HHHHHHHHH     HHHHHHHHH                    SSSSSSSSSSSSSSS      OOOOOOOOO             CCCCCCCCCCCCC
H:::::::H     H:::::::H                  SS:::::::::::::::S   OO:::::::::OO        CCC::::::::::::C
H:::::::H     H:::::::H                 S:::::SSSSSS::::::S OO:::::::::::::OO    CC:::::::::::::::C
HH::::::H     H::::::HH                 S:::::S     SSSSSSSO:::::::OOO:::::::O  C:::::CCCCCCCC::::C
  H:::::H     H:::::H                   S:::::S            O::::::O   O::::::O C:::::C       CCCCCC
  H:::::H     H:::::H                   S:::::S            O:::::O     O:::::OC:::::C              
  H::::::HHHHH::::::H                    S::::SSSS         O:::::O     O:::::OC:::::C              
  H:::::::::::::::::H   ---------------   SS::::::SSSSS    O:::::O     O:::::OC:::::C              
  H:::::::::::::::::H   -:::::::::::::-     SSS::::::::SS  O:::::O     O:::::OC:::::C              
  H::::::HHHHH::::::H   ---------------        SSSSSS::::S O:::::O     O:::::OC:::::C              
  H:::::H     H:::::H                               S:::::SO:::::O     O:::::OC:::::C              
  H:::::H     H:::::H                               S:::::SO::::::O   O::::::O C:::::C       CCCCCC
HH::::::H     H::::::HH                 SSSSSSS     S:::::SO:::::::OOO:::::::O  C:::::CCCCCCCC::::C
H:::::::H     H:::::::H                 S::::::SSSSSS:::::S OO:::::::::::::OO    CC:::::::::::::::C
H:::::::H     H:::::::H                 S:::::::::::::::SS    OO:::::::::OO        CCC::::::::::::C
HHHHHHHHH     HHHHHHHHH                  SSSSSSSSSSSSSSS        OOOOOOOOO             CCCCCCCCCCCCC





`7MM"""Mq.            mm             `7MM            MMP""MM""YMM                                   `7MM                      
MM   `MM.           MM               MM            P'   MM   `7                                     MM                      
MM   ,M9  ,6"Yb.  mmMMmm   ,p6"bo    MMpMMMb.           MM      `7MM  `7MM   .gP"Ya  ,pP"Ybd   ,M""bMM   ,6"Yb.  `7M'   `MF'
MMmmdM9  8)   MM    MM    6M'  OO    MM    MM           MM        MM    MM  ,M'   Yb 8I   `" ,AP    MM  8)   MM    VA   ,V  
MM        ,pm9MM    MM    8M         MM    MM           MM        MM    MM  8M"""""" `YMMMa. 8MI    MM   ,pm9MM     VA ,V   
MM       8M   MM    MM    YM.    ,   MM    MM           MM        MM    MM  YM.    , L.   I8 `Mb    MM  8M   MM      VVV    
.JMML.     `Moo9^Yo.  `Mbmo  YMbmd'  .JMML  JMML.       .JMML.      `Mbod"YML. `Mbmmd' M9mmmP'  `Wbmd"MML.`Moo9^Yo.    ,V     
                                                                                                                    ,V
CVE Base Score Impact Title Base Severity Exploited Status Exploit Code Maturity Exploited Likelihood URL Vector String Attack Complexity Attack Vector User Interaction Privileges Required Availability Impact Confidentiality Impact Integrity Impact Remediation Level Report Confidence Temporal Score Release Date Revision History
CVE-2025-54100 7.8 Remote Code Execution PowerShell Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2025-54100 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2025-12-09 08:00:00 2 (2025-12-18T08:00:00.000Z) - Corrected Build Numbers in the Security Updates table. This is an informational change only.
CVE-2026-20804 7.7 Tampering Windows Hello Tampering Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20804 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C LOW LOCAL NONE NONE NONE HIGH HIGH OFFICIAL_FIX CONFIRMED 6.7 2026-01-13 08:00:00 None
CVE-2026-20963 8.8 Remote Code Execution Microsoft SharePoint Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20963 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW NETWORK NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 7.7 2026-01-13 08:00:00 None
CVE-2025-62468 5.5 Information Disclosure Windows Defender Firewall Service Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation More Likely CVE-2025-62468 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2025-12-09 08:00:00 2 (2025-12-12T08:00:00.000Z) - Corrected CVSS Privileges metric to PR:L, corrected Exploitability assessment to Expoitation More Likely, and updated FAQs. These are informational changes only.
CVE-2025-14174 Chromium: CVE-2025-14174 Out of bounds memory access in ANGLE CVE-2025-14174 2025-12-09 08:00:00 None
CVE-2025-64677 8.2 Spoofing Office Out-of-Box Experience Spoofing Vulnerability HIGH No UNPROVEN CVE-2025-64677 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C LOW NETWORK NONE NONE NONE HIGH LOW OFFICIAL_FIX CONFIRMED 7.1 2025-12-09 08:00:00 None
CVE-2026-20957 7.8 Remote Code Execution Microsoft Excel Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20957 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20817 7.8 Elevation of Privilege Windows Error Reporting Service Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation More Likely CVE-2026-20817 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20828 4.6 Information Disclosure Windows rndismp6.sys Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20828 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW PHYSICAL NONE NONE NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.0 2026-01-13 08:00:00 None
CVE-2026-20869 7.0 Elevation of Privilege Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20869 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.1 2026-01-13 08:00:00 None
CVE-2026-20924 7.8 Elevation of Privilege Windows Management Services Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20924 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20838 5.5 Information Disclosure Windows Kernel Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20838 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2025-62554 8.4 Remote Code Execution Microsoft Office Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2025-62554 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 7.3 2025-12-09 08:00:00 2 (2025-12-17T08:00:00.000Z) - Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-20873 7.8 Elevation of Privilege Windows Management Services Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20873 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20956 7.8 Remote Code Execution Microsoft Excel Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20956 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20872 6.5 Spoofing NTLM Hash Disclosure Spoofing Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20872 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW NETWORK REQUIRED NONE NONE HIGH NONE OFFICIAL_FIX CONFIRMED 5.7 2026-01-13 08:00:00 None
CVE-2025-64663 9.9 Elevation of Privilege Custom Question Answering Elevation of Privilege Vulnerability CRITICAL No UNPROVEN CVE-2025-64663 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C LOW NETWORK NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 8.6 2025-12-09 08:00:00 None
CVE-2026-20815 7.0 Elevation of Privilege Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20815 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.1 2026-01-13 08:00:00 None
CVE-2026-20962 4.4 Information Disclosure Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20962 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE HIGH NONE HIGH NONE OFFICIAL_FIX CONFIRMED 3.9 2026-01-13 08:00:00 None
CVE-2026-21221 7.0 Elevation of Privilege Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-21221 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.1 2026-01-13 08:00:00 None
CVE-2025-55319 8.8 Remote Code Execution Agentic AI and Visual Studio Code Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation More Likely CVE-2025-55319 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW NETWORK REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 7.7 2025-09-09 07:00:00 2 (2025-09-12T07:00:00.000Z) - Added an acknowledgement. This is an informational change only.; 3 (2025-12-23T08:00:00.000Z) - Corrected Download and Article links in the Security Updates table. This is an informational change only.
CVE-2026-20926 7.5 Elevation of Privilege Windows SMB Server Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20926 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH NETWORK NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.5 2026-01-13 08:00:00 None
CVE-2026-20810 7.8 Elevation of Privilege Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20810 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20939 5.5 Information Disclosure Windows File Explorer Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Unlikely CVE-2026-20939 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2026-20921 7.5 Elevation of Privilege Windows SMB Server Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20921 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH NETWORK NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.5 2026-01-13 08:00:00 None
CVE-2026-20868 8.8 Remote Code Execution Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20868 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW NETWORK REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 7.7 2026-01-13 08:00:00 None
CVE-2025-55683 5.5 Information Disclosure Windows Kernel Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2025-55683 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2025-10-14 07:00:00 2 (2026-01-02T08:00:00.000Z) - Added acknowledgements. This is an informational change only.
CVE-2026-20940 7.8 Elevation of Privilege Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20940 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2025-62562 7.8 Remote Code Execution Microsoft Outlook Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2025-62562 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2025-12-09 08:00:00 2 (2025-12-09T08:00:00.000Z) - Corrected severity entries in the Affected Products table. This is an informational change only. Customers who have successfully installed the update do not need to take any further action.; 3 (2025-12-17T08:00:00.000Z) - Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-20822 7.8 Elevation of Privilege Windows Graphics Component Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20822 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20844 7.4 Elevation of Privilege Windows Clipboard Server Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20844 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.4 2026-01-13 08:00:00 None
CVE-2025-64675 8.3 Spoofing Azure Cosmos DB Spoofing Vulnerability HIGH No UNPROVEN CVE-2025-64675 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C LOW NETWORK REQUIRED NONE LOW HIGH HIGH OFFICIAL_FIX CONFIRMED 7.2 2025-12-09 08:00:00 None
CVE-2026-20958 5.4 Information Disclosure Microsoft SharePoint Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20958 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C LOW NETWORK NONE LOW NONE LOW LOW OFFICIAL_FIX CONFIRMED 4.7 2026-01-13 08:00:00 None
CVE-2025-62555 7.0 Remote Code Execution Microsoft Word Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2025-62555 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.1 2025-12-09 08:00:00 2 (2025-12-17T08:00:00.000Z) - Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-20803 7.2 Elevation of Privilege Microsoft SQL Server Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20803 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW NETWORK NONE HIGH HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.3 2026-01-13 08:00:00 None
CVE-2026-20825 4.4 Information Disclosure Windows Hyper-V Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20825 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE HIGH NONE HIGH NONE OFFICIAL_FIX CONFIRMED 3.9 2026-01-13 08:00:00 None
CVE-2026-20834 4.6 Spoofing Windows Spoofing Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20834 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW PHYSICAL NONE NONE NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.0 2026-01-13 08:00:00 None
CVE-2025-62560 7.8 Remote Code Execution Microsoft Excel Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2025-62560 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2025-12-09 08:00:00 2 (2025-12-17T08:00:00.000Z) - Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-20862 5.5 Information Disclosure Windows Management Services Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Unlikely CVE-2026-20862 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2026-20948 7.8 Remote Code Execution Microsoft Word Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20948 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2025-24044 7.8 Elevation of Privilege Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation More Likely CVE-2025-24044 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2025-03-11 07:00:00 2 (2025-12-17T08:00:00.000Z) - Added an acknowledgement. This is an informational change only.
CVE-2026-20859 7.8 Elevation of Privilege Windows Kernel-Mode Driver Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20859 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20856 8.1 Remote Code Execution Windows Server Update Service (WSUS) Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20856 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH NETWORK NONE NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 7.1 2026-01-13 08:00:00 None
CVE-2026-20849 7.5 Elevation of Privilege Windows Kerberos Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20849 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH NETWORK NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.5 2026-01-13 08:00:00 None
CVE-2026-20816 7.8 Elevation of Privilege Windows Installer Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation More Likely CVE-2026-20816 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20877 7.8 Elevation of Privilege Windows Management Services Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20877 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20819 5.5 Information Disclosure Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20819 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2026-20851 6.2 Information Disclosure Capability Access Management Service (camsvc) Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20851 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE NONE NONE HIGH NONE OFFICIAL_FIX CONFIRMED 5.4 2026-01-13 08:00:00 None
CVE-2026-20943 7.0 Remote Code Execution Microsoft Office Click-To-Run Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20943 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.1 2026-01-13 08:00:00 None
CVE-2026-21265 6.4 Security Feature Bypass Secure Boot Certificate Expiration Security Feature Bypass Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-21265 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE HIGH HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 5.6 2026-01-13 08:00:00 None
CVE-2026-20946 7.8 Remote Code Execution Microsoft Excel Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20946 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2025-62564 7.8 Remote Code Execution Microsoft Excel Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2025-62564 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2025-12-09 08:00:00 2 (2025-12-17T08:00:00.000Z) - Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-20843 7.8 Elevation of Privilege Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation More Likely CVE-2026-20843 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20949 7.8 Security Feature Bypass Microsoft Excel Security Feature Bypass Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20949 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2025-59184 5.5 Information Disclosure Storage Spaces Direct Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2025-59184 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2025-10-14 07:00:00 2 (2026-01-02T08:00:00.000Z) - Added acknowledgements. This is an informational change only.
CVE-2026-21226 7.5 Remote Code Execution Azure Core shared client library for Python Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-21226 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH NETWORK NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.5 2026-01-13 08:00:00 None
CVE-2026-20808 7.0 Elevation of Privilege Windows File Explorer Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20808 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.1 2026-01-13 08:00:00 None
CVE-2026-20866 7.8 Elevation of Privilege Windows Management Services Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20866 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2025-64676 7.2 Remote Code Execution Microsoft Purview eDiscovery Remote Code Execution Vulnerability HIGH No UNPROVEN CVE-2025-64676 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW NETWORK NONE HIGH HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.3 2025-12-09 08:00:00 None
CVE-2026-20830 7.0 Elevation of Privilege Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20830 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.1 2026-01-13 08:00:00 None
CVE-2026-20853 7.4 Elevation of Privilege Windows WalletService Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20853 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.4 2026-01-13 08:00:00 None
CVE-2026-20824 5.5 Security Feature Bypass Windows Remote Assistance Security Feature Bypass Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20824 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2024-30099 7.0 Elevation of Privilege Windows Kernel Elevation of Privilege Vulnerability HIGH No PROOF_OF_CONCEPT Exploitation More Likely CVE-2024-30099 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.3 2024-06-11 07:00:00 2 (2025-12-17T08:00:00.000Z) - Added an acknowledgement. This is an informational change only.
CVE-2026-20918 7.8 Elevation of Privilege Windows Management Services Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20918 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20818 6.2 Information Disclosure Windows Kernel Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Unlikely CVE-2026-20818 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE NONE NONE HIGH NONE OFFICIAL_FIX CONFIRMED 5.4 2026-01-13 08:00:00 None
CVE-2026-20835 5.5 Information Disclosure Capability Access Management Service (camsvc) Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20835 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2026-20836 7.0 Elevation of Privilege DirectX Graphics Kernel Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20836 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.1 2026-01-13 08:00:00 None
CVE-2026-20936 4.3 Information Disclosure Windows NDIS Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Unlikely CVE-2026-20936 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW PHYSICAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 3.8 2026-01-13 08:00:00 None
CVE-2026-20831 7.8 Elevation of Privilege Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20831 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20847 6.5 Spoofing Microsoft Windows File Explorer Spoofing Vulnerability MEDIUM No UNPROVEN Exploitation Unlikely CVE-2026-20847 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW NETWORK NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 5.7 2026-01-13 08:00:00 None
CVE-2026-20947 8.8 Remote Code Execution Microsoft SharePoint Server Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20947 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW NETWORK NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 7.7 2026-01-13 08:00:00 None
CVE-2026-20932 5.5 Information Disclosure Windows File Explorer Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Unlikely CVE-2026-20932 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2026-20955 7.8 Remote Code Execution Microsoft Excel Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20955 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20852 7.7 Tampering Windows Hello Tampering Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20852 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C LOW LOCAL NONE NONE NONE HIGH HIGH OFFICIAL_FIX CONFIRMED 6.7 2026-01-13 08:00:00 None
CVE-2026-20814 7.0 Elevation of Privilege DirectX Graphics Kernel Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20814 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.1 2026-01-13 08:00:00 None
CVE-2026-20809 7.8 Elevation of Privilege Windows Kernel Memory Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20809 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2025-62557 8.4 Remote Code Execution Microsoft Office Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2025-62557 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 7.3 2025-12-09 08:00:00 2 (2025-12-17T08:00:00.000Z) - Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-20871 7.8 Elevation of Privilege Desktop Windows Manager Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation More Likely CVE-2026-20871 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20823 5.5 Information Disclosure Windows File Explorer Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Unlikely CVE-2026-20823 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2026-20858 7.8 Elevation of Privilege Windows Management Services Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20858 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH TEMPORARY_FIX CONFIRMED 6.9 2026-01-13 08:00:00 None
CVE-2025-62558 7.8 Remote Code Execution Microsoft Word Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2025-62558 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2025-12-09 08:00:00 2 (2025-12-17T08:00:00.000Z) - Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-20938 7.8 Elevation of Privilege Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20938 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20821 6.2 Information Disclosure Remote Procedure Call Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Unlikely CVE-2026-20821 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE NONE NONE HIGH NONE OFFICIAL_FIX CONFIRMED 5.4 2026-01-13 08:00:00 None
CVE-2026-20870 7.8 Elevation of Privilege Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20870 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20857 7.8 Elevation of Privilege Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20857 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20876 6.7 Elevation of Privilege Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20876 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE HIGH HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 5.8 2026-01-13 08:00:00 None
CVE-2025-60710 7.8 Elevation of Privilege Host Process for Windows Tasks Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2025-60710 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2025-11-11 08:00:00 2 (2025-12-09T08:00:00.000Z) - The following updates have been made: 1. To comprehensively address CVE-2025-60710, Microsoft has released December 2025 security updates for all supported editions of Windows 11 Version 24H2, Windows 11 Version 25H2, and Windows Server 2025. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. 2. Added a Workaround for customers running Windows Server 2025, in the event they cannot immediately install the update.; 3 (2025-12-11T08:00:00.000Z) - Added an acknowledgement. This is an informational change only.; 4 (2026-01-02T08:00:00.000Z) - Added an acknowledgement. This is an informational change only.
CVE-2026-20937 5.5 Information Disclosure Windows File Explorer Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Unlikely CVE-2026-20937 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2026-20875 7.5 Denial of Service Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20875 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C LOW NETWORK NONE NONE HIGH NONE NONE OFFICIAL_FIX CONFIRMED 6.5 2026-01-13 08:00:00 None
CVE-2026-20953 8.4 Remote Code Execution Microsoft Office Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20953 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 7.3 2026-01-13 08:00:00 None
CVE-2026-20935 6.2 Information Disclosure Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20935 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE NONE NONE HIGH NONE OFFICIAL_FIX CONFIRMED 5.4 2026-01-13 08:00:00 None
CVE-2026-20854 7.5 Remote Code Execution Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20854 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH NETWORK NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.5 2026-01-13 08:00:00 None
CVE-2026-20922 7.8 Remote Code Execution Windows NTFS Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation More Likely CVE-2026-20922 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2025-65041 10.0 Elevation of Privilege Microsoft Partner Center Elevation of Privilege Vulnerability CRITICAL No UNPROVEN CVE-2025-65041 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C LOW NETWORK NONE NONE HIGH HIGH HIGH TEMPORARY_FIX CONFIRMED 8.8 2025-12-09 08:00:00 None
CVE-2026-20812 6.5 Tampering LDAPĀ Tampering Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20812 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C LOW NETWORK NONE LOW NONE NONE HIGH OFFICIAL_FIX CONFIRMED 5.7 2026-01-13 08:00:00 None
CVE-2026-20829 5.5 Information Disclosure TPM Trustlet Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20829 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2026-20925 6.5 Spoofing NTLM Hash Disclosure Spoofing Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20925 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW NETWORK REQUIRED NONE NONE HIGH NONE OFFICIAL_FIX CONFIRMED 5.7 2026-01-13 08:00:00 None
CVE-2026-20861 7.8 Elevation of Privilege Windows Management Services Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20861 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20919 7.5 Elevation of Privilege Windows SMB Server Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20919 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH NETWORK NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.5 2026-01-13 08:00:00 None
CVE-2026-20837 7.8 Remote Code Execution Windows Media Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20837 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20931 8.0 Elevation of Privilege Windows Telephony Service Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20931 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW ADJACENT_NETWORK NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 7.0 2026-01-13 08:00:00 None
CVE-2025-62559 7.8 Remote Code Execution Microsoft Word Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2025-62559 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2025-12-09 08:00:00 2 (2025-12-17T08:00:00.000Z) - Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-20805 5.5 Information Disclosure Desktop Window Manager Information Disclosure Vulnerability MEDIUM Yes UNPROVEN Exploitation Detected CVE-2026-20805 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2026-20934 7.5 Elevation of Privilege Windows SMB Server Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20934 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH NETWORK NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.5 2026-01-13 08:00:00 None
CVE-2025-62561 7.8 Remote Code Execution Microsoft Excel Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2025-62561 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2025-12-09 08:00:00 2 (2025-12-17T08:00:00.000Z) - Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-20860 7.8 Elevation of Privilege Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation More Likely CVE-2026-20860 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20863 7.0 Elevation of Privilege Win32k Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20863 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.1 2026-01-13 08:00:00 None
CVE-2026-20950 7.8 Remote Code Execution Microsoft Excel Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20950 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2025-21367 7.8 Elevation of Privilege Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation More Likely CVE-2025-21367 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2025-02-11 08:00:00 2 (2025-12-17T08:00:00.000Z) - Added an acknowledgement. This is an informational change only.
CVE-2026-20923 7.8 Elevation of Privilege Windows Management Services Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20923 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20820 7.8 Elevation of Privilege Windows Common Log File System Driver Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation More Likely CVE-2026-20820 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20811 7.8 Elevation of Privilege Win32k Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20811 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20864 7.8 Elevation of Privilege Windows Connected Devices Platform Service Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20864 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2025-62556 7.8 Remote Code Execution Microsoft Excel Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2025-62556 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2025-12-09 08:00:00 2 (2025-12-17T08:00:00.000Z) - Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-21224 7.8 Elevation of Privilege Azure Connected Machine Agent Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-21224 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-21219 7.0 Remote Code Execution Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-21219 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.1 2026-01-13 08:00:00 None
CVE-2026-20848 7.5 Elevation of Privilege Windows SMB Server Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20848 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH NETWORK NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.5 2026-01-13 08:00:00 None
CVE-2026-20842 7.0 Elevation of Privilege Microsoft DWM Core Library Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20842 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.1 2026-01-13 08:00:00 None
CVE-2025-65037 10.0 Remote Code Execution Azure Container Apps Remote Code Execution Vulnerability CRITICAL No UNPROVEN CVE-2025-65037 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C LOW NETWORK NONE NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 8.7 2025-12-09 08:00:00 None
CVE-2026-20840 7.8 Remote Code Execution Windows NTFS Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation More Likely CVE-2026-20840 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20826 7.8 Elevation of Privilege Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20826 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20944 8.4 Remote Code Execution Microsoft Word Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20944 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 7.3 2026-01-13 08:00:00 None
CVE-2026-20865 7.8 Elevation of Privilege Windows Management Services Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20865 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20833 5.5 Information Disclosure Windows Kerberos Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20833 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2026-20832 7.8 Elevation of Privilege Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20832 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20959 4.6 Spoofing Microsoft SharePoint Server Spoofing Vulnerability MEDIUM No UNPROVEN Exploitation Less Likely CVE-2026-20959 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C LOW NETWORK REQUIRED LOW NONE LOW LOW OFFICIAL_FIX CONFIRMED 4.0 2026-01-13 08:00:00 None
CVE-2026-0386 7.5 Remote Code Execution Windows Deployment Services Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-0386 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH ADJACENT_NETWORK NONE NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.5 2026-01-13 08:00:00 None
CVE-2025-64680 7.8 Elevation of Privilege Windows DWM Core Library Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2025-64680 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2025-12-09 08:00:00 2 (2025-12-23T08:00:00.000Z) - Updated the build numbers. This is an informational update only.
CVE-2026-20952 8.4 Remote Code Execution Microsoft Office Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20952 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 7.3 2026-01-13 08:00:00 None
CVE-2026-20827 5.5 Information Disclosure Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Unlikely CVE-2026-20827 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2026-20839 5.5 Information Disclosure Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability MEDIUM No UNPROVEN Exploitation Unlikely CVE-2026-20839 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C LOW LOCAL NONE LOW NONE HIGH NONE OFFICIAL_FIX CONFIRMED 4.8 2026-01-13 08:00:00 None
CVE-2026-20929 7.5 Elevation of Privilege Windows HTTP.sys Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Unlikely CVE-2026-20929 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH NETWORK NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.5 2026-01-13 08:00:00 None
CVE-2025-65046 3.1 Spoofing Microsoft Edge (Chromium-based) Spoofing Vulnerability LOW No UNPROVEN CVE-2025-65046 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C HIGH NETWORK REQUIRED NONE NONE NONE LOW OFFICIAL_FIX CONFIRMED 2.7 2025-12-09 08:00:00 None
CVE-2026-20927 5.3 Denial of Service Windows SMB Server Denial of Service Vulnerability MEDIUM No UNPROVEN Exploitation Unlikely CVE-2026-20927 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C HIGH NETWORK NONE LOW HIGH NONE NONE OFFICIAL_FIX CONFIRMED 4.6 2026-01-13 08:00:00 None
CVE-2026-20951 7.8 Remote Code Execution Microsoft SharePoint Server Remote Code Execution Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20951 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL REQUIRED NONE HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None
CVE-2026-20965 7.5 Elevation of Privilege Windows Admin Center Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20965 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C HIGH LOCAL NONE HIGH HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.5 2026-01-13 08:00:00 None
CVE-2025-64669 7.8 Elevation of Privilege Windows Admin Center Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2025-64669 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2025-12-09 08:00:00 2 (2025-12-11T08:00:00.000Z) - Corrected Build Number in the Security Updates table. This is an informational change only.
CVE-2026-20941 7.8 Elevation of Privilege Host Process for Windows Tasks Elevation of Privilege Vulnerability HIGH No UNPROVEN Exploitation Less Likely CVE-2026-20941 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C LOW LOCAL NONE LOW HIGH HIGH HIGH OFFICIAL_FIX CONFIRMED 6.8 2026-01-13 08:00:00 None