Vulnerabilities > Microsoft > Windows 10 > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-11 CVE-2017-8566 Improper Input Validation vulnerability in Microsoft Windows 10 and Windows Server 2016
Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability".
local
high complexity
microsoft CWE-20
7.0
2017-07-11 CVE-2017-8565 Unspecified vulnerability in Microsoft products
Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka "Windows PowerShell Remote Code Execution Vulnerability".
network
high complexity
microsoft
8.1
2017-07-11 CVE-2017-8563 Improper Preservation of Permissions vulnerability in Microsoft products
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability".
network
high complexity
microsoft CWE-281
8.1
2017-07-11 CVE-2017-8562 Improper Preservation of Permissions vulnerability in Microsoft products
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability".
local
high complexity
microsoft CWE-281
7.0
2017-07-11 CVE-2017-8561 Improper Preservation of Permissions vulnerability in Microsoft products
Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".
local
high complexity
microsoft CWE-281
7.0
2017-07-11 CVE-2017-8556 Improper Preservation of Permissions vulnerability in Microsoft products
Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability".
local
high complexity
microsoft CWE-281
7.0
2017-07-11 CVE-2017-8495 Improper Authentication vulnerability in Microsoft products
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability" or Orpheus' Lyre.
network
high complexity
microsoft CWE-287
7.5
2017-07-11 CVE-2017-8467 Improper Preservation of Permissions vulnerability in Microsoft products
Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability".
local
high complexity
microsoft CWE-281
7.0
2017-07-11 CVE-2017-8463 Unspecified vulnerability in Microsoft products
Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka "Windows Explorer Remote Code Execution Vulnerability".
local
low complexity
microsoft
7.8
2017-06-29 CVE-2017-8579 Improper Preservation of Permissions vulnerability in Microsoft Windows 10 and Windows Server 2016
The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability."
local
high complexity
microsoft CWE-281
7.0