Security Risk Category

windows Security Risks

Published vulnerability pages connected to windows. One risk can appear in multiple categories while keeping one canonical page.

windows risks

Showing 7 of 7 published risks.

critical

XenCons Windows PV Driver Missing Security Descriptor Vulnerability

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464

CVE-2025-27462xenxenserverwindowsxen-windows-pv-drivers

Updated Jul 9, 2026

critical

XenIface Windows PV Driver Missing Security Descriptor Vulnerability

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464

CVE-2025-27463xenxenserverwindowsxen-windows-pv-drivers

Updated Jul 9, 2026

critical

XenBus Windows PV Driver Missing Security Descriptor Vulnerability

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464

CVE-2025-27464xenxenserverwindowsxen-windows-pv-drivers

Updated Jul 9, 2026

criticalCISA KEVEPSS 0.988

Microsoft Windows Buffer Overflow Vulnerability

Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.

CVE-2008-4250windows

Updated Jul 9, 2026

criticalCISA KEVEPSS 0.641

Microsoft Windows Protection Mechanism Failure Vulnerability

Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-32202windows

Updated Jul 9, 2026

criticalCISA KEVEPSS 0.046

Microsoft Windows Link Following Vulnerability

Microsoft Windows contains a link following vulnerability that allows for privilege escalation

CVE-2025-60710windows

Updated Jul 9, 2026

criticalCISA KEVEPSS 0.122

Microsoft Windows Out-of-Bounds Read Vulnerability

Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation

CVE-2023-36424windows

Updated Jul 9, 2026