Description
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, spoof user interface, obtain sensitive information, cause denial of service.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
- A security feature bypass vulnerability in Windows Shell can be exploited remotely to bypass security restrictions.
- A security feature bypass vulnerability in Windows Hyper-V can be exploited remotely to bypass security restrictions.
- An elevation of privilege vulnerability in Mailslot File System can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Subsystem for Linux can be exploited remotely to gain privileges.
- A spoofing vulnerability in Windows NTLM can be exploited remotely to spoof user interface.
- An elevation of privilege vulnerability in Windows HTTP.sys can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
- A security feature bypass vulnerability in MSHTML Framework can be exploited remotely to bypass security restrictions.
- An elevation of privilege vulnerability in Windows Connected Devices Platform Service can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Storage can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Remote Desktop Services can be exploited remotely to gain privileges.
- A denial of service vulnerability in Windows Remote Access Connection Manager can be exploited remotely to cause denial of service.
- An elevation of privilege vulnerability in Desktop Window Manager can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
- A denial of service vulnerability in GDI+ can be exploited remotely to cause denial of service.
- A spoofing vulnerability in Microsoft Exchange Server can be exploited remotely to spoof user interface.
Original advisories
- CVE-2026-21231
- CVE-2026-21510
- CVE-2026-21255
- CVE-2026-21253
- CVE-2026-21242
- CVE-2026-21249
- CVE-2026-21240
- CVE-2026-21239
- CVE-2026-21246
- CVE-2026-21222
- CVE-2026-21235
- CVE-2026-21248
- CVE-2026-21513
- CVE-2026-21237
- CVE-2026-21247
- CVE-2026-21234
- CVE-2026-21508
- CVE-2026-21533
- CVE-2026-21525
- CVE-2026-21519
- CVE-2026-21236
- CVE-2026-21238
- CVE-2026-20846
- CVE-2026-21527
Exploitation
Public exploits exist for this vulnerability.
Related products
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Exchange-Server
- Microsoft-Windows-10
CVE list
- CVE-2026-20846 critical
- CVE-2026-21222 high
- CVE-2026-21231 critical
- CVE-2026-21234 high
- CVE-2026-21235 high
- CVE-2026-21236 critical
- CVE-2026-21237 high
- CVE-2026-21238 critical
- CVE-2026-21239 critical
- CVE-2026-21240 high
- CVE-2026-21242 high
- CVE-2026-21244 high
- CVE-2026-21246 critical
- CVE-2026-21247 high
- CVE-2026-21248 high
- CVE-2026-21249 warning
- CVE-2026-21253 high
- CVE-2026-21255 critical
- CVE-2026-21508 high
- CVE-2026-21510 critical
- CVE-2026-21513 critical
- CVE-2026-21519 critical
- CVE-2026-21525 high
- CVE-2026-21527 high
- CVE-2026-21533 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!