Soluções para:
Produtos domésticos
Pequenas empresas
Empresas médias
Grandes empresas
Vulnerabilidades Ameaças
Início Vulnerabilidades

Multiple vulnerabilities in Microsoft Products (ESU)

Kaspersky ID:
KLA90926
Data de detecção:
03/10/2026
Atualizado:
03/11/2026

Descrição

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, bypass security restrictions, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
  2. An elevation of privilege vulnerability in Windows SMB Server can be exploited remotely to gain privileges.
  3. An elevation of privilege vulnerability in Windows Projected File System can be exploited remotely to gain privileges.
  4. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  5. A denial of service vulnerability in Windows Graphics Component can be exploited remotely to cause denial of service.
  6. A security feature bypass vulnerability in MapUrlToZone can be exploited remotely to bypass security restrictions.
  7. An elevation of privilege vulnerability in Windows Device Association Service can be exploited remotely to gain privileges.
  8. An elevation of privilege vulnerability in Windows Connected Devices Platform Service can be exploited remotely to gain privileges.
  9. An elevation of privilege vulnerability in Windows Authentication can be exploited remotely to gain privileges.
  10. An information disclosure vulnerability in Windows Accessibility Infrastructure (ATBroker.exe) can be exploited remotely to obtain sensitive information.
  11. A spoofing vulnerability in Windows Shell Link Processing can be exploited remotely to spoof user interface.
  12. An elevation of privilege vulnerability in Windows Accessibility Infrastructure (ATBroker.exe) can be exploited remotely to gain privileges.
  13. An elevation of privilege vulnerability in Broadcast DVR can be exploited remotely to gain privileges.
  14. An elevation of privilege vulnerability in Winlogon can be exploited remotely to gain privileges.
  15. An elevation of privilege vulnerability in Windows Extensible File Allocation Table can be exploited remotely to gain privileges.
  16. An elevation of privilege vulnerability in Windows DWM Core Library can be exploited remotely to gain privileges.
  17. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  18. An information disclosure vulnerability in GDI+ can be exploited remotely to obtain sensitive information.
  19. A remote code execution vulnerability in GDI can be exploited remotely to execute arbitrary code.
  20. An elevation of privilege vulnerability in Performance Counters for Windows can be exploited remotely to gain privileges.
  21. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  22. A remote code execution vulnerability in Windows Print Spooler can be exploited remotely to execute arbitrary code.
  23. A remote code execution vulnerability in Windows Mobile Broadband Driver can be exploited remotely to execute arbitrary code.
  24. A remote code execution vulnerability in Windows System Image Manager Assessment and Deployment Kit (ADK) can be exploited remotely to execute arbitrary code.
  25. An elevation of privilege vulnerability in Windows Resilient File System (ReFS) can be exploited remotely to gain privileges.
  26. An elevation of privilege vulnerability in Windows Bluetooth RFCOM Protocol Driver can be exploited remotely to gain privileges.
  27. An elevation of privilege vulnerability in Windows Telephony Service can be exploited remotely to gain privileges.
  28. A security feature bypass vulnerability in Windows Kerberos can be exploited remotely to bypass security restrictions.
  29. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
  30. An elevation of privilege vulnerability in Windows NTFS can be exploited remotely to gain privileges.
  31. An elevation of privilege vulnerability in Windows Universal Disk Format File System Driver (UDFS) can be exploited remotely to gain privileges.
  32. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to obtain sensitive information.
  33. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
  34. An elevation of privilege vulnerability in Push message Routing Service can be exploited remotely to obtain sensitive information.

Comunicados originais

Exploração

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Produtos relacionados

Lista de CVE

  • CVE-2026-23667
    high
  • CVE-2026-23668
    high
  • CVE-2026-23669
    critical
  • CVE-2026-23671
    high
  • CVE-2026-23672
    critical
  • CVE-2026-23673
    critical
  • CVE-2026-23674
    critical
  • CVE-2026-24282
    high
  • CVE-2026-24285
    high
  • CVE-2026-24287
    critical
  • CVE-2026-24288
    high
  • CVE-2026-24289
    critical
  • CVE-2026-24290
    critical
  • CVE-2026-24291
    critical
  • CVE-2026-24292
    critical
  • CVE-2026-24293
    critical
  • CVE-2026-24294
    critical
  • CVE-2026-24295
    high
  • CVE-2026-24296
    high
  • CVE-2026-24297
    high
  • CVE-2026-25165
    critical
  • CVE-2026-25166
    critical
  • CVE-2026-25168
    high
  • CVE-2026-25169
    high
  • CVE-2026-25171
    high
  • CVE-2026-25172
    critical
  • CVE-2026-25173
    critical
  • CVE-2026-25174
    critical
  • CVE-2026-25175
    critical
  • CVE-2026-25176
    critical
  • CVE-2026-25177
    critical
  • CVE-2026-25178
    high
  • CVE-2026-25179
    high
  • CVE-2026-25180
    high
  • CVE-2026-25181
    critical
  • CVE-2026-25185
    high
  • CVE-2026-25186
    high
  • CVE-2026-25187
    critical
  • CVE-2026-25188
    critical
  • CVE-2026-25189
    critical
  • CVE-2026-25190
    critical
  • CVE-2026-26111
    critical
  • CVE-2026-26128
    critical
  • CVE-2026-26132
    critical

Lista de KB

Saiba mais

Descubra as estatísticas das vulnerabilidades que se espalham em sua região statistics.securelist.com

Encontrou uma imprecisão na descrição desta vulnerabilidade? Avise-nos!
Kaspersky Next:
cibersegurança redefinida
Saber mais
Novo Kaspersky!
Sua vida dgital merece proteção completa!
Saber mais
Related articles
10 March 2026
Securelist
BeatBanker: A dual‑mode Android Trojan
06 March 2026
Securelist
Exploits and vulnerabilities in Q4 2025
04 March 2026
Securelist
Mobile malware evolution in 2025
19 February 2026
Securelist
Arkanix Stealer: a C++ & Python infostealer
17 February 2026
Securelist
Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
11 February 2026
Securelist
The game is over: when “free” comes at too high a price. What we know about RenEngine
Encontrou uma imprecisão na descrição desta vulnerabilidade?
Se você encontrou uma nova Ameaça ou Vulnerabilidade, por favor, nos avise por e-mail:
newvirus@kaspersky.com
Encontrou uma nova Ameaça ou Vulnerabilidade?
Se você encontrou uma nova Ameaça ou Vulnerabilidade, por favor, nos avise por e-mail:
newvirus@kaspersky.com
Soluções para
Produtos domésticos
Pequenas empresas
Empresas médias
Grandes empresas
Select language
Severity level
Critical
High
Warning
Sorting
Kaspersky ID
Vulnerabilidade
Detect date
Nível de gravidade
You must select at least one severity level
Do you want to save your changes?
Your message has been sent successfully.