Описание
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information, cause denial of service, spoof user interface.
Below is a complete list of vulnerabilities:
- A security feature bypass vulnerability in Windows Remote Assistance can be exploited remotely to bypass security restrictions.
- An elevation of privilege vulnerability in Windows SMB Server can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows Server Update Service (WSUS) can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Local Session Manager (LSM) can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Remote Procedure Call can be exploited remotely to obtain sensitive information.
- An information disclosure vulnerability in Windows NDIS can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Telephony Service can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows Client-Side Caching (CSC) Service can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Windows NTFS can be exploited remotely to execute arbitrary code.
- A denial of service vulnerability in Windows SMB Server can be exploited remotely to cause denial of service.
- A spoofing vulnerability in NTLM Hash Disclosure can be exploited remotely to spoof user interface.
- A remote code execution vulnerability in Windows Deployment Services can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Motorola Soft Modem Driver can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows rndismp6.sys can be exploited remotely to obtain sensitive information.
- An information disclosure vulnerability in Desktop Window Manager can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows Kerberos can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Kernel Memory can be exploited remotely to gain privileges.
- A security feature bypass vulnerability in Secure Boot Certificate Expiration can be exploited remotely to bypass security restrictions.
- A spoofing vulnerability in Windows can be exploited remotely to spoof user interface.
- A denial of service vulnerability in Windows Local Security Authority Subsystem Service (LSASS) can be exploited remotely to cause denial of service.
- An elevation of privilege vulnerability in Windows HTTP.sys can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to gain privileges.
- A spoofing vulnerability in Microsoft Windows File Explorer can be exploited remotely to spoof user interface.
Первичный источник обнаружения
- CVE-2026-20824
CVE-2026-20919
CVE-2026-20940
CVE-2026-20856
CVE-2026-20869
CVE-2026-20934
CVE-2026-20860
CVE-2026-20821
CVE-2026-20936
CVE-2026-20848
CVE-2026-20926
CVE-2026-20931
CVE-2026-20839
CVE-2026-20921
CVE-2026-20840
CVE-2026-20927
CVE-2026-20872
CVE-2026-0386
CVE-2026-20816
CVE-2024-55414
CVE-2026-20828
CVE-2026-20805
CVE-2026-20849
CVE-2023-31096
CVE-2026-20833
CVE-2026-20868
CVE-2026-20922
CVE-2026-20820
CVE-2026-20809
CVE-2026-21265
CVE-2026-20834
CVE-2026-20875
CVE-2026-20929
CVE-2026-20843
CVE-2026-20925
CVE-2026-20847
CVE-2026-20831
Эксплуатация
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-Server-2008
Список CVE
- CVE-2023-31096 critical
- CVE-2024-55414 critical
- CVE-2026-0386 critical
- CVE-2026-20805 high
- CVE-2026-20809 critical
- CVE-2026-20816 high
- CVE-2026-20820 critical
- CVE-2026-20821 high
- CVE-2026-20824 high
- CVE-2026-20828 warning
- CVE-2026-20831 critical
- CVE-2026-20833 high
- CVE-2026-20834 warning
- CVE-2026-20839 high
- CVE-2026-20840 critical
- CVE-2026-20843 critical
- CVE-2026-20847 high
- CVE-2026-20848 critical
- CVE-2026-20849 critical
- CVE-2026-20856 critical
- CVE-2026-20860 critical
- CVE-2026-20868 critical
- CVE-2026-20869 high
- CVE-2026-20872 high
- CVE-2026-20875 critical
- CVE-2026-20919 critical
- CVE-2026-20921 critical
- CVE-2026-20922 critical
- CVE-2026-20925 high
- CVE-2026-20926 critical
- CVE-2026-20927 high
- CVE-2026-20929 critical
- CVE-2026-20931 critical
- CVE-2026-20934 critical
- CVE-2026-20936 warning
- CVE-2026-20940 critical
- CVE-2026-21265 high
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!