Kaspersky ID:
KLA91097
Data de detecção:
06/09/2026
Atualizado:
06/25/2026

Descrição

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, perform cross-site scripting attack, bypass security restrictions, cause denial of service, obtain sensitive information, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. Cross-site scripting (XSS) vulnerability can be exploited to perform cross-site scripting attack.
  2. An elevation of privilege vulnerability in Windows Device Health Attestation (DHA) can be exploited remotely to gain privileges.
  3. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  4. An elevation of privilege vulnerability in Windows Universal Disk Format File System Driver (UDFS) can be exploited remotely to gain privileges.
  5. An elevation of privilege vulnerability in Microsoft Kinect can be exploited remotely to gain privileges.
  6. An elevation of privilege vulnerability in Windows DNS Client can be exploited remotely to gain privileges.
  7. An elevation of privilege vulnerability in Windows Projected File System can be exploited remotely to gain privileges.
  8. Security vulnerability can be exploited to bypass security restrictions.
  9. An elevation of privilege vulnerability in Windows Function Discovery Service (fdwsd.dll) can be exploited remotely to gain privileges.
  10. A denial of service vulnerability in Windows Kerberos can be exploited remotely to cause denial of service.
  11. An elevation of privilege vulnerability in Windows TCP/IP can be exploited remotely to gain privileges.
  12. An elevation of privilege vulnerability in Windows DWM Core Library can be exploited remotely to gain privileges.
  13. An information disclosure vulnerability in Windows Shell can be exploited remotely to obtain sensitive information.
  14. An information disclosure vulnerability in Windows Remote Desktop Protocol (RDP) can be exploited remotely to obtain sensitive information.
  15. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
  16. An elevation of privilege vulnerability in Windows Hotpatch Monitoring Service can be exploited remotely to gain privileges.
  17. An elevation of privilege vulnerability in Windows Telephony Service can be exploited remotely to gain privileges.
  18. A denial of service vulnerability in Windows TCP/IP can be exploited remotely to cause denial of service.
  19. An elevation of privilege vulnerability in NT OS Kernel can be exploited remotely to gain privileges.
  20. An information disclosure vulnerability in Windows Telephony Server can be exploited remotely to obtain sensitive information.
  21. An information disclosure vulnerability in Windows Push Notification can be exploited remotely to obtain sensitive information.
  22. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely to obtain sensitive information.
  23. A remote code execution vulnerability in Windows Performance Monitor can be exploited remotely to execute arbitrary code.
  24. An elevation of privilege vulnerability in Windows Push Notifications can be exploited remotely to gain privileges.
  25. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  26. An elevation of privilege vulnerability in Microsoft Graphics Component can be exploited remotely to gain privileges.
  27. An elevation of privilege vulnerability in Winlogon can be exploited remotely to gain privileges.
  28. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to execute arbitrary code.
  29. A denial of service vulnerability in Windows Network Controller (NC) Host Agent can be exploited remotely to cause denial of service.
  30. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  31. An elevation of privilege vulnerability in Microsoft Cryptographic Services can be exploited remotely to gain privileges.
  32. A remote code execution vulnerability in DHCP Client Service can be exploited remotely to execute arbitrary code.
  33. An elevation of privilege vulnerability in Windows Program Compatibility Assistant Service can be exploited remotely to gain privileges.
  34. An elevation of privilege vulnerability in Windows Collaborative Translation Framework (CTFMON) can be exploited remotely to gain privileges.
  35. A security feature bypass vulnerability in Secure Boot can be exploited remotely to bypass security restrictions.
  36. An elevation of privilege vulnerability in Windows Internet (wininet.dll) can be exploited remotely to gain privileges.
  37. An elevation of privilege vulnerability in Windows SDK can be exploited remotely to gain privileges.
  38. An information disclosure vulnerability in Windows Application Identity (AppID) can be exploited remotely to obtain sensitive information.
  39. A security feature bypass vulnerability in Windows Mark of the Web can be exploited remotely to bypass security restrictions.
  40. An elevation of privilege vulnerability in Windows UI Automation Manager (uiamanager.dll) can be exploited remotely to gain privileges.
  41. A remote code execution vulnerability in Windows UPnP Device Host can be exploited remotely to execute arbitrary code.
  42. An elevation of privilege vulnerability in Windows Kernel-Mode Driver can be exploited remotely to gain privileges.
  43. A tampering vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) can be exploited remotely to spoof user interface.
  44. An information disclosure vulnerability in Windows Managed Installer can be exploited remotely to obtain sensitive information.
  45. An elevation of privilege vulnerability in Windows Bluetooth Service can be exploited remotely to gain privileges.
  46. A denial of service vulnerability in Microsoft UxTheme Library (uxtheme.dll) can be exploited remotely to cause denial of service.
  47. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
  48. An information disclosure vulnerability in Windows DHCP Client can be exploited remotely to obtain sensitive information.
  49. A remote code execution vulnerability in Windows NTFS can be exploited remotely to execute arbitrary code.
  50. An elevation of privilege vulnerability in Microsoft DWM Core Library can be exploited remotely to gain privileges.
  51. An elevation of privilege vulnerability in Windows Bluetooth Port Driver can be exploited remotely to gain privileges.
  52. A spoofing vulnerability in Microsoft Azure Attestation service and Device Health Attestation Service can be exploited remotely to spoof user interface.
  53. A remote code execution vulnerability in Windows Active Directory Domain Services can be exploited remotely to execute arbitrary code.
  54. A security feature bypass vulnerability in Windows BitLocker can be exploited remotely to bypass security restrictions.
  55. A security feature bypass vulnerability in UEFI Secure Boot can be exploited remotely to bypass security restrictions.
  56. A remote code execution vulnerability in Windows Kernel can be exploited remotely to execute arbitrary code.
  57. A remote code execution vulnerability in HTTP.sys can be exploited remotely to execute arbitrary code.
  58. An elevation of privilege vulnerability in Windows Storage can be exploited remotely to gain privileges.
  59. A security feature bypass vulnerability in Windows Boot Manager can be exploited remotely to bypass security restrictions.
  60. An elevation of privilege vulnerability in Windows Narrator Braille can be exploited remotely to gain privileges.
  61. A remote code execution vulnerability in Windows Media can be exploited remotely to execute arbitrary code.
  62. A security feature bypass vulnerability in Secure Boot can be exploited remotely to gain privileges.
  63. A denial of service vulnerability in HTTP.sys can be exploited remotely to cause denial of service.
  64. A spoofing vulnerability in Windows NTLM can be exploited remotely to spoof user interface.

Comunicados originais

Exploração

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Produtos relacionados

Lista de CVE

  • CVE-2025-10263
    critical
  • CVE-2026-33828
    critical
  • CVE-2026-34335
    high
  • CVE-2026-40404
    critical
  • CVE-2026-40409
    critical
  • CVE-2026-41092
    critical
  • CVE-2026-41108
    high
  • CVE-2026-42828
    critical
  • CVE-2026-42829
    critical
  • CVE-2026-42836
    high
  • CVE-2026-42837
    critical
  • CVE-2026-42903
    high
  • CVE-2026-42904
    critical
  • CVE-2026-42905
    critical
  • CVE-2026-42906
    high
  • CVE-2026-42907
    high
  • CVE-2026-42908
    critical
  • CVE-2026-42909
    critical
  • CVE-2026-42910
    critical
  • CVE-2026-42911
    high
  • CVE-2026-42912
    high
  • CVE-2026-42913
    critical
  • CVE-2026-42914
    high
  • CVE-2026-42915
    high
  • CVE-2026-42916
    critical
  • CVE-2026-42968
    high
  • CVE-2026-42969
    high
  • CVE-2026-42970
    high
  • CVE-2026-42971
    high
  • CVE-2026-42972
    high
  • CVE-2026-42973
    high
  • CVE-2026-42974
    critical
  • CVE-2026-42977
    critical
  • CVE-2026-42978
    critical
  • CVE-2026-42979
    critical
  • CVE-2026-42980
    critical
  • CVE-2026-42981
    critical
  • CVE-2026-42983
    critical
  • CVE-2026-42984
    high
  • CVE-2026-42985
    critical
  • CVE-2026-42986
    critical
  • CVE-2026-42987
    critical
  • CVE-2026-42989
    critical
  • CVE-2026-42991
    critical
  • CVE-2026-42992
    critical
  • CVE-2026-42993
    critical
  • CVE-2026-44799
    critical
  • CVE-2026-44801
    critical
  • CVE-2026-44802
    critical
  • CVE-2026-44803
    critical
  • CVE-2026-44804
    critical
  • CVE-2026-44805
    high
  • CVE-2026-44807
    critical
  • CVE-2026-44808
    critical
  • CVE-2026-44809
    critical
  • CVE-2026-44810
    critical
  • CVE-2026-44811
    critical
  • CVE-2026-44812
    critical
  • CVE-2026-44813
    critical
  • CVE-2026-44814
    high
  • CVE-2026-44815
    critical
  • CVE-2026-45487
    high
  • CVE-2026-45586
    critical
  • CVE-2026-45588
    critical
  • CVE-2026-45592
    critical
  • CVE-2026-45593
    critical
  • CVE-2026-45594
    high
  • CVE-2026-45595
    high
  • CVE-2026-45596
    high
  • CVE-2026-45597
    high
  • CVE-2026-45598
    high
  • CVE-2026-45599
    critical
  • CVE-2026-45600
    critical
  • CVE-2026-45601
    high
  • CVE-2026-45602
    critical
  • CVE-2026-45603
    high
  • CVE-2026-45604
    high
  • CVE-2026-45605
    critical
  • CVE-2026-45606
    high
  • CVE-2026-45607
    critical
  • CVE-2026-45608
    high
  • CVE-2026-45634
    high
  • CVE-2026-45635
    critical
  • CVE-2026-45636
    critical
  • CVE-2026-45637
    critical
  • CVE-2026-45638
    critical
  • CVE-2026-45639
    critical
  • CVE-2026-45640
    high
  • CVE-2026-45641
    critical
  • CVE-2026-45642
    warning
  • CVE-2026-45648
    critical
  • CVE-2026-45653
    high
  • CVE-2026-45654
    critical
  • CVE-2026-45655
    high
  • CVE-2026-45656
    critical
  • CVE-2026-45657
    critical
  • CVE-2026-45658
    high
  • CVE-2026-47288
    high
  • CVE-2026-47289
    critical
  • CVE-2026-47291
    critical
  • CVE-2026-47648
    high
  • CVE-2026-47652
    critical
  • CVE-2026-47653
    critical
  • CVE-2026-47654
    critical
  • CVE-2026-47656
    critical
  • CVE-2026-48563
    critical
  • CVE-2026-48565
    critical
  • CVE-2026-48566
    high
  • CVE-2026-48568
    critical
  • CVE-2026-48570
    critical
  • CVE-2026-48573
    critical
  • CVE-2026-48574
    critical
  • CVE-2026-48575
    critical
  • CVE-2026-48576
    critical
  • CVE-2026-48578
    critical
  • CVE-2026-48583
    critical
  • CVE-2026-49160
    critical
  • CVE-2026-50507
    high
  • CVE-2026-50508
    critical
  • CVE-2026-8863
    critical

Lista de KB

Saiba mais

Descubra as estatísticas das vulnerabilidades que se espalham em sua região statistics.securelist.com

Encontrou uma imprecisão na descrição desta vulnerabilidade? Avise-nos!
Kaspersky Next:
cibersegurança redefinida
Saber mais
Novo Kaspersky!
Sua vida dgital merece proteção completa!
Saber mais
Do you want to save your changes?
Your message has been sent successfully.