Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Vulnerabilities

Multiple vulnerabilities were found in Microsoft Products (ESU)

Kaspersky ID:
KLA90838
Detect Date:
01/13/2026
Updated:
02/12/2026

Description

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, obtain sensitive information, execute arbitrary code, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver can be exploited remotely to gain privileges.
  2. An elevation of privilege vulnerability in Windows Motorola Soft Modem Driver can be exploited remotely to gain privileges.
  3. A remote code execution vulnerability in Windows Deployment Services can be exploited remotely to execute arbitrary code.
  4. An information disclosure vulnerability in Desktop Window Manager can be exploited remotely to obtain sensitive information.
  5. An elevation of privilege vulnerability in Windows Kernel Memory can be exploited remotely to gain privileges.
  6. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  7. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  8. An information disclosure vulnerability in Remote Procedure Call can be exploited remotely to obtain sensitive information.
  9. A security feature bypass vulnerability in Windows Remote Assistance can be exploited remotely to bypass security restrictions.
  10. An information disclosure vulnerability in Windows rndismp6.sys can be exploited remotely to obtain sensitive information.
  11. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  12. An information disclosure vulnerability in Windows Kerberos can be exploited remotely to obtain sensitive information.
  13. A spoofing vulnerability in Windows can be exploited remotely to spoof user interface.
  14. An information disclosure vulnerability in Windows Client-Side Caching (CSC) Service can be exploited remotely to obtain sensitive information.
  15. A remote code execution vulnerability in Windows NTFS can be exploited remotely to execute arbitrary code.
  16. An elevation of privilege vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to gain privileges.
  17. A spoofing vulnerability in Microsoft Windows File Explorer can be exploited remotely to spoof user interface.
  18. An elevation of privilege vulnerability in Windows SMB Server can be exploited remotely to gain privileges.
  19. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  20. A remote code execution vulnerability in Windows Server Update Service (WSUS) can be exploited remotely to execute arbitrary code.
  21. A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
  22. An elevation of privilege vulnerability in Windows Local Session Manager (LSM) can be exploited remotely to gain privileges.
  23. A spoofing vulnerability in NTLM Hash Disclosure can be exploited remotely to spoof user interface.
  24. A denial of service vulnerability in Windows Local Security Authority Subsystem Service (LSASS) can be exploited remotely to cause denial of service.
  25. A denial of service vulnerability in Windows SMB Server can be exploited remotely to cause denial of service.
  26. An elevation of privilege vulnerability in Windows HTTP.sys can be exploited remotely to gain privileges.
  27. An elevation of privilege vulnerability in Windows Telephony Service can be exploited remotely to gain privileges.
  28. An information disclosure vulnerability in Windows NDIS can be exploited remotely to obtain sensitive information.
  29. An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges.
  30. A security feature bypass vulnerability in Secure Boot Certificate Expiration can be exploited remotely to bypass security restrictions.
  31. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
  32. An information disclosure vulnerability in Windows File Explorer can be exploited remotely to obtain sensitive information.
  33. An elevation of privilege vulnerability in Windows Management Services can be exploited remotely to gain privileges.
  34. An elevation of privilege vulnerability in Windows Remote Procedure Call Interface Definition Language (IDL) can be exploited remotely to gain privileges.
  35. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely to obtain sensitive information.
  36. An elevation of privilege vulnerability in Windows WalletService can be exploited remotely to gain privileges.
  37. An elevation of privilege vulnerability in Desktop Windows Manager can be exploited remotely to gain privileges.
  38. An elevation of privilege vulnerability in Microsoft DWM Core Library can be exploited remotely to gain privileges.
  39. A remote code execution vulnerability in Windows Media can be exploited remotely to execute arbitrary code.
  40. An elevation of privilege vulnerability in DirectX Graphics Kernel can be exploited remotely to gain privileges.
  41. An information disclosure vulnerability in Dynamic Root of Trust for Measurement (DRTM) can be exploited remotely to obtain sensitive information.
  42. An information disclosure vulnerability in Windows Management Services can be exploited remotely to obtain sensitive information.
  43. An elevation of privilege vulnerability in Windows Connected Devices Platform Service can be exploited remotely to gain privileges.
  44. An elevation of privilege vulnerability in Windows Clipboard Server can be exploited remotely to gain privileges.
  45. An information disclosure vulnerability in Tablet Windows User Interface (TWINUI) Subsystem can be exploited remotely to gain privileges.
  46. An information disclosure vulnerability in Tablet Windows User Interface (TWINUI) Subsystem can be exploited remotely to obtain sensitive information.
  47. An information disclosure vulnerability in TPM Trustlet can be exploited remotely to obtain sensitive information.
  48. A tampering vulnerability in Windows Hello can be exploited remotely to spoof user interface.
  49. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
  50. A tampering vulnerability in LDAP can be exploited remotely to spoof user interface.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2023-31096
    critical
  • CVE-2024-55414
    critical
  • CVE-2026-0386
    critical
  • CVE-2026-20804
    critical
  • CVE-2026-20805
    high
  • CVE-2026-20809
    critical
  • CVE-2026-20810
    critical
  • CVE-2026-20812
    high
  • CVE-2026-20814
    high
  • CVE-2026-20816
    high
  • CVE-2026-20817
    critical
  • CVE-2026-20820
    critical
  • CVE-2026-20821
    high
  • CVE-2026-20822
    critical
  • CVE-2026-20823
    high
  • CVE-2026-20824
    high
  • CVE-2026-20825
    warning
  • CVE-2026-20826
    high
  • CVE-2026-20827
    high
  • CVE-2026-20828
    warning
  • CVE-2026-20829
    high
  • CVE-2026-20831
    high
  • CVE-2026-20832
    critical
  • CVE-2026-20833
    high
  • CVE-2026-20834
    warning
  • CVE-2026-20836
    high
  • CVE-2026-20837
    critical
  • CVE-2026-20839
    high
  • CVE-2026-20840
    critical
  • CVE-2026-20842
    high
  • CVE-2026-20843
    critical
  • CVE-2026-20844
    high
  • CVE-2026-20847
    high
  • CVE-2026-20848
    critical
  • CVE-2026-20849
    critical
  • CVE-2026-20852
    critical
  • CVE-2026-20853
    high
  • CVE-2026-20856
    critical
  • CVE-2026-20857
    critical
  • CVE-2026-20858
    critical
  • CVE-2026-20860
    critical
  • CVE-2026-20861
    critical
  • CVE-2026-20862
    high
  • CVE-2026-20864
    critical
  • CVE-2026-20865
    critical
  • CVE-2026-20866
    critical
  • CVE-2026-20867
    critical
  • CVE-2026-20868
    critical
  • CVE-2026-20869
    high
  • CVE-2026-20871
    critical
  • CVE-2026-20872
    high
  • CVE-2026-20873
    critical
  • CVE-2026-20874
    critical
  • CVE-2026-20875
    critical
  • CVE-2026-20877
    critical
  • CVE-2026-20918
    critical
  • CVE-2026-20919
    critical
  • CVE-2026-20921
    critical
  • CVE-2026-20922
    critical
  • CVE-2026-20923
    critical
  • CVE-2026-20924
    critical
  • CVE-2026-20925
    high
  • CVE-2026-20926
    critical
  • CVE-2026-20927
    high
  • CVE-2026-20929
    critical
  • CVE-2026-20931
    critical
  • CVE-2026-20932
    high
  • CVE-2026-20934
    critical
  • CVE-2026-20936
    warning
  • CVE-2026-20937
    high
  • CVE-2026-20939
    high
  • CVE-2026-20940
    critical
  • CVE-2026-20962
    warning
  • CVE-2026-21265
    high

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
11 February 2026
Securelist
The game is over: when “free” comes at too high a price. What we know about RenEngine
11 February 2026
Securelist
Spam and phishing in 2025
05 February 2026
Securelist
Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
03 February 2026
Securelist
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
29 January 2026
Securelist
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
27 January 2026
Securelist
HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Severity level
Critical
High
Warning
Sorting
Kaspersky ID
Vulnerability
Detect date
Severity
You must select at least one severity level
Do you want to save your changes?
Your message has been sent successfully.