": "JVNDB-2020-008530",
"ident": null
},
{
"date": "2026-02-23T20:30:36.010000",
"db": "NVD",
"id": "CVE-2020-1472",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159206"
},
{
"db": "PACKETSTORM",
"id": "159207"
},
{
"db": "PACKETSTORM",
"id": "159414"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-548"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Microsoft Windows Netlogon Remote Protocol (MS-NRPC) uses insecure AES-CFB8 initialization vector",
"sources": [
{
"db": "CERT/CC",
"id": "VU#490028"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-548"
}
],
"trust": 0.6
}
}
VAR-202310-0175
Vulnerability from variot - Updated: 2026-04-10 22:02The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5540-1 security@debian.org https://www.debian.org/security/ Markus Koschany October 30, 2023 https://www.debian.org/security/faq
Package : jetty9 CVE ID : CVE-2023-36478 CVE-2023-44487
Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a Java based web server and servlet engine. The HTTP/2 protocol implementation did not sufficiently verify if HPACK header values exceed their size limit. This problem is also known as Rapid Reset Attack.
For the oldstable distribution (bullseye), these problems have been fixed in version 9.4.50-4+deb11u1.
For the stable distribution (bookworm), these problems have been fixed in version 9.4.50-4+deb12u2.
We recommend that you upgrade your jetty9 packages.
For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jetty9
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVABttfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTJ2g/9E8TKXU1Mko9WhumkvRQNsYxAM43L/gmYMRm4JEqhqpjHHZECJIOAVyxs uN0uE13T+JckplIAhfdsZgbmDDNjASyFWv9OfOdf2h4Y9ZhoXP22MXI2MjKb9MSH KfmPtX4S95UyF/Ty0kK17W63p4EvtNlcgRokx5yFpUF/rN72GXVx25W6WQ1pSHrJ ESJMqOr8d3Wn5/4yaPEunQrvPa4WkQSTv8nHAIxIenP3wiNuK2tZWN6GCAdbirQp MWt282W/ueGcRDq8UJB2tWkxqx8CNnqeIeh0LpaSZRbaf62DChtyj+5OnYyhwBTk 1mhwuveCFtNzRQyHRBrOrVWRAG43ktSyEYG90Il9iDchQROi0sJkQFVB0TXG6FnC hIFBcPw9VW5+7I+4gxexhpguq/SXZV9V9QH+jSeEBOgdKY/qX0farjElmhgFLRuS /weJAqnc9C6w4BB7gnE9ow4nbGqKqMEj1yoO8itMhCWBCaEIia0INpao7pfpf/9r KekLFoi6Gux0gqVMhhBw3latxW9zth93tNEeuuGb+kP/TDreBVkZnqrYVbtj49Wv IMX77Q8OB/TDQ8K5cEq05wcq59TIkAaVKGrP3sXsjbt4umbkjhbp8Oxv+chMOgPQ E8ThC0Q+lbZ4nth0vw2R93ObMfzlxZN2YJUqKf3aw/yAKd8YIys=CO/+ -----END PGP SIGNATURE----- .
Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This could result in denial of service.
Description:
nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23.
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7481.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
==================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.11.54 packages and security update Advisory ID: RHSA-2023:7481-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:7481 Issue date: 2023-11-29 Revision: 01 CVE Names: CVE-2023-44487 ====================================================================
Summary:
Red Hat OpenShift Container Platform release 4.11.54 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.11.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.54. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2023:7479
Security Fix(es):
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
Solution:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
CVEs:
CVE-2023-44487
References:
https://access.redhat.com/security/updates/classification/#important https://bugzilla.redhat.com/show_bug.cgi?id=2242803
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202408-10
https://security.gentoo.org/
Severity: Normal Title: nghttp2: Multiple Vulnerabilities Date: August 07, 2024 Bugs: #915554, #928541 ID: 202408-10
Synopsis
Multiple vulnerabilities have been discovered in nghttp2, the worst of which could lead to a denial of service.
Background
Nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C.
Affected packages
Package Vulnerable Unaffected
net-libs/nghttp2 < 1.61.0 >= 1.61.0
Description
Multiple vulnerabilities have been discovered in nghttp2. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All nghttp2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nghttp2-1.61.0"
References
[ 1 ] CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 [ 2 ] CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202408-10
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "node healthcheck operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "secure dynamic attributes connector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.0"
},
{
"_id": null,
"model": "varnish cache",
"scope": "lt",
"trust": 1.0,
"vendor": "varnish cache",
"version": "2023-10-10"
},
{
"_id": null,
"model": "decision manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "nginx plus",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "r29"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "build of quarkus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "netty",
"scope": "lt",
"trust": 1.0,
"vendor": "netty",
"version": "4.1.100"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "cost management",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.2\\(7\\)"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
},
{
"_id": null,
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "kong gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "konghq",
"version": "3.4.2"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"_id": null,
"model": "prime network registrar",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "openshift virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"_id": null,
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "big-ip ddos hybrid defender",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "nginx ingress controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "3.0.0"
},
{
"_id": null,
"model": "integration camel k",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "integration service registry",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "migration toolkit for applications",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "solr",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.4.0"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "iot field network director",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.11.0"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "openshift distributed tracing",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6"
},
{
"_id": null,
"model": "cbl-mariner",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2023-10-11"
},
{
"_id": null,
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.23"
},
{
"_id": null,
"model": "big-ip next",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "20.0.1"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "16.2"
},
{
"_id": null,
"model": "unified contact center enterprise - live data server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6.2"
},
{
"_id": null,
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(5\\)"
},
{
"_id": null,
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "caddy",
"scope": "lt",
"trust": 1.0,
"vendor": "caddyserver",
"version": "2.7.5"
},
{
"_id": null,
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip application visibility and reporting",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "expressway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "x14.3.3"
},
{
"_id": null,
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "nghttp2",
"scope": "lt",
"trust": 1.0,
"vendor": "nghttp2",
"version": "1.57.0"
},
{
"_id": null,
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "openshift pipelines",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "unified contact center domain manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "12.0.0"
},
{
"_id": null,
"model": "openshift secondary scheduler operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "16.1"
},
{
"_id": null,
"model": "grpc",
"scope": "gte",
"trust": 1.0,
"vendor": "grpc",
"version": "1.58.0"
},
{
"_id": null,
"model": "swiftnio http\\/2",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "1.28.0"
},
{
"_id": null,
"model": "openshift dev spaces",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "windows 10 21h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19044.3570"
},
{
"_id": null,
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "opensearch data prepper",
"scope": "lt",
"trust": 1.0,
"vendor": "amazon",
"version": "2.5.0"
},
{
"_id": null,
"model": "telepresence video communication server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "x14.3.3"
},
{
"_id": null,
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "advanced cluster security",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.003.009"
},
{
"_id": null,
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "linkerd",
"scope": "lte",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.12.5"
},
{
"_id": null,
"model": "service interconnect",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "machine deletion remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.7.5"
},
{
"_id": null,
"model": "windows 11 21h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.22000.2538"
},
{
"_id": null,
"model": "traefik",
"scope": "eq",
"trust": 1.0,
"vendor": "traefik",
"version": "3.0.0"
},
{
"_id": null,
"model": "single sign-on",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "ios xr",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.11.2"
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "10.0.0"
},
{
"_id": null,
"model": "ultra cloud core - serving gateway function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.02.0"
},
{
"_id": null,
"model": "secure malware analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.19.2"
},
{
"_id": null,
"model": "self node remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.80"
},
{
"_id": null,
"model": "nx-os",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "10.4\\(1\\)"
},
{
"_id": null,
"model": "cryostat",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "nginx plus",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "r29"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "20.8.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "38"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "11.0.0"
},
{
"_id": null,
"model": "grpc",
"scope": "lte",
"trust": 1.0,
"vendor": "grpc",
"version": "1.59.2"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "openshift api for data protection",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "integration camel for spring boot",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "istio",
"scope": "gte",
"trust": 1.0,
"vendor": "istio",
"version": "1.18.0"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "support for spring boot",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "prime infrastructure",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.93"
},
{
"_id": null,
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "nginx plus",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "r25"
},
{
"_id": null,
"model": "web terminal",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.4\\(2\\)"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "ceph storage",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "proxygen",
"scope": "lt",
"trust": 1.0,
"vendor": "facebook",
"version": "2023.10.16.00"
},
{
"_id": null,
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.0"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "nx-os",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.4.2"
},
{
"_id": null,
"model": "traffic server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.2.3"
},
{
"_id": null,
"model": "istio",
"scope": "gte",
"trust": 1.0,
"vendor": "istio",
"version": "1.19.0"
},
{
"_id": null,
"model": "http2",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "0.17.0"
},
{
"_id": null,
"model": "windows 10 1607",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.14393.6351"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "crosswork zero touch provisioning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.0"
},
{
"_id": null,
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "node maintenance operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "networking",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "0.17.0"
},
{
"_id": null,
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.14.0"
},
{
"_id": null,
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "grpc",
"scope": "eq",
"trust": 1.0,
"vendor": "grpc",
"version": "1.57.0"
},
{
"_id": null,
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.12"
},
{
"_id": null,
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "run once duration override operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "big-ip next service proxy for kubernetes",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.8.2"
},
{
"_id": null,
"model": "grpc",
"scope": "lt",
"trust": 1.0,
"vendor": "grpc",
"version": "1.56.3"
},
{
"_id": null,
"model": "windows 10 22h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19045.3570"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "10.1.13"
},
{
"_id": null,
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.7"
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "advanced cluster management for kubernetes",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "advanced cluster security",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "openresty",
"scope": "lt",
"trust": 1.0,
"vendor": "openresty",
"version": "1.21.4.3"
},
{
"_id": null,
"model": "big-ip carrier-grade nat",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"_id": null,
"model": "windows 10 1809",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.17763.4974"
},
{
"_id": null,
"model": "prime cable provisioning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.1"
},
{
"_id": null,
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.14.1"
},
{
"_id": null,
"model": "service telemetry framework",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.5"
},
{
"_id": null,
"model": "windows server 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "crosswork data gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0.0"
},
{
"_id": null,
"model": "jboss fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "contour",
"scope": "lt",
"trust": 1.0,
"vendor": "projectcontour",
"version": "2023-10-11"
},
{
"_id": null,
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.1.9"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "nginx plus",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "r30"
},
{
"_id": null,
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "grpc",
"scope": "lt",
"trust": 1.0,
"vendor": "grpc",
"version": "1.58.3"
},
{
"_id": null,
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "certification for red hat enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "9.0"
},
{
"_id": null,
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.17.6"
},
{
"_id": null,
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "data center network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "openshift sandboxed containers",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "jenkins",
"scope": "lte",
"trust": 1.0,
"vendor": "jenkins",
"version": "2.427"
},
{
"_id": null,
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "jboss data grid",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "20.0.0"
},
{
"_id": null,
"model": "azure kubernetes service",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2023-10-08"
},
{
"_id": null,
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "9.4.53"
},
{
"_id": null,
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "process automation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "logging subsystem for red hat openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.24.10"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.27.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "crosswork situation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "ultra cloud core - policy control function",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.01.0"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.18.3"
},
{
"_id": null,
"model": "connected mobile experiences",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.1"
},
{
"_id": null,
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.19.1"
},
{
"_id": null,
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.0"
},
{
"_id": null,
"model": "jboss a-mq streams",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.18.2"
},
{
"_id": null,
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "9.0"
},
{
"_id": null,
"model": "crosswork data gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0.2"
},
{
"_id": null,
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "10.0.17"
},
{
"_id": null,
"model": "jboss fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "10.1.0"
},
{
"_id": null,
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "12.0.2"
},
{
"_id": null,
"model": "3scale api management platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "ansible automation platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "go",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "1.21.3"
},
{
"_id": null,
"model": "traefik",
"scope": "lt",
"trust": 1.0,
"vendor": "traefik",
"version": "2.10.5"
},
{
"_id": null,
"model": "openshift gitops",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.12"
},
{
"_id": null,
"model": "go",
"scope": "gte",
"trust": 1.0,
"vendor": "golang",
"version": "1.21.0"
},
{
"_id": null,
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "11.0.17"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.25.2"
},
{
"_id": null,
"model": "windows server 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.23"
},
{
"_id": null,
"model": "jboss a-mq",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7"
},
{
"_id": null,
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2.20"
},
{
"_id": null,
"model": "nginx ingress controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "2.0.0"
},
{
"_id": null,
"model": "ultra cloud core - session management function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.02.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "ultra cloud core - policy control function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.01.0"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "17.1"
},
{
"_id": null,
"model": "network observability operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4.12"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.0.0"
},
{
"_id": null,
"model": "http",
"scope": "eq",
"trust": 1.0,
"vendor": "ietf",
"version": "2.0"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "crosswork data gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.3"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "openshift developer tools and services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.26.4"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "fence agents remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "http2",
"scope": "lt",
"trust": 1.0,
"vendor": "kazu yamamoto",
"version": "4.2.2"
},
{
"_id": null,
"model": "ios xe",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "17.15.1"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "big-ip next service proxy for kubernetes",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.0"
},
{
"_id": null,
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "fog director",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.22"
},
{
"_id": null,
"model": "certification for red hat enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"_id": null,
"model": "go",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "1.20.10"
},
{
"_id": null,
"model": "migration toolkit for virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "big-ip ssl orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "prime access registrar",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3.3"
},
{
"_id": null,
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "windows 11 22h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.22621.2428"
},
{
"_id": null,
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip advanced web application firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "cert-manager operator for red hat openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "migration toolkit for containers",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "big-ip websafe",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "openshift data science",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "h2o",
"scope": "lt",
"trust": 1.0,
"vendor": "dena",
"version": "2023-10-10"
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "nginx ingress controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "2.4.2"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "akka",
"version": "10.5.3"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"_id": null,
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"_id": null,
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.13.1"
},
{
"_id": null,
"model": "jenkins",
"scope": "lte",
"trust": 1.0,
"vendor": "jenkins",
"version": "2.414.2"
},
{
"_id": null,
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.13.0"
},
{
"_id": null,
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"_id": null,
"model": "openshift container platform assisted installer",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"_id": null,
"model": "astra control center",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "secure web appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "15.1.0"
},
{
"_id": null,
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.25.9"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "apisix",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "3.6.1"
},
{
"_id": null,
"model": "openshift serverless",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4"
},
{
"_id": null,
"model": "nginx ingress controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "3.3.0"
},
{
"_id": null,
"model": "armeria",
"scope": "lt",
"trust": 1.0,
"vendor": "linecorp",
"version": "1.26.0"
},
{
"_id": null,
"model": "unified contact center management portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "11.0.0"
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"_id": null,
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "build of optaplanner",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"_id": null,
"model": "linkerd",
"scope": "gte",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.12.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "12.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "175270"
},
{
"db": "PACKETSTORM",
"id": "175126"
},
{
"db": "PACKETSTORM",
"id": "175179"
},
{
"db": "PACKETSTORM",
"id": "175159"
},
{
"db": "PACKETSTORM",
"id": "175970"
}
],
"trust": 0.5
},
"cve": "CVE-2023-44487",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-44487",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44487",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-44487",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"description": {
"_id": null,
"data": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5540-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nOctober 30, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : jetty9\nCVE ID : CVE-2023-36478 CVE-2023-44487\n\nTwo remotely exploitable security vulnerabilities were discovered in Jetty 9, a\nJava based web server and servlet engine. The HTTP/2 protocol implementation\ndid not sufficiently verify if HPACK header values exceed their size limit. This\nproblem is also known as Rapid Reset Attack. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 9.4.50-4+deb11u1. \n\nFor the stable distribution (bookworm), these problems have been fixed in\nversion 9.4.50-4+deb12u2. \n\nWe recommend that you upgrade your jetty9 packages. \n\nFor the detailed security status of jetty9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/jetty9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVABttfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTJ2g/9E8TKXU1Mko9WhumkvRQNsYxAM43L/gmYMRm4JEqhqpjHHZECJIOAVyxs\nuN0uE13T+JckplIAhfdsZgbmDDNjASyFWv9OfOdf2h4Y9ZhoXP22MXI2MjKb9MSH\nKfmPtX4S95UyF/Ty0kK17W63p4EvtNlcgRokx5yFpUF/rN72GXVx25W6WQ1pSHrJ\nESJMqOr8d3Wn5/4yaPEunQrvPa4WkQSTv8nHAIxIenP3wiNuK2tZWN6GCAdbirQp\nMWt282W/ueGcRDq8UJB2tWkxqx8CNnqeIeh0LpaSZRbaf62DChtyj+5OnYyhwBTk\n1mhwuveCFtNzRQyHRBrOrVWRAG43ktSyEYG90Il9iDchQROi0sJkQFVB0TXG6FnC\nhIFBcPw9VW5+7I+4gxexhpguq/SXZV9V9QH+jSeEBOgdKY/qX0farjElmhgFLRuS\n/weJAqnc9C6w4BB7gnE9ow4nbGqKqMEj1yoO8itMhCWBCaEIia0INpao7pfpf/9r\nKekLFoi6Gux0gqVMhhBw3latxW9zth93tNEeuuGb+kP/TDreBVkZnqrYVbtj49Wv\nIMX77Q8OB/TDQ8K5cEq05wcq59TIkAaVKGrP3sXsjbt4umbkjhbp8Oxv+chMOgPQ\nE8ThC0Q+lbZ4nth0vw2R93ObMfzlxZN2YJUqKf3aw/yAKd8YIys=CO/+\n-----END PGP SIGNATURE-----\n. \n\n\n\n\nDescription:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This could result\nin denial of service. \n\n\n\n\nDescription:\n\nnghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. \n\n\n\n\nDescription:\n\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\n\n\n\nDescription:\n\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7481.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.11.54 packages and security update\nAdvisory ID: RHSA-2023:7481-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:7481\nIssue date: 2023-11-29\nRevision: 01\nCVE Names: CVE-2023-44487\n====================================================================\n\nSummary: \n\nRed Hat OpenShift Container Platform release 4.11.54 is now available with updates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.11. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.54. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:7479\n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS\nattack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n\nSolution:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\n\n\nCVEs:\n\nCVE-2023-44487\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2242803\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202408-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nghttp2: Multiple Vulnerabilities\n Date: August 07, 2024\n Bugs: #915554, #928541\n ID: 202408-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in nghttp2, the worst of\nwhich could lead to a denial of service. \n\nBackground\n==========\n\nNghttp2 is an implementation of HTTP/2 and its header compression\nalgorithm HPACK in C. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n---------------- ------------ ------------\nnet-libs/nghttp2 \u003c 1.61.0 \u003e= 1.61.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nghttp2. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nghttp2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/nghttp2-1.61.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2023-44487\n https://nvd.nist.gov/vuln/detail/CVE-2023-44487\n[ 2 ] CVE-2024-28182\n https://nvd.nist.gov/vuln/detail/CVE-2024-28182\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202408-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
},
{
"db": "PACKETSTORM",
"id": "175650"
},
{
"db": "PACKETSTORM",
"id": "175437"
},
{
"db": "PACKETSTORM",
"id": "175270"
},
{
"db": "PACKETSTORM",
"id": "176035"
},
{
"db": "PACKETSTORM",
"id": "175126"
},
{
"db": "PACKETSTORM",
"id": "175179"
},
{
"db": "PACKETSTORM",
"id": "175159"
},
{
"db": "PACKETSTORM",
"id": "175970"
},
{
"db": "PACKETSTORM",
"id": "179956"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2023-44487",
"trust": 1.9
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/19/6",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/10/6",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/20/8",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/18/4",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/10/7",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/18/8",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/13/4",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/13/9",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/08/13/6",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "175650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175437",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175270",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176035",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175126",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175179",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175159",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175970",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179956",
"trust": 0.1
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "175650"
},
{
"db": "PACKETSTORM",
"id": "175437"
},
{
"db": "PACKETSTORM",
"id": "175270"
},
{
"db": "PACKETSTORM",
"id": "176035"
},
{
"db": "PACKETSTORM",
"id": "175126"
},
{
"db": "PACKETSTORM",
"id": "175179"
},
{
"db": "PACKETSTORM",
"id": "175159"
},
{
"db": "PACKETSTORM",
"id": "175970"
},
{
"db": "PACKETSTORM",
"id": "179956"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"id": "VAR-202310-0175",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.38473925200000003
},
"last_update_date": "2026-04-10T22:02:50.262000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"trust": 1.0,
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/"
},
{
"trust": 1.0,
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"trust": 1.0,
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"trust": 1.0,
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"trust": 1.0,
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"trust": 1.0,
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"trust": 1.0,
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"trust": 1.0,
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"trust": 1.0,
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"trust": 1.0,
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"trust": 1.0,
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"trust": 1.0,
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/"
},
{
"trust": 1.0,
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-qppj-fm5r-hxr3"
},
{
"trust": 1.0,
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/"
},
{
"trust": 1.0,
"url": "https://github.com/h2o/h2o/security/advisories/ghsa-2m7v-gc89-fjqf"
},
{
"trust": 1.0,
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"trust": 1.0,
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"trust": 1.0,
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"trust": 1.0,
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#l1101-l1113"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/"
},
{
"trust": 1.0,
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"trust": 1.0,
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"trust": 1.0,
"url": "https://github.com/bcdannyboy/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/"
},
{
"trust": 1.0,
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
},
{
"trust": 1.0,
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"trust": 1.0,
"url": "https://netty.io/news/2023/10/10/4-1-100-final.html"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/"
},
{
"trust": 1.0,
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"trust": 1.0,
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#l73"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/"
},
{
"trust": 1.0,
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/"
},
{
"trust": 1.0,
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-vx74-f528-fxqg"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"trust": 1.0,
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/readme.md?plain=1#l239-l244"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"trust": 1.0,
"url": "https://ubuntu.com/security/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"trust": 1.0,
"url": "https://github.com/golang/go/issues/63417"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/"
},
{
"trust": 1.0,
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/"
},
{
"trust": 1.0,
"url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/"
},
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-xpw8-rcwv-8f8p"
},
{
"trust": 1.0,
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/"
},
{
"trust": 1.0,
"url": "https://security.paloaltonetworks.com/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"trust": 1.0,
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"trust": 1.0,
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/"
},
{
"trust": 1.0,
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"trust": 1.0,
"url": "https://lists.w3.org/archives/public/ietf-http-wg/2023octdec/0025.html"
},
{
"trust": 1.0,
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"trust": 1.0,
"url": "https://www.phoronix.com/news/http2-rapid-reset-attack"
},
{
"trust": 1.0,
"url": "https://github.com/kong/kong/discussions/11741"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"trust": 1.0,
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/"
},
{
"trust": 1.0,
"url": "https://groups.google.com/g/golang-announce/c/innxdtcjzvo"
},
{
"trust": 1.0,
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"trust": 1.0,
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/"
},
{
"trust": 1.0,
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-october/s36q5hbxr7caimpllprsssyr4pcmwilk.html"
},
{
"trust": 1.0,
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"trust": 1.0,
"url": "https://github.com/arkrwn/poc/tree/main/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/"
},
{
"trust": 1.0,
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/"
},
{
"trust": 1.0,
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"trust": 1.0,
"url": "https://github.com/microsoft/cbl-mariner/pull/6381"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/"
},
{
"trust": 1.0,
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"trust": 1.0,
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/"
},
{
"trust": 1.0,
"url": "https://my.f5.com/manage/s/article/k000137106"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 1.0,
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"trust": 1.0,
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/"
},
{
"trust": 1.0,
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"trust": 1.0,
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"trust": 1.0,
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"trust": 1.0,
"url": "https://github.com/line/armeria/pull/5232"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"trust": 1.0,
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/"
},
{
"trust": 1.0,
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-http2-reset-d8kf32vz"
},
{
"trust": 1.0,
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"trust": 1.0,
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/"
},
{
"trust": 1.0,
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/"
},
{
"trust": 1.0,
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"trust": 1.0,
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
},
{
"trust": 1.0,
"url": "https://aws.amazon.com/security/security-bulletins/aws-2023-011/"
},
{
"trust": 1.0,
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"trust": 1.0,
"url": "https://github.com/azure/aks/issues/3947"
},
{
"trust": 1.0,
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"trust": 1.0,
"url": "https://tomcat.apache.org/security-10.html#fixed_in_apache_tomcat_10.1.14"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"trust": 1.0,
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-003"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.3,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-33934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47185"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/trafficserver"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-41752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-39456"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-36478"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/jetty9"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5973.json"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nghttp2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5766.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5840.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5707"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5707.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7481.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:7479"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:7481"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202408-10"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "175650"
},
{
"db": "PACKETSTORM",
"id": "175437"
},
{
"db": "PACKETSTORM",
"id": "175270"
},
{
"db": "PACKETSTORM",
"id": "176035"
},
{
"db": "PACKETSTORM",
"id": "175126"
},
{
"db": "PACKETSTORM",
"id": "175179"
},
{
"db": "PACKETSTORM",
"id": "175159"
},
{
"db": "PACKETSTORM",
"id": "175970"
},
{
"db": "PACKETSTORM",
"id": "179956"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "PACKETSTORM",
"id": "175650",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "175437",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "175270",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "176035",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "175126",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "175179",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "175159",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "175970",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "179956",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2023-44487",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2023-11-13T22:11:28",
"db": "PACKETSTORM",
"id": "175650",
"ident": null
},
{
"date": "2023-10-31T13:13:14",
"db": "PACKETSTORM",
"id": "175437",
"ident": null
},
{
"date": "2023-10-23T14:26:00",
"db": "PACKETSTORM",
"id": "175270",
"ident": null
},
{
"date": "2023-12-04T13:45:34",
"db": "PACKETSTORM",
"id": "176035",
"ident": null
},
{
"date": "2023-10-17T15:39:55",
"db": "PACKETSTORM",
"id": "175126",
"ident": null
},
{
"date": "2023-10-18T16:28:09",
"db": "PACKETSTORM",
"id": "175179",
"ident": null
},
{
"date": "2023-10-18T16:22:55",
"db": "PACKETSTORM",
"id": "175159",
"ident": null
},
{
"date": "2023-11-29T12:44:32",
"db": "PACKETSTORM",
"id": "175970",
"ident": null
},
{
"date": "2024-08-07T14:45:35",
"db": "PACKETSTORM",
"id": "179956",
"ident": null
},
{
"date": "2023-10-10T14:15:10.883000",
"db": "NVD",
"id": "CVE-2023-44487",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2025-11-07T19:00:41.810000",
"db": "NVD",
"id": "CVE-2023-44487",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "Debian Security Advisory 5549-1",
"sources": [
{
"db": "PACKETSTORM",
"id": "175650"
}
],
"trust": 0.1
},
"type": {
"_id": null,
"data": "info disclosure",
"sources": [
{
"db": "PACKETSTORM",
"id": "175650"
}
],
"trust": 0.1
}
}
CVE-2026-26128 (GCVE-0-2026-26128)
Vulnerability from nvd – Published: 2026-03-10 17:05 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows SMB Server Elevation of Privilege Vulnerability
Summary
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:55:35.947Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:48.078Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows SMB Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26128"
}
],
"title": "Windows SMB Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-26128",
"datePublished": "2026-03-10T17:05:08.574Z",
"dateReserved": "2026-02-11T15:52:13.912Z",
"dateUpdated": "2026-04-09T23:25:48.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26111 (GCVE-0-2026-26111)
Vulnerability from nvd – Published: 2026-03-10 17:05 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Summary
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Severity ?
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T03:55:39.954386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:08:16.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:41.763Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26111"
}
],
"title": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-26111",
"datePublished": "2026-03-10T17:05:02.604Z",
"dateReserved": "2026-02-11T15:52:13.910Z",
"dateUpdated": "2026-04-09T23:25:41.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25190 (GCVE-0-2026-25190)
Vulnerability from nvd – Published: 2026-03-10 17:05 – Updated: 2026-04-09 23:25
VLAI?
Title
GDI Remote Code Execution Vulnerability
Summary
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:56:14.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:40.752Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "GDI Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25190"
}
],
"title": "GDI Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25190",
"datePublished": "2026-03-10T17:05:01.147Z",
"dateReserved": "2026-01-29T18:36:49.696Z",
"dateUpdated": "2026-04-09T23:25:40.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25189 (GCVE-0-2026-25189)
Vulnerability from nvd – Published: 2026-03-10 17:05 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows DWM Core Library Elevation of Privilege Vulnerability
Summary
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.8511
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T03:56:16.836810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:08:16.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:40.187Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows DWM Core Library Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25189"
}
],
"title": "Windows DWM Core Library Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25189",
"datePublished": "2026-03-10T17:05:00.472Z",
"dateReserved": "2026-01-29T18:36:49.696Z",
"dateUpdated": "2026-04-09T23:25:40.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25188 (GCVE-0-2026-25188)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Telephony Service Elevation of Privilege Vulnerability
Summary
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:55:31.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:39.682Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Telephony Service Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25188"
}
],
"title": "Windows Telephony Service Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25188",
"datePublished": "2026-03-10T17:04:59.489Z",
"dateReserved": "2026-01-29T18:36:49.696Z",
"dateUpdated": "2026-04-09T23:25:39.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25187 (GCVE-0-2026-25187)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Winlogon Elevation of Privilege Vulnerability
Summary
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:55:28.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper link resolution before file access (\u0027link following\u0027) in Winlogon allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:39.093Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Winlogon Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25187"
}
],
"title": "Winlogon Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25187",
"datePublished": "2026-03-10T17:04:58.796Z",
"dateReserved": "2026-01-29T18:36:49.696Z",
"dateUpdated": "2026-04-09T23:25:39.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25186 (GCVE-0-2026-25186)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability
Summary
Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T18:07:03.487824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T18:07:10.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:38.450Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25186"
}
],
"title": "Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25186",
"datePublished": "2026-03-10T17:04:58.309Z",
"dateReserved": "2026-01-29T18:36:49.696Z",
"dateUpdated": "2026-04-09T23:25:38.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25185 (GCVE-0-2026-25185)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Shell Link Processing Spoofing Vulnerability
Summary
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T14:50:58.828588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T14:51:17.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:37.855Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Shell Link Processing Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25185"
}
],
"title": "Windows Shell Link Processing Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25185",
"datePublished": "2026-03-10T17:04:57.634Z",
"dateReserved": "2026-01-29T18:36:49.696Z",
"dateUpdated": "2026-04-09T23:25:37.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25181 (GCVE-0-2026-25181)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
GDI+ Information Disclosure Vulnerability
Summary
Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T19:51:21.592262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T19:51:39.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:37.292Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "GDI+ Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25181"
}
],
"title": "GDI+ Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25181",
"datePublished": "2026-03-10T17:04:57.068Z",
"dateReserved": "2026-01-29T18:36:49.696Z",
"dateUpdated": "2026-04-09T23:25:37.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25180 (GCVE-0-2026-25180)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Graphics Component Information Disclosure Vulnerability
Summary
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Office for Android |
Affected:
16.0.1 , < 16.0.19822.20000
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T18:38:43.782871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T18:45:53.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19822.20000",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:*:*:android:*:*:*:*:*",
"versionEndExcluding": "16.0.19822.20000",
"versionStartIncluding": "16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:36.701Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Graphics Component Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25180"
}
],
"title": "Windows Graphics Component Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25180",
"datePublished": "2026-03-10T17:04:56.416Z",
"dateReserved": "2026-01-29T18:36:49.696Z",
"dateUpdated": "2026-04-09T23:25:36.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25179 (GCVE-0-2026-25179)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Summary
Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:56:03.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:36.038Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25179"
}
],
"title": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25179",
"datePublished": "2026-03-10T17:04:55.821Z",
"dateReserved": "2026-01-29T18:36:49.695Z",
"dateUpdated": "2026-04-09T23:25:36.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25178 (GCVE-0-2026-25178)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Summary
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T03:56:09.649687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:08:16.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:35.323Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25178"
}
],
"title": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25178",
"datePublished": "2026-03-10T17:04:55.163Z",
"dateReserved": "2026-01-29T18:36:49.695Z",
"dateUpdated": "2026-04-09T23:25:35.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25177 (GCVE-0-2026-25177)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Active Directory Domain Services Elevation of Privilege Vulnerability
Summary
Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
Severity ?
CWE
- CWE-641 - Improper Restriction of Names for Files and Other Resources
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:55:29.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-641",
"description": "CWE-641: Improper Restriction of Names for Files and Other Resources",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:34.166Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Active Directory Domain Services Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25177"
}
],
"title": "Active Directory Domain Services Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25177",
"datePublished": "2026-03-10T17:04:54.674Z",
"dateReserved": "2026-01-29T18:36:49.695Z",
"dateUpdated": "2026-04-09T23:25:34.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25176 (GCVE-0-2026-25176)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Summary
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:56:09.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:33.605Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25176"
}
],
"title": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25176",
"datePublished": "2026-03-10T17:04:54.113Z",
"dateReserved": "2026-01-29T18:36:49.695Z",
"dateUpdated": "2026-04-09T23:25:33.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25175 (GCVE-0-2026-25175)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows NTFS Elevation of Privilege Vulnerability
Summary
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T03:56:05.196602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:08:17.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:33.084Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows NTFS Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25175"
}
],
"title": "Windows NTFS Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25175",
"datePublished": "2026-03-10T17:04:53.568Z",
"dateReserved": "2026-01-29T18:36:49.695Z",
"dateUpdated": "2026-04-09T23:25:33.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25174 (GCVE-0-2026-25174)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
Summary
Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T03:56:24.477675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:08:17.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_2H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:32.470Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Extensible File Allocation Table Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25174"
}
],
"title": "Windows Extensible File Allocation Table Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25174",
"datePublished": "2026-03-10T17:04:52.930Z",
"dateReserved": "2026-01-29T18:36:49.695Z",
"dateUpdated": "2026-04-09T23:25:32.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25173 (GCVE-0-2026-25173)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Summary
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Severity ?
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:55:43.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:31.864Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25173"
}
],
"title": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25173",
"datePublished": "2026-03-10T17:04:52.357Z",
"dateReserved": "2026-01-29T18:36:49.695Z",
"dateUpdated": "2026-04-09T23:25:31.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25172 (GCVE-0-2026-25172)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Summary
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Severity ?
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:55:45.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:31.342Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25172"
}
],
"title": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25172",
"datePublished": "2026-03-10T17:04:51.810Z",
"dateReserved": "2026-01-29T18:36:49.695Z",
"dateUpdated": "2026-04-09T23:25:31.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25171 (GCVE-0-2026-25171)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Authentication Elevation of Privilege Vulnerability
Summary
Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T03:56:13.705695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:08:17.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:30.749Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Authentication Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25171"
}
],
"title": "Windows Authentication Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25171",
"datePublished": "2026-03-10T17:04:51.248Z",
"dateReserved": "2026-01-29T18:36:49.695Z",
"dateUpdated": "2026-04-09T23:25:30.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25169 (GCVE-0-2026-25169)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Graphics Component Denial of Service Vulnerability
Summary
Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.
Severity ?
CWE
- CWE-369 - Divide By Zero
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T19:59:51.858750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T20:02:59.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369: Divide By Zero",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:29.656Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Graphics Component Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25169"
}
],
"title": "Windows Graphics Component Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25169",
"datePublished": "2026-03-10T17:04:50.195Z",
"dateReserved": "2026-01-29T18:36:49.695Z",
"dateUpdated": "2026-04-09T23:25:29.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25168 (GCVE-0-2026-25168)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Graphics Component Denial of Service Vulnerability
Summary
Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25168",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T18:38:45.819623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T18:46:11.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:28.970Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Graphics Component Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25168"
}
],
"title": "Windows Graphics Component Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25168",
"datePublished": "2026-03-10T17:04:49.643Z",
"dateReserved": "2026-01-29T18:36:49.695Z",
"dateUpdated": "2026-04-09T23:25:28.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25166 (GCVE-0-2026-25166)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability
Summary
Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows ADK for Windows 10, version 2004 |
Affected:
-
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T14:49:27.115711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T14:49:43.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Windows ADK for Windows 10, version 2004",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Windows ADK for Windows 11, version 22H2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Windows ADK for Windows 11, version 23H2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Windows ADK for Windows 11, version 24H2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "Windows ADK for Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_adk_24H2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_adk_23h2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_adk_22H2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_adk:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_adk_version_2004:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:27.478Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25166"
}
],
"title": "Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25166",
"datePublished": "2026-03-10T17:04:48.427Z",
"dateReserved": "2026-01-29T18:36:49.695Z",
"dateUpdated": "2026-04-09T23:25:27.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25165 (GCVE-0-2026-25165)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Performance Counters for Windows Elevation of Privilege Vulnerability
Summary
Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T19:57:12.214368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T19:57:19.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:26.922Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Performance Counters for Windows Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25165"
}
],
"title": "Performance Counters for Windows Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-25165",
"datePublished": "2026-03-10T17:04:47.850Z",
"dateReserved": "2026-01-29T18:36:49.694Z",
"dateUpdated": "2026-04-09T23:25:26.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24297 (GCVE-0-2026-24297)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Kerberos Security Feature Bypass Vulnerability
Summary
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network.
Severity ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T18:40:44.426866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T18:46:17.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:26.370Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Kerberos Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24297"
}
],
"title": "Windows Kerberos Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-24297",
"datePublished": "2026-03-10T17:04:47.283Z",
"dateReserved": "2026-01-21T21:28:02.969Z",
"dateUpdated": "2026-04-09T23:25:26.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24296 (GCVE-0-2026-24296)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Device Association Service Elevation of Privilege Vulnerability
Summary
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T03:56:19.050865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:08:17.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Device Association Service allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:25.745Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Device Association Service Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24296"
}
],
"title": "Windows Device Association Service Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-24296",
"datePublished": "2026-03-10T17:04:46.697Z",
"dateReserved": "2026-01-21T21:28:02.969Z",
"dateUpdated": "2026-04-09T23:25:25.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24295 (GCVE-0-2026-24295)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Device Association Service Elevation of Privilege Vulnerability
Summary
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T03:56:17.908396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:08:17.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Device Association Service allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:25.154Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Device Association Service Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24295"
}
],
"title": "Windows Device Association Service Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-24295",
"datePublished": "2026-03-10T17:04:46.032Z",
"dateReserved": "2026-01-21T21:28:02.968Z",
"dateUpdated": "2026-04-09T23:25:25.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24294 (GCVE-0-2026-24294)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows SMB Server Elevation of Privilege Vulnerability
Summary
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8957
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24294",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:55:34.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-27T21:00:31.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2026-24294-detection-script-improper-authentication-vulnerability-in-windows-smb-server"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2026-24294-mitigation-script-improper-authentication-vulnerability-in-windows-smb-server"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25973",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23074",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8957",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8957",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25973",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23074",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:24.659Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows SMB Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24294"
}
],
"title": "Windows SMB Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-24294",
"datePublished": "2026-03-10T17:04:45.359Z",
"dateReserved": "2026-01-21T21:28:02.968Z",
"dateUpdated": "2026-04-09T23:25:24.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24292 (GCVE-0-2026-24292)
Vulnerability from nvd – Published: 2026-03-10 17:04 – Updated: 2026-04-09 23:25
VLAI?
Title
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Summary
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.8511
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-10 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T03:55:33.387586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:08:18.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.7058",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.7058",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6783",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.8037",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.8037",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1719",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8511",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4893",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2207",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32522",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8511",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4893",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.7058",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.7058",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.8037",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6783",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2207",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.8037",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32522",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1719",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T23:25:23.334Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Connected Devices Platform Service Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24292"
}
],
"title": "Windows Connected Devices Platform Service Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-24292",
"datePublished": "2026-03-10T17:04:43.966Z",
"dateReserved": "2026-01-21T21:28:02.968Z",
"dateUpdated": "2026-04-09T23:25:23.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}