ソリューション:
個人向け製品
小規模企業
中規模企業
大企業
脆弱性 脅威
ホームページ 脆弱性

Multiple vulnerabilities in Microsoft Windows

Kaspersky ID:
KLA90986
検出日:
04/14/2026
更新日:
04/15/2026

説明

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges, cause denial of service, spoof user interface, execute arbitrary code, read local files.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Remote Procedure Call can be exploited remotely to obtain sensitive information.
  2. An elevation of privilege vulnerability in Windows Projected File System can be exploited remotely to gain privileges.
  3. An elevation of privilege vulnerability in Windows Encrypted File System (EFS) can be exploited remotely to gain privileges.
  4. A denial of service vulnerability in HTTP.sys can be exploited remotely to cause denial of service.
  5. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  6. An information disclosure vulnerability in Universal Plug and Play (upnp.dll) can be exploited remotely to obtain sensitive information.
  7. A spoofing vulnerability in Windows Shell can be exploited remotely to spoof user interface.
  8. A remote code execution vulnerability in Windows UPnP Device Host can be exploited remotely to execute arbitrary code.
  9. An elevation of privilege vulnerability in Windows Function Discovery Service (fdwsd.dll) can be exploited remotely to gain privileges.
  10. A remote code execution vulnerability in Windows TCP/IP can be exploited remotely to execute arbitrary code.
  11. An information disclosure vulnerability in Web Account Manager can be exploited remotely to obtain sensitive information.
  12. A spoofing vulnerability in Windows Snipping Tool can be exploited remotely to spoof user interface.
  13. An elevation of privilege vulnerability in Windows Push Notifications can be exploited remotely to gain privileges.
  14. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  15. A spoofing vulnerability in Active Directory can be exploited remotely to spoof user interface.
  16. A denial of service vulnerability in Windows Redirected Drive Buffering System can be exploited remotely to cause denial of service.
  17. An elevation of privilege vulnerability in Windows User Interface Core can be exploited remotely to gain privileges.
  18. An elevation of privilege vulnerability in Microsoft Brokering File System can be exploited remotely to gain privileges.
  19. A denial of service vulnerability in Windows Local Security Authority Subsystem Service (LSASS) can be exploited remotely to cause denial of service.
  20. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  21. An elevation of privilege vulnerability in Desktop Window Manager can be exploited remotely to gain privileges.
  22. An information disclosure vulnerability in Windows Shell can be exploited remotely to obtain sensitive information.
  23. A security feature bypass vulnerability in Windows BitLocker can be exploited remotely to bypass security restrictions.
  24. An elevation of privilege vulnerability in Windows Simple Search and Discovery Protocol (SSDP) Service can be exploited remotely to gain privileges.
  25. An elevation of privilege vulnerability in Windows Sensor Data Service can be exploited remotely to gain privileges.
  26. An elevation of privilege vulnerability in Windows OLE can be exploited remotely to gain privileges.
  27. An information disclosure vulnerability in Windows COM Server can be exploited remotely to obtain sensitive information.
  28. Security UI vulnerability can be exploited remotely to spoof user interface.
  29. A remote code execution vulnerability in Windows Snipping Tool can be exploited remotely to execute arbitrary code.
  30. A security feature bypass vulnerability in UEFI Secure Boot can be exploited remotely to bypass security restrictions.
  31. An elevation of privilege vulnerability in Remote Desktop Licensing Service can be exploited remotely to gain privileges.
  32. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to execute arbitrary code.
  33. An elevation of privilege vulnerability in Remote Access Management service/API (RPC server) can be exploited remotely to gain privileges.
  34. An elevation of privilege vulnerability in Windows TDI Translation Driver (tdx.sys) can be exploited remotely to gain privileges.
  35. An information disclosure vulnerability in Windows GDI can be exploited remotely to obtain sensitive information.
  36. A security feature bypass vulnerability in Windows Virtualization-Based Security (VBS) can be exploited remotely to bypass security restrictions.
  37. An elevation of privilege vulnerability in PowerShell can be exploited remotely to gain privileges.
  38. Security vulnerability can be exploited to bypass security restrictions.
  39. A security feature bypass vulnerability in Windows Recovery Environment can be exploited remotely to bypass security restrictions.
  40. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  41. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  42. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  43. A security feature bypass vulnerability in Windows Boot Manager can be exploited remotely to bypass security restrictions.
  44. An elevation of privilege vulnerability in Windows Speech Brokered Api can be exploited remotely to gain privileges.
  45. An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
  46. A spoofing vulnerability in Windows Admin Center can be exploited remotely to spoof user interface.
  47. A spoofing vulnerability in Remote Desktop can be exploited remotely to spoof user interface.
  48. An elevation of privilege vulnerability in Windows UPnP Device Host can be exploited remotely to gain privileges.
  49. An elevation of privilege vulnerability in Windows Container Isolation FS Filter Driver can be exploited remotely to gain privileges.
  50. An elevation of privilege vulnerability in Applocker Filter Driver (applockerfltr.sys) can be exploited remotely to gain privileges.
  51. An elevation of privilege vulnerability in Windows COM can be exploited remotely to gain privileges.
  52. An elevation of privilege vulnerability in Windows Server Update Service (WSUS) can be exploited remotely to gain privileges.
  53. A remote code execution vulnerability in Windows Internet Key Exchange (IKE) Service Extensions can be exploited remotely to execute arbitrary code.
  54. An elevation of privilege vulnerability in Windows Advanced Rasterization Platform can be exploited remotely to gain privileges.
  55. An elevation of privilege vulnerability in Windows Storage Spaces Controller can be exploited remotely to gain privileges.
  56. An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges.
  57. A remote code execution vulnerability in Windows Active Directory can be exploited remotely to execute arbitrary code.
  58. An information disclosure vulnerability in Package Catalog can be exploited remotely to obtain sensitive information.
  59. An elevation of privilege vulnerability in Windows USB Printing Stack (usbprint.sys) can be exploited remotely to gain privileges.
  60. An elevation of privilege vulnerability in Microsoft Management Console can be exploited remotely to gain privileges.
  61. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  62. A security feature bypass vulnerability in Windows Hello can be exploited remotely to bypass security restrictions.
  63. An elevation of privilege vulnerability in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) can be exploited remotely to gain privileges.
  64. A security feature bypass vulnerability in Windows Biometric Service can be exploited remotely to bypass security restrictions.
  65. An information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service can be exploited remotely to obtain sensitive information.
  66. An information disclosure vulnerability in Windows UPnP Device Host can be exploited remotely to obtain sensitive information.
  67. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
  68. A security feature bypass vulnerability in Windows Shell can be exploited remotely to bypass security restrictions.
  69. An elevation of privilege vulnerability in Windows Management Services can be exploited remotely to gain privileges.
  70. A tampering vulnerability in Windows Server Update Service (WSUS) can be exploited remotely to spoof user interface.
  71. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
  72. An information disclosure vulnerability in Windows Print Spooler can be exploited remotely to obtain sensitive information.
  73. An information disclosure vulnerability in Windows Kernel Memory can be exploited remotely to obtain sensitive information.
  74. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  75. An elevation of privilege vulnerability in Windows WalletService can be exploited remotely to gain privileges.
  76. An elevation of privilege vulnerability in Windows Search Service can be exploited remotely to gain privileges.
  77. An elevation of privilege vulnerability in Windows Shell can be exploited remotely to gain privileges.
  78. A denial of service vulnerability in Connected User Experiences and Telemetry Service can be exploited remotely to cause denial of service.
  79. An elevation of privilege vulnerability in Windows LUA File Virtualization Filter Driver can be exploited remotely to gain privileges.
  80. An elevation of privilege vulnerability in Windows Speech Runtime can be exploited remotely to gain privileges.
  81. An elevation of privilege vulnerability in Microsoft Cryptographic Services can be exploited remotely to gain privileges.
  82. An elevation of privilege vulnerability in Windows Client Side Caching driver (csc.sys) can be exploited remotely to gain privileges.

オリジナルアドバイザリー

エクスプロイテーション

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

関連製品

CVEリスト

  • CVE-2026-0390
    high
  • CVE-2026-20806
    high
  • CVE-2026-20928
    warning
  • CVE-2026-20930
    critical
  • CVE-2026-23670
    high
  • CVE-2026-25184
    high
  • CVE-2026-26151
    high
  • CVE-2026-26152
    high
  • CVE-2026-26153
    critical
  • CVE-2026-26154
    critical
  • CVE-2026-26155
    high
  • CVE-2026-26156
    critical
  • CVE-2026-26159
    critical
  • CVE-2026-26160
    critical
  • CVE-2026-26161
    critical
  • CVE-2026-26162
    critical
  • CVE-2026-26163
    critical
  • CVE-2026-26165
    high
  • CVE-2026-26166
    high
  • CVE-2026-26167
    critical
  • CVE-2026-26168
    critical
  • CVE-2026-26169
    high
  • CVE-2026-26170
    critical
  • CVE-2026-26172
    critical
  • CVE-2026-26173
    high
  • CVE-2026-26174
    high
  • CVE-2026-26175
    warning
  • CVE-2026-26176
    critical
  • CVE-2026-26177
    high
  • CVE-2026-26178
    critical
  • CVE-2026-26179
    critical
  • CVE-2026-26180
    critical
  • CVE-2026-26181
    critical
  • CVE-2026-26182
    high
  • CVE-2026-26183
    critical
  • CVE-2026-26184
    critical
  • CVE-2026-27906
    warning
  • CVE-2026-27907
    critical
  • CVE-2026-27908
    high
  • CVE-2026-27909
    critical
  • CVE-2026-27910
    critical
  • CVE-2026-27911
    critical
  • CVE-2026-27912
    critical
  • CVE-2026-27913
    critical
  • CVE-2026-27914
    critical
  • CVE-2026-27915
    critical
  • CVE-2026-27916
    critical
  • CVE-2026-27917
    high
  • CVE-2026-27918
    critical
  • CVE-2026-27919
    critical
  • CVE-2026-27920
    critical
  • CVE-2026-27921
    high
  • CVE-2026-27922
    high
  • CVE-2026-27923
    critical
  • CVE-2026-27924
    critical
  • CVE-2026-27925
    high
  • CVE-2026-27926
    high
  • CVE-2026-27927
    critical
  • CVE-2026-27928
    critical
  • CVE-2026-27929
    high
  • CVE-2026-27930
    high
  • CVE-2026-27931
    high
  • CVE-2026-32068
    high
  • CVE-2026-32069
    critical
  • CVE-2026-32070
    high
  • CVE-2026-32071
    critical
  • CVE-2026-32072
    high
  • CVE-2026-32073
    high
  • CVE-2026-32074
    critical
  • CVE-2026-32075
    high
  • CVE-2026-32076
    critical
  • CVE-2026-32077
    critical
  • CVE-2026-32078
    critical
  • CVE-2026-32079
    high
  • CVE-2026-32080
    high
  • CVE-2026-32081
    high
  • CVE-2026-32082
    high
  • CVE-2026-32083
    high
  • CVE-2026-32084
    high
  • CVE-2026-32085
    high
  • CVE-2026-32086
    high
  • CVE-2026-32087
    high
  • CVE-2026-32088
    high
  • CVE-2026-32089
    critical
  • CVE-2026-32090
    critical
  • CVE-2026-32091
    critical
  • CVE-2026-32093
    high
  • CVE-2026-32149
    high
  • CVE-2026-32150
    high
  • CVE-2026-32151
    high
  • CVE-2026-32152
    critical
  • CVE-2026-32153
    critical
  • CVE-2026-32154
    critical
  • CVE-2026-32155
    critical
  • CVE-2026-32156
    high
  • CVE-2026-32157
    critical
  • CVE-2026-32158
    critical
  • CVE-2026-32159
    critical
  • CVE-2026-32160
    critical
  • CVE-2026-32162
    critical
  • CVE-2026-32163
    critical
  • CVE-2026-32164
    critical
  • CVE-2026-32165
    critical
  • CVE-2026-32181
    high
  • CVE-2026-32183
    critical
  • CVE-2026-32195
    high
  • CVE-2026-32196
    high
  • CVE-2026-32202
    warning
  • CVE-2026-32212
    high
  • CVE-2026-32214
    high
  • CVE-2026-32215
    high
  • CVE-2026-32216
    high
  • CVE-2026-32217
    high
  • CVE-2026-32218
    high
  • CVE-2026-32219
    high
  • CVE-2026-32220
    warning
  • CVE-2026-32221
    critical
  • CVE-2026-32222
    critical
  • CVE-2026-32223
    high
  • CVE-2026-32224
    high
  • CVE-2026-32225
    critical
  • CVE-2026-33096
    critical
  • CVE-2026-33098
    critical
  • CVE-2026-33099
    high
  • CVE-2026-33100
    high
  • CVE-2026-33101
    critical
  • CVE-2026-33104
    high
  • CVE-2026-33824
    critical
  • CVE-2026-33826
    critical
  • CVE-2026-33827
    critical
  • CVE-2026-33829
    warning
  • CVE-2026-25250
    high
  • CVE-2023-20585
    high

KBリスト

も参照してください

お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com

この脆弱性についての記述に不正確な点がありますか? お知らせください!
Kaspersky IT Security Calculator
も参照してください
新しいカスペルスキー
あなたのデジタルライフを守る
も参照してください
Related articles
15 April 2026
Securelist
Threat landscape for industrial automation systems in Q4 2025
13 April 2026
Securelist
JanelaRAT: a financial threat targeting users in Latin America
09 April 2026
Securelist
The long road to your crypto: ClipBanker and its marathon infection chain
08 April 2026
Securelist
Financial cyberthreats in 2025 and the outlook for 2026
01 April 2026
Securelist
A laughing RAT: CrystalX combines spyware, stealer, and prankware features
26 March 2026
Securelist
An AI gateway designed to steal your data
この脆弱性についての記述に不正確な点がありますか?
新しい脅威または脆弱性が見つかった場合はメールでご連絡ください:
newvirus@kaspersky.com
新しい脅威または脆弱性が見つかりましたか?
新しい脅威または脆弱性が見つかった場合はメールでご連絡ください:
newvirus@kaspersky.com
ソリューション
個人向け製品
小規模企業
中規模企業
大企業
Select language
Severity level
Critical
High
Warning
Sorting
Kaspersky ID
脆弱性
Detect date
危険度
You must select at least one severity level
Do you want to save your changes?
Your message has been sent successfully.