Windows Server (General) · Top 20

CVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled server

⚠️ Importante

Information published.

Microsoft CVE-2025-66413 CVSS 7.4 2026-03-26 01:38 UTC · 2026-03-25 22:38 -03

CVE-2026-26128 Windows SMB Server Elevation of Privilege Vulnerability

⚠️ Importante

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.

Microsoft CVE-2026-26128 CVSS 7.8 2026-03-10 07:00 UTC · 2026-03-10 04:00 -03

CVE-2026-26111 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

⚠️ Importante

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft CVE-2026-26111 CVSS 8.8 2026-03-10 07:00 UTC · 2026-03-10 04:00 -03

CVE-2026-25179 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

⚠️ Importante

Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Microsoft CVE-2026-25179 CVSS 7.0 2026-03-10 07:00 UTC · 2026-03-10 04:00 -03

CVE-2026-25178 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

⚠️ Importante

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Microsoft CVE-2026-25178 CVSS 7.0 2026-03-10 07:00 UTC · 2026-03-10 04:00 -03

CVE-2026-25176 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

⚠️ Importante

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Microsoft CVE-2026-25176 CVSS 7.8 2026-03-10 07:00 UTC · 2026-03-10 04:00 -03

CVE-2026-25175 Windows NTFS Elevation of Privilege Vulnerability

⚠️ Importante

Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.

Microsoft CVE-2026-25175 CVSS 7.8 2026-03-10 07:00 UTC · 2026-03-10 04:00 -03

CVE-2026-25173 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

⚠️ Importante

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Microsoft CVE-2026-25173 CVSS 8.0 2026-03-10 07:00 UTC · 2026-03-10 04:00 -03

CVE-2026-25172 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

⚠️ Importante

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft CVE-2026-25172 CVSS 8.8 2026-03-10 07:00 UTC · 2026-03-10 04:00 -03

CVE-2026-25170 Windows Hyper-V Elevation of Privilege Vulnerability

⚠️ Importante

Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Microsoft CVE-2026-25170 CVSS 7.0 2026-03-10 07:00 UTC · 2026-03-10 04:00 -03

CVE-2026-24297 Windows Kerberos Security Feature Bypass Vulnerability

⚠️ Importante

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network.

Microsoft CVE-2026-24297 CVSS 6.5 2026-03-10 07:00 UTC · 2026-03-10 04:00 -03

CVE-2026-24294 Windows SMB Server Elevation of Privilege Vulnerability

⚠️ Importante

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.

Microsoft CVE-2026-24294 CVSS 7.8 2026-03-10 07:00 UTC · 2026-03-10 04:00 -03

CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

⚠️ Importante

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Microsoft CVE-2026-24293 CVSS 7.8 2026-03-10 07:00 UTC · 2026-03-10 04:00 -03

CVE-2026-23669 Windows Print Spooler Remote Code Execution Vulnerability

⚠️ Importante

Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network.

Microsoft CVE-2026-23669 CVSS 8.8 2026-03-10 07:00 UTC · 2026-03-10 04:00 -03

CVE-2026-21232 Windows HTTP.sys Elevation of Privilege Vulnerability

⚠️ Importante

Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

Microsoft CVE-2026-21232 CVSS 7.8 2026-02-10 08:00 UTC · 2026-02-10 05:00 -03

CVE-2026-21238 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

⚠️ Importante

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Microsoft CVE-2026-21238 CVSS 7.8 2026-02-10 08:00 UTC · 2026-02-10 05:00 -03

CVE-2026-21241 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

⚠️ Importante

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Microsoft CVE-2026-21241 CVSS 7.0 2026-02-10 08:00 UTC · 2026-02-10 05:00 -03

CVE-2026-21240 Windows HTTP.sys Elevation of Privilege Vulnerability

⚠️ Importante

Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

Microsoft CVE-2026-21240 CVSS 7.8 2026-02-10 08:00 UTC · 2026-02-10 05:00 -03

CVE-2026-21243 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

⚠️ Importante

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

Microsoft CVE-2026-21243 CVSS 7.5 2026-02-10 08:00 UTC · 2026-02-10 05:00 -03

CVE-2026-21244 Windows Hyper-V Remote Code Execution Vulnerability

⚠️ Importante

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

Microsoft CVE-2026-21244 CVSS 7.3 2026-02-10 08:00 UTC · 2026-02-10 05:00 -03