| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally. |
| This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash. Microsoft silently fixed this vulnerability in the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025. Windows 25H2 (released in September) was released with the patch. Windows 1123h2 and earlier versions remain vulnerable. |
| Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network. |
| Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. |
| Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally. |
| Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. |
| Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. |
| Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally. |
| Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. |
| Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. |
| Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally. |
| Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally. |
| Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. |
