Описание
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, spoof user interface, obtain sensitive information, cause denial of service.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
- A security feature bypass vulnerability in Windows Shell can be exploited remotely to bypass security restrictions.
- A security feature bypass vulnerability in Windows Hyper-V can be exploited remotely to bypass security restrictions.
- An elevation of privilege vulnerability in Mailslot File System can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Subsystem for Linux can be exploited remotely to gain privileges.
- A spoofing vulnerability in Windows NTLM can be exploited remotely to spoof user interface.
- An elevation of privilege vulnerability in Windows HTTP.sys can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
- A security feature bypass vulnerability in MSHTML Framework can be exploited remotely to bypass security restrictions.
- An elevation of privilege vulnerability in Windows Connected Devices Platform Service can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Storage can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Remote Desktop Services can be exploited remotely to gain privileges.
- A denial of service vulnerability in Windows Remote Access Connection Manager can be exploited remotely to cause denial of service.
- An elevation of privilege vulnerability in Desktop Window Manager can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
- A denial of service vulnerability in GDI+ can be exploited remotely to cause denial of service.
- A spoofing vulnerability in Microsoft Exchange Server can be exploited remotely to spoof user interface.
Первичный источник обнаружения
- CVE-2026-21244
CVE-2026-21231
CVE-2026-21510
CVE-2026-21255
CVE-2026-21253
CVE-2026-21242
CVE-2026-21249
CVE-2026-21240
CVE-2026-21239
CVE-2026-21246
CVE-2026-21222
CVE-2026-21235
CVE-2026-21248
CVE-2026-21513
CVE-2026-21237
CVE-2026-21247
CVE-2026-21234
CVE-2026-21508
CVE-2026-21533
CVE-2026-21525
CVE-2026-21519
CVE-2026-21236
CVE-2026-21238
CVE-2026-20846
CVE-2026-21527
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Exchange-Server
- Microsoft-Windows-10
Список CVE
- CVE-2026-20846 critical
- CVE-2026-21222 high
- CVE-2026-21231 critical
- CVE-2026-21234 high
- CVE-2026-21235 high
- CVE-2026-21236 critical
- CVE-2026-21237 high
- CVE-2026-21238 critical
- CVE-2026-21239 critical
- CVE-2026-21240 high
- CVE-2026-21242 high
- CVE-2026-21244 high
- CVE-2026-21246 critical
- CVE-2026-21247 high
- CVE-2026-21248 high
- CVE-2026-21249 warning
- CVE-2026-21253 high
- CVE-2026-21255 critical
- CVE-2026-21508 high
- CVE-2026-21510 critical
- CVE-2026-21513 critical
- CVE-2026-21519 critical
- CVE-2026-21525 high
- CVE-2026-21527 high
- CVE-2026-21533 critical
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!