Продукты:
Для дома
Для малого бизнеса
Для среднего бизнеса
Для крупного бизнеса
Уязвимости Угрозы
Главная Уязвимости

Multiple vulnerabilities in Microsoft Windows

Kaspersky ID:
KLA90986
Дата обнаружения:
14/04/2026
Обновлено:
15/04/2026

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges, cause denial of service, spoof user interface, execute arbitrary code, read local files.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Remote Procedure Call can be exploited remotely to obtain sensitive information.
  2. An elevation of privilege vulnerability in Windows Projected File System can be exploited remotely to gain privileges.
  3. An elevation of privilege vulnerability in Windows Encrypted File System (EFS) can be exploited remotely to gain privileges.
  4. A denial of service vulnerability in HTTP.sys can be exploited remotely to cause denial of service.
  5. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  6. An information disclosure vulnerability in Universal Plug and Play (upnp.dll) can be exploited remotely to obtain sensitive information.
  7. A spoofing vulnerability in Windows Shell can be exploited remotely to spoof user interface.
  8. A remote code execution vulnerability in Windows UPnP Device Host can be exploited remotely to execute arbitrary code.
  9. An elevation of privilege vulnerability in Windows Function Discovery Service (fdwsd.dll) can be exploited remotely to gain privileges.
  10. A remote code execution vulnerability in Windows TCP/IP can be exploited remotely to execute arbitrary code.
  11. An information disclosure vulnerability in Web Account Manager can be exploited remotely to obtain sensitive information.
  12. A spoofing vulnerability in Windows Snipping Tool can be exploited remotely to spoof user interface.
  13. An elevation of privilege vulnerability in Windows Push Notifications can be exploited remotely to gain privileges.
  14. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  15. A spoofing vulnerability in Active Directory can be exploited remotely to spoof user interface.
  16. A denial of service vulnerability in Windows Redirected Drive Buffering System can be exploited remotely to cause denial of service.
  17. An elevation of privilege vulnerability in Windows User Interface Core can be exploited remotely to gain privileges.
  18. An elevation of privilege vulnerability in Microsoft Brokering File System can be exploited remotely to gain privileges.
  19. A denial of service vulnerability in Windows Local Security Authority Subsystem Service (LSASS) can be exploited remotely to cause denial of service.
  20. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  21. An elevation of privilege vulnerability in Desktop Window Manager can be exploited remotely to gain privileges.
  22. An information disclosure vulnerability in Windows Shell can be exploited remotely to obtain sensitive information.
  23. A security feature bypass vulnerability in Windows BitLocker can be exploited remotely to bypass security restrictions.
  24. An elevation of privilege vulnerability in Windows Simple Search and Discovery Protocol (SSDP) Service can be exploited remotely to gain privileges.
  25. An elevation of privilege vulnerability in Windows Sensor Data Service can be exploited remotely to gain privileges.
  26. An elevation of privilege vulnerability in Windows OLE can be exploited remotely to gain privileges.
  27. An information disclosure vulnerability in Windows COM Server can be exploited remotely to obtain sensitive information.
  28. Security UI vulnerability can be exploited remotely to spoof user interface.
  29. A remote code execution vulnerability in Windows Snipping Tool can be exploited remotely to execute arbitrary code.
  30. A security feature bypass vulnerability in UEFI Secure Boot can be exploited remotely to bypass security restrictions.
  31. An elevation of privilege vulnerability in Remote Desktop Licensing Service can be exploited remotely to gain privileges.
  32. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to execute arbitrary code.
  33. An elevation of privilege vulnerability in Remote Access Management service/API (RPC server) can be exploited remotely to gain privileges.
  34. An elevation of privilege vulnerability in Windows TDI Translation Driver (tdx.sys) can be exploited remotely to gain privileges.
  35. An information disclosure vulnerability in Windows GDI can be exploited remotely to obtain sensitive information.
  36. A security feature bypass vulnerability in Windows Virtualization-Based Security (VBS) can be exploited remotely to bypass security restrictions.
  37. An elevation of privilege vulnerability in PowerShell can be exploited remotely to gain privileges.
  38. Security vulnerability can be exploited to bypass security restrictions.
  39. A security feature bypass vulnerability in Windows Recovery Environment can be exploited remotely to bypass security restrictions.
  40. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  41. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  42. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  43. A security feature bypass vulnerability in Windows Boot Manager can be exploited remotely to bypass security restrictions.
  44. An elevation of privilege vulnerability in Windows Speech Brokered Api can be exploited remotely to gain privileges.
  45. An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
  46. A spoofing vulnerability in Windows Admin Center can be exploited remotely to spoof user interface.
  47. A spoofing vulnerability in Remote Desktop can be exploited remotely to spoof user interface.
  48. An elevation of privilege vulnerability in Windows UPnP Device Host can be exploited remotely to gain privileges.
  49. An elevation of privilege vulnerability in Windows Container Isolation FS Filter Driver can be exploited remotely to gain privileges.
  50. An elevation of privilege vulnerability in Applocker Filter Driver (applockerfltr.sys) can be exploited remotely to gain privileges.
  51. An elevation of privilege vulnerability in Windows COM can be exploited remotely to gain privileges.
  52. An elevation of privilege vulnerability in Windows Server Update Service (WSUS) can be exploited remotely to gain privileges.
  53. A remote code execution vulnerability in Windows Internet Key Exchange (IKE) Service Extensions can be exploited remotely to execute arbitrary code.
  54. An elevation of privilege vulnerability in Windows Advanced Rasterization Platform can be exploited remotely to gain privileges.
  55. An elevation of privilege vulnerability in Windows Storage Spaces Controller can be exploited remotely to gain privileges.
  56. An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges.
  57. A remote code execution vulnerability in Windows Active Directory can be exploited remotely to execute arbitrary code.
  58. An information disclosure vulnerability in Package Catalog can be exploited remotely to obtain sensitive information.
  59. An elevation of privilege vulnerability in Windows USB Printing Stack (usbprint.sys) can be exploited remotely to gain privileges.
  60. An elevation of privilege vulnerability in Microsoft Management Console can be exploited remotely to gain privileges.
  61. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  62. A security feature bypass vulnerability in Windows Hello can be exploited remotely to bypass security restrictions.
  63. An elevation of privilege vulnerability in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) can be exploited remotely to gain privileges.
  64. A security feature bypass vulnerability in Windows Biometric Service can be exploited remotely to bypass security restrictions.
  65. An information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service can be exploited remotely to obtain sensitive information.
  66. An information disclosure vulnerability in Windows UPnP Device Host can be exploited remotely to obtain sensitive information.
  67. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
  68. A security feature bypass vulnerability in Windows Shell can be exploited remotely to bypass security restrictions.
  69. An elevation of privilege vulnerability in Windows Management Services can be exploited remotely to gain privileges.
  70. A tampering vulnerability in Windows Server Update Service (WSUS) can be exploited remotely to spoof user interface.
  71. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
  72. An information disclosure vulnerability in Windows Print Spooler can be exploited remotely to obtain sensitive information.
  73. An information disclosure vulnerability in Windows Kernel Memory can be exploited remotely to obtain sensitive information.
  74. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  75. An elevation of privilege vulnerability in Windows WalletService can be exploited remotely to gain privileges.
  76. An elevation of privilege vulnerability in Windows Search Service can be exploited remotely to gain privileges.
  77. An elevation of privilege vulnerability in Windows Shell can be exploited remotely to gain privileges.
  78. A denial of service vulnerability in Connected User Experiences and Telemetry Service can be exploited remotely to cause denial of service.
  79. An elevation of privilege vulnerability in Windows LUA File Virtualization Filter Driver can be exploited remotely to gain privileges.
  80. An elevation of privilege vulnerability in Windows Speech Runtime can be exploited remotely to gain privileges.
  81. An elevation of privilege vulnerability in Microsoft Cryptographic Services can be exploited remotely to gain privileges.
  82. An elevation of privilege vulnerability in Windows Client Side Caching driver (csc.sys) can be exploited remotely to gain privileges.

Первичный источник обнаружения

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2026-0390
    high
  • CVE-2026-20806
    high
  • CVE-2026-20928
    warning
  • CVE-2026-20930
    critical
  • CVE-2026-23670
    high
  • CVE-2026-25184
    high
  • CVE-2026-26151
    high
  • CVE-2026-26152
    high
  • CVE-2026-26153
    critical
  • CVE-2026-26154
    critical
  • CVE-2026-26155
    high
  • CVE-2026-26156
    critical
  • CVE-2026-26159
    critical
  • CVE-2026-26160
    critical
  • CVE-2026-26161
    critical
  • CVE-2026-26162
    critical
  • CVE-2026-26163
    critical
  • CVE-2026-26165
    high
  • CVE-2026-26166
    high
  • CVE-2026-26167
    critical
  • CVE-2026-26168
    critical
  • CVE-2026-26169
    high
  • CVE-2026-26170
    critical
  • CVE-2026-26172
    critical
  • CVE-2026-26173
    high
  • CVE-2026-26174
    high
  • CVE-2026-26175
    warning
  • CVE-2026-26176
    critical
  • CVE-2026-26177
    high
  • CVE-2026-26178
    critical
  • CVE-2026-26179
    critical
  • CVE-2026-26180
    critical
  • CVE-2026-26181
    critical
  • CVE-2026-26182
    high
  • CVE-2026-26183
    critical
  • CVE-2026-26184
    critical
  • CVE-2026-27906
    warning
  • CVE-2026-27907
    critical
  • CVE-2026-27908
    high
  • CVE-2026-27909
    critical
  • CVE-2026-27910
    critical
  • CVE-2026-27911
    critical
  • CVE-2026-27912
    critical
  • CVE-2026-27913
    critical
  • CVE-2026-27914
    critical
  • CVE-2026-27915
    critical
  • CVE-2026-27916
    critical
  • CVE-2026-27917
    high
  • CVE-2026-27918
    critical
  • CVE-2026-27919
    critical
  • CVE-2026-27920
    critical
  • CVE-2026-27921
    high
  • CVE-2026-27922
    high
  • CVE-2026-27923
    critical
  • CVE-2026-27924
    critical
  • CVE-2026-27925
    high
  • CVE-2026-27926
    high
  • CVE-2026-27927
    critical
  • CVE-2026-27928
    critical
  • CVE-2026-27929
    high
  • CVE-2026-27930
    high
  • CVE-2026-27931
    high
  • CVE-2026-32068
    high
  • CVE-2026-32069
    critical
  • CVE-2026-32070
    high
  • CVE-2026-32071
    critical
  • CVE-2026-32072
    high
  • CVE-2026-32073
    high
  • CVE-2026-32074
    critical
  • CVE-2026-32075
    high
  • CVE-2026-32076
    critical
  • CVE-2026-32077
    critical
  • CVE-2026-32078
    critical
  • CVE-2026-32079
    high
  • CVE-2026-32080
    high
  • CVE-2026-32081
    high
  • CVE-2026-32082
    high
  • CVE-2026-32083
    high
  • CVE-2026-32084
    high
  • CVE-2026-32085
    high
  • CVE-2026-32086
    high
  • CVE-2026-32087
    high
  • CVE-2026-32088
    high
  • CVE-2026-32089
    critical
  • CVE-2026-32090
    critical
  • CVE-2026-32091
    critical
  • CVE-2026-32093
    high
  • CVE-2026-32149
    high
  • CVE-2026-32150
    high
  • CVE-2026-32151
    high
  • CVE-2026-32152
    critical
  • CVE-2026-32153
    critical
  • CVE-2026-32154
    critical
  • CVE-2026-32155
    critical
  • CVE-2026-32156
    high
  • CVE-2026-32157
    critical
  • CVE-2026-32158
    critical
  • CVE-2026-32159
    critical
  • CVE-2026-32160
    critical
  • CVE-2026-32162
    critical
  • CVE-2026-32163
    critical
  • CVE-2026-32164
    critical
  • CVE-2026-32165
    critical
  • CVE-2026-32181
    high
  • CVE-2026-32183
    critical
  • CVE-2026-32195
    high
  • CVE-2026-32196
    high
  • CVE-2026-32202
    warning
  • CVE-2026-32212
    high
  • CVE-2026-32214
    high
  • CVE-2026-32215
    high
  • CVE-2026-32216
    high
  • CVE-2026-32217
    high
  • CVE-2026-32218
    high
  • CVE-2026-32219
    high
  • CVE-2026-32220
    warning
  • CVE-2026-32221
    critical
  • CVE-2026-32222
    critical
  • CVE-2026-32223
    high
  • CVE-2026-32224
    high
  • CVE-2026-32225
    critical
  • CVE-2026-33096
    critical
  • CVE-2026-33098
    critical
  • CVE-2026-33099
    high
  • CVE-2026-33100
    high
  • CVE-2026-33101
    critical
  • CVE-2026-33104
    high
  • CVE-2026-33824
    critical
  • CVE-2026-33826
    critical
  • CVE-2026-33827
    critical
  • CVE-2026-33829
    warning
  • CVE-2026-25250
    high
  • CVE-2023-20585
    high

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Посты по теме
09 April 2026
Securelist
Долгая дорога за криптой: ClipBanker с очень длинной цепочкой заражения
06 April 2026
Securelist
Группа RGB-Team: кто стоит за стилером CMoon и откуда он взялся
01 April 2026
Securelist
Злой шутник CrystalX RAT — шпион и стилер с функциями prankware
31 March 2026
Securelist
Анатомия ландшафта киберугроз. Глобальный отчет Kaspersky Security Services
26 March 2026
Securelist
ИИ-шлюз для кражи ваших данных
26 March 2026
Securelist
Coruna: фреймворк из «Операции Триангуляция»
Нашли неточность в описании этой уязвимости?
Если вы нашли новую угрозу или уязвимость, пожалуйста дайте нам знать по электронной почте:
newvirus@kaspersky.com
Нашли новую угрозу или уязвимость?
Если вы нашли новую угрозу или уязвимость, пожалуйста дайте нам знать по электронной почте:
newvirus@kaspersky.com
Продукты
Для дома
Для малого бизнеса
Для среднего бизнеса
Для крупного бизнеса
Select language
Severity level
Critical
High
Warning
Sorting
Kaspersky ID
Уязвимость
Detect date
Уровень угрозы
You must select at least one severity level
Do you want to save your changes?
Your message has been sent successfully.