Vulnerabilities > Microsoft > Windows 10 > Low

DATE CVE VULNERABILITY TITLE RISK
2017-04-12 CVE-2017-0164 Improper Input Validation vulnerability in Microsoft Windows 10 and Windows Server 2016
A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."
network
microsoft CWE-20
3.5
2017-04-12 CVE-2017-0167 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory.
local
low complexity
microsoft CWE-200
2.1
2017-04-12 CVE-2017-0188 Information Exposure vulnerability in Microsoft products
A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information.
local
low complexity
microsoft CWE-200
2.1
2017-04-12 CVE-2017-0191 Denial of Service vulnerability in Microsoft Windows
A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory.
network
microsoft
3.5
2017-03-17 CVE-2017-0007 Improper Input Validation vulnerability in Microsoft Windows 10 and Windows Server 2016
Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability."
local
low complexity
microsoft CWE-20
2.1
2017-03-17 CVE-2017-0042 Information Exposure vulnerability in Microsoft products
Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "Windows Media Player Information Disclosure Vulnerability."
network
high complexity
microsoft CWE-200
2.6
2017-03-17 CVE-2017-0043 Information Exposure vulnerability in Microsoft products
Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Federation Services Information Disclosure Vulnerability."
2.9
2017-03-17 CVE-2017-0051 Remote Denial of Service vulnerability in Microsoft Windows Hyper-V
Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, and CVE-2017-0099.
2.9
2017-03-17 CVE-2017-0060 Information Exposure vulnerability in Microsoft products
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
1.9
2017-03-17 CVE-2017-0062 Information Exposure vulnerability in Microsoft products
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0073.
1.9