Vulnerabilities > Microsoft > Windows 10 > High

DATE CVE VULNERABILITY TITLE RISK
2015-12-09 CVE-2015-6133 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
local
low complexity
microsoft CWE-264
7.2
2015-12-09 CVE-2015-6132 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
local
low complexity
microsoft CWE-264
7.2
2015-12-09 CVE-2015-6126 Use After Free vulnerability in Microsoft products
Race condition in the Pragmatic General Multicast (PGM) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application, aka "Windows PGM UAF Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-416
7.2
2015-11-11 CVE-2015-2478 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application that triggers a Winsock call referencing an invalid address, aka "Winsock Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.2
2015-10-14 CVE-2015-2554 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.2
2015-10-14 CVE-2015-2553 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles junctions during mountpoint creation, which makes it easier for local users to gain privileges by leveraging certain sandbox access, aka "Windows Mount Point Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.2
2015-10-14 CVE-2015-2552 7PK - Security Features vulnerability in Microsoft products
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows physically proximate attackers to bypass the Trusted Boot protection mechanism, and consequently interfere with the integrity of code, BitLocker, Device Encryption, and Device Health Attestation, via a crafted Boot Configuration Data (BCD) setting, aka "Trusted Boot Security Feature Bypass Vulnerability."
local
low complexity
microsoft CWE-254
7.2
2015-10-14 CVE-2015-2550 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.2
2015-10-14 CVE-2015-2549 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.2
2015-09-09 CVE-2015-2528 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2524.
local
low complexity
microsoft CWE-264
7.2