| 2021-10-05 |
21H2 |
— |
Bug |
— |
— |
— |
TPM 2.0 requirement blocked upgrade on millions of otherwise capable systems; no bypass path for consumers |
| 2021-11-09 |
21H2 |
KB5007215 |
Bug |
— |
— |
— |
First cumulative update caused UI rendering glitches, Start menu search failures, and context-menu lag on some hardware |
| 2021-12-14 |
21H2 |
KB5008215 |
CVE |
CVE-2021-43890 |
7.1 |
Yes |
Windows AppX Installer spoofing vulnerability; actively exploited to distribute Emotet/TrickBot malware via fake package prompts |
| 2022-01-11 |
21H2 |
KB5009566 |
CVE |
CVE-2022-21907 |
9.8 |
No |
HTTP Protocol Stack RCE; wormable, no authentication required; one of 11 Critical CVEs in this cycle (98 total CVEs) |
| 2022-01-11 |
21H2 |
KB5009566 |
Bug |
— |
— |
— |
Update caused L2TP VPN connections to fail on some configurations; Microsoft issued out-of-band KB5010793 |
| 2022-02-08 |
21H2 |
KB5010386 |
CVE |
CVE-2022-21989 |
7.8 |
No |
Windows Kernel EoP vulnerability allowing SYSTEM-level privilege escalation |
| 2022-03-08 |
21H2 |
KB5011493 |
CVE |
CVE-2022-21990 |
8.8 |
Yes |
Remote Desktop Client RCE; 92 total CVEs, 3 zero-days, 3 Critical rated |
| 2022-03-08 |
21H2 |
KB5011493 |
CVE |
CVE-2022-24512 |
6.3 |
Yes |
.NET and Visual Studio RCE; publicly disclosed before patch |
| 2022-03-08 |
21H2 |
KB5011493 |
CVE |
CVE-2022-24459 |
7.8 |
Yes |
Windows Fax and Scan Service EoP; publicly disclosed |
| 2022-04-12 |
21H2 |
KB5012592 |
CVE |
CVE-2022-24521 |
7.8 |
Yes |
Windows CLFS (Common Log File System) EoP; actively exploited |
| 2022-04-12 |
21H2 |
KB5012592 |
CVE |
CVE-2022-26809 |
9.8 |
No |
Windows RPC RCE; wormable potential, Critical rating |
| 2022-05-10 |
21H2 |
KB5013943 |
Bug |
— |
— |
— |
AMD CPU L3 cache latency bug: update doubled L3 cache latency on AMD Ryzen processors, causing up to 15% gaming performance loss |
| 2022-05-10 |
21H2 |
KB5013943 |
CVE |
CVE-2022-26925 |
8.1 |
Yes |
Windows LSA spoofing / NTLM relay zero-day; exploitable via PetitPotam; Microsoft forced forced-patch on DCs |
| 2022-06-14 |
21H2 |
KB5014697 |
CVE |
CVE-2022-30136 |
9.8 |
No |
Windows NFS v4.1 RCE; Critical, no authentication required |
| 2022-06-14 |
21H2 |
KB5014697 |
Bug |
— |
— |
— |
Printer installation failures: user-mode printer drivers unloaded unexpectedly from multiple print queues to same driver; IPP printer installs failed |
| 2022-07-12 |
21H2 |
KB5015814 |
CVE |
CVE-2022-22047 |
7.8 |
Yes |
Windows CSRSS EoP; actively exploited in targeted attacks |
| 2022-08-09 |
21H2 |
KB5016629 |
CVE |
CVE-2022-34713 |
7.8 |
Yes |
MSDT "DogWalk" RCE; actively exploited; bypass for earlier Follina mitigations |
| 2022-08-09 |
21H2 |
KB5016629 |
CVE |
CVE-2022-35743 |
7.8 |
No |
Microsoft Windows Support Diagnostic Tool (MSDT) RCE |
| 2022-09-13 |
21H2 |
KB5017328 |
CVE |
CVE-2022-37969 |
7.8 |
Yes |
Windows CLFS EoP zero-day; exploited by multiple threat actors; 63 total CVEs |
| 2022-09-13 |
21H2 |
KB5017328 |
CVE |
CVE-2022-34721 |
9.8 |
No |
Windows IKE Protocol Extensions RCE; Critical, unauthenticated |
| 2022-09-13 |
21H2 |
KB5017328 |
CVE |
CVE-2022-34718 |
9.8 |
No |
Windows TCP/IP RCE; Critical, unauthenticated |
| 2022-10-11 |
21H2 |
KB5018418 |
CVE |
CVE-2022-41033 |
7.8 |
Yes |
Windows COM+ Event System Service EoP; actively exploited zero-day |
| 2022-10-11 |
21H2 |
KB5018418 |
CVE |
CVE-2022-41043 |
4.0 |
Yes |
Microsoft Office information disclosure; publicly disclosed |
| 2022-11-08 |
21H2 |
KB5019980 |
CVE |
CVE-2022-41073 |
7.8 |
Yes |
Windows Print Spooler EoP; SYSTEM privilege escalation; one of 6 exploited zero-days |
| 2022-11-08 |
21H2 |
KB5019980 |
CVE |
CVE-2022-41125 |
7.8 |
Yes |
Windows CNG Key Isolation Service EoP; SYSTEM privilege escalation; exploited |
| 2022-11-08 |
21H2 |
KB5019980 |
CVE |
CVE-2022-41091 |
5.4 |
Yes |
Windows Mark of the Web (MotW) security bypass; exploited to deliver malware without SmartScreen warnings |
| 2022-11-08 |
21H2 |
KB5019980 |
CVE |
CVE-2022-41128 |
8.8 |
Yes |
Windows Scripting Languages RCE; actively exploited; 68 total CVEs, 11 Critical |
| 2022-11-08 |
21H2 |
KB5019980 |
CVE |
CVE-2022-41040 |
8.8 |
Yes |
Exchange Server SSRF (ProxyNotShell); chained with CVE-2022-41082 for RCE |
| 2022-11-08 |
21H2 |
KB5019980 |
CVE |
CVE-2022-41082 |
8.8 |
Yes |
Exchange Server RCE (ProxyNotShell); disclosed by GTSC in September 2022 |
| 2022-12-13 |
21H2 |
KB5021234 |
CVE |
CVE-2022-44698 |
5.4 |
Yes |
Windows SmartScreen security bypass zero-day; actively exploited |
| 2022-12-13 |
21H2 |
KB5021234 |
CVE |
CVE-2022-44710 |
7.8 |
Yes |
DirectX Graphics Kernel EoP; publicly disclosed |
| 2023-01-10 |
22H2 |
KB5022303 |
CVE |
CVE-2023-21674 |
8.8 |
Yes |
Windows ALPC (Advanced Local Procedure Call) EoP; sandbox escape zero-day; exploited in targeted attacks |
| 2023-02-14 |
22H2 |
KB5022845 |
CVE |
CVE-2023-21823 |
7.8 |
Yes |
Windows Graphics Component EoP; exploited; affects multiple Windows versions |
| 2023-02-14 |
22H2 |
KB5022845 |
CVE |
CVE-2023-23376 |
7.8 |
Yes |
Windows CLFS EoP zero-day; exploited in the wild; 77 total CVEs, 9 Critical |
| 2023-02-14 |
22H2 |
KB5022845 |
CVE |
CVE-2023-21715 |
7.3 |
Yes |
Microsoft Publisher SFB (Security Feature Bypass); exploited |
| 2023-03-14 |
22H2 |
KB5023706 |
CVE |
CVE-2023-23397 |
9.8 |
Yes |
Microsoft Outlook Critical EoP; CVSS 9.8; zero authentication required; harvests NTLM hashes; exploited by Russian APT28 against EU defense/government targets |
| 2023-03-14 |
22H2 |
KB5023706 |
CVE |
CVE-2023-24880 |
5.1 |
Yes |
Windows SmartScreen bypass; exploited to deliver Magniber ransomware |
| 2023-04-11 |
22H2 |
KB5025239 |
CVE |
CVE-2023-28252 |
7.8 |
Yes |
Windows CLFS EoP zero-day; exploited by Nokoyawa ransomware gang; SYSTEM privilege escalation; 97 total CVEs |
| 2023-05-09 |
22H2 |
KB5026372 |
CVE |
CVE-2023-29336 |
7.8 |
Yes |
Win32k Kernel EoP; SYSTEM-level privilege escalation; exploited in wild |
| 2023-05-09 |
22H2 |
KB5026372 |
CVE |
CVE-2023-24932 |
6.7 |
Yes |
Secure Boot Security Feature Bypass; used by BlackLotus UEFI bootkit to persist across reinstalls |
| 2023-05-09 |
22H2 |
KB5026372 |
Bug |
— |
— |
— |
VPN breakage: L2TP/IPsec VPN speeds dropped from 16 MB/s to near-zero; connection delays increased to 20–30 seconds; affected hundreds of enterprise deployments |
| 2023-06-13 |
22H2 |
KB5027231 |
CVE |
CVE-2023-29357 |
9.8 |
Yes |
Microsoft SharePoint Server EoP; Critical CVSS 9.8; no authentication needed; chained with CVE-2023-24955 |
| 2023-07-11 |
22H2 |
KB5028185 |
CVE |
CVE-2023-36874 |
7.8 |
Yes |
Windows Error Reporting Service EoP zero-day; exploited |
| 2023-07-11 |
22H2 |
KB5028185 |
CVE |
CVE-2023-35311 |
8.8 |
Yes |
Microsoft Outlook security bypass zero-day; exploited |
| 2023-07-11 |
22H2 |
KB5028185 |
CVE |
CVE-2023-32046 |
7.8 |
Yes |
Windows MSHTML Platform EoP zero-day; exploited |
| 2023-07-11 |
22H2 |
KB5028185 |
CVE |
CVE-2023-32049 |
8.8 |
Yes |
Windows SmartScreen bypass zero-day; exploited; 132 total CVEs, 6 zero-days all exploited |
| 2023-07-11 |
22H2 |
KB5028185 |
CVE |
CVE-2023-36884 |
8.3 |
Yes |
Windows Search RCE / Office HTML RCE; zero-day exploited by Russian RomCom threat actor; no patch initially, later addressed |
| 2023-07-11 |
22H2 |
KB5028254 |
Bug |
— |
— |
— |
Out-of-band fix released for VPN performance issues from KB5026372; fixed 27 additional bugs |
| 2023-08-08 |
22H2 |
KB5029263 |
CVE |
CVE-2023-38180 |
7.5 |
Yes |
.NET and Visual Studio DoS zero-day; exploited in the wild |
| 2023-08-08 |
22H2 |
KB5029263 |
CVE |
CVE-2023-36910 |
9.8 |
No |
Microsoft Message Queuing (MSMQ) RCE; Critical CVSS 9.8; unauthenticated |
| 2023-09-12 |
22H2 |
KB5030219 |
CVE |
CVE-2023-36761 |
6.2 |
Yes |
Microsoft Word information disclosure; zero-day exploited to steal NTLM hashes |
| 2023-09-12 |
22H2 |
KB5030219 |
CVE |
CVE-2023-36802 |
7.8 |
Yes |
Microsoft Streaming Service Proxy EoP zero-day; exploited |
| 2023-10-10 |
22H2 |
KB5031354 |
CVE |
CVE-2023-41763 |
5.3 |
Yes |
Skype for Business EoP zero-day; exploited; leaks internal IP addresses |
| 2023-10-10 |
22H2 |
KB5031354 |
CVE |
CVE-2023-44487 |
7.5 |
Yes |
HTTP/2 Rapid Reset Attack (industry-wide CVE); Microsoft mitigated IIS, .NET, and Windows Server components |
| 2023-11-14 |
23H2 |
KB5032190 |
CVE |
CVE-2023-36033 |
7.8 |
Yes |
Windows DWM Core Library EoP zero-day; SYSTEM-level privilege escalation; exploited |
| 2023-11-14 |
23H2 |
KB5032190 |
CVE |
CVE-2023-36025 |
8.8 |
Yes |
Windows SmartScreen bypass; exploited to deliver Phemedrone Stealer and other malware via malicious .url files |
| 2023-11-14 |
23H2 |
KB5032190 |
CVE |
CVE-2023-36036 |
7.8 |
Yes |
Windows Cloud Files Mini Filter Driver EoP zero-day; exploited; 57 total CVEs |
| 2023-12-12 |
23H2 |
KB5033375 |
CVE |
CVE-2023-35628 |
9.8 |
No |
Windows MSHTML Platform RCE; Critical CVSS 9.8; email-based attack vector with no user interaction |
| 2023-12-12 |
23H2 |
KB5033375 |
CVE |
CVE-2023-36019 |
9.6 |
No |
Microsoft Power Platform Connector spoofing; Critical |
| 2024-01-09 |
23H2 |
KB5034123 |
CVE |
CVE-2024-20674 |
9.0 |
No |
Windows Kerberos Security Feature Bypass; Critical; CVSS 9.0; allows auth bypass |
| 2024-01-09 |
23H2 |
KB5034123 |
CVE |
CVE-2024-20700 |
7.5 |
No |
Windows Hyper-V RCE; Critical; race condition exploit |
| 2024-02-13 |
23H2 |
KB5034765 |
CVE |
CVE-2024-21351 |
7.6 |
Yes |
Windows SmartScreen Security Feature Bypass; zero-day exploited in wild |
| 2024-02-13 |
23H2 |
KB5034765 |
CVE |
CVE-2024-21412 |
8.1 |
Yes |
Internet Shortcut Files Security Feature Bypass; zero-day; exploited by DarkCasino APT to deliver malware via forged .url files; 73 total CVEs |
| 2024-03-12 |
23H2 |
KB5035853 |
CVE |
CVE-2024-21334 |
9.8 |
No |
Open Management Infrastructure (OMI) RCE; Critical CVSS 9.8 |
| 2024-03-12 |
23H2 |
KB5035853 |
CVE |
CVE-2024-26198 |
8.8 |
No |
Microsoft Exchange Server RCE |
| 2024-04-09 |
23H2 |
KB5036893 |
CVE |
CVE-2024-26234 |
6.7 |
Yes |
Proxy Driver Spoofing zero-day; malicious driver signed with valid Microsoft certificate; exploited |
| 2024-04-09 |
23H2 |
KB5036893 |
CVE |
CVE-2024-29988 |
8.8 |
Yes |
SmartScreen Prompt Security Feature Bypass; zero-day exploited; chained attacks |
| 2024-05-14 |
23H2 |
KB5037771 |
CVE |
CVE-2024-30051 |
7.8 |
Yes |
Windows DWM Core Library EoP zero-day; exploited; used in QakBot malware campaign |
| 2024-05-14 |
23H2 |
KB5037771 |
CVE |
CVE-2024-30040 |
8.8 |
Yes |
Windows MSHTML Platform SFB zero-day; exploited; bypasses OLE mitigations in Office |
| 2024-06-11 |
23H2 |
KB5039212 |
CVE |
CVE-2024-30080 |
9.8 |
No |
Windows Message Queuing (MSMQ) RCE; Critical CVSS 9.8; 51 total CVEs, 18 RCE flaws |
| 2024-06-11 |
23H2 |
KB5039212 |
CVE |
CVE-2024-30103 |
8.8 |
No |
Microsoft Outlook RCE; Critical; no user interaction required |
| 2024-07-09 |
23H2 |
KB5040442 |
CVE |
CVE-2024-38080 |
7.8 |
Yes |
Windows Hyper-V EoP zero-day; exploited |
| 2024-07-09 |
23H2 |
KB5040442 |
CVE |
CVE-2024-38112 |
7.5 |
Yes |
Windows MSHTML Platform Spoofing zero-day; exploited; 142 total CVEs, 4 zero-days |
| 2024-07-09 |
23H2 |
KB5040442 |
Bug |
— |
— |
— |
CrowdStrike Falcon sensor incident (July 19, separate from Patch Tuesday): faulty content update crashed ~8.5 million Windows systems globally with BSOD; not a Microsoft patch but widely attributed to Windows driver model fragility |
| 2024-08-13 |
23H2 |
KB5041585 |
CVE |
CVE-2024-38202 |
7.3 |
Yes |
Windows Update Stack EoP; part of "Windows Downdate" attack (CVE-2024-21302 + CVE-2024-38202); allowed downgrading fully patched Windows to re-introduce old vulnerabilities; 9 zero-days in cycle, 6 exploited |
| 2024-08-13 |
23H2 |
KB5041585 |
CVE |
CVE-2024-21302 |
6.7 |
Yes |
Windows Secure Kernel Mode EoP; paired with CVE-2024-38202 for downgrade attack |
| 2024-08-13 |
23H2 |
KB5041585 |
CVE |
CVE-2024-38178 |
7.5 |
Yes |
Windows Scripting Engine Memory Corruption RCE zero-day; exploited |
| 2024-08-13 |
23H2 |
KB5041585 |
CVE |
CVE-2024-38193 |
7.8 |
Yes |
Windows Ancillary Function Driver for WinSock EoP zero-day; exploited |
| 2024-09-10 |
24H2 |
KB5043080 |
CVE |
CVE-2024-38217 |
5.4 |
Yes |
Windows Mark-of-the-Web (MotW) bypass zero-day; exploited via LNK files; previously exploited before patch |
| 2024-09-10 |
24H2 |
KB5043080 |
CVE |
CVE-2024-43491 |
9.8 |
Yes |
Windows Update CVSS 9.8 Critical; actively exploited to reverse previous security fixes |
| 2024-09-10 |
24H2 |
KB5043080 |
CVE |
CVE-2024-38226 |
7.3 |
Yes |
Microsoft Publisher SFB; zero-day exploited |
| 2024-10-08 |
24H2 |
KB5044284 |
CVE |
CVE-2024-43573 |
6.5 |
Yes |
Windows MSHTML Platform Spoofing zero-day; exploited; 118 total CVEs, 5 zero-days |
| 2024-10-08 |
24H2 |
KB5044284 |
CVE |
CVE-2024-43572 |
7.8 |
Yes |
Microsoft Management Console (MMC) RCE zero-day; exploited via malicious .msc files |
| 2024-10-08 |
24H2 |
KB5044284 |
CVE |
CVE-2024-20659 |
7.1 |
No |
Windows Hyper-V Security Feature Bypass; Critical; allows VM guest-to-host escape |
| 2024-11-12 |
24H2 |
KB5046617 |
CVE |
CVE-2024-43451 |
6.5 |
Yes |
NTLM Hash Disclosure SFB zero-day; minimal user interaction to steal NTLM hash; exploited; 89 total CVEs |
| 2024-11-12 |
24H2 |
KB5046617 |
CVE |
CVE-2024-49039 |
8.8 |
Yes |
Windows Task Scheduler EoP zero-day; exploited; sandbox escape |
| 2024-11-12 |
24H2 |
KB5046617 |
CVE |
CVE-2024-43639 |
9.8 |
No |
Windows Kerberos RCE; Critical CVSS 9.8; unauthenticated |
| 2024-12-10 |
24H2 |
KB5048667 |
CVE |
CVE-2024-49138 |
7.8 |
Yes |
Windows CLFS EoP zero-day; actively exploited; 71 total CVEs, 16 Critical (all RCE) |
| 2024-12-10 |
24H2 |
KB5048667 |
CVE |
CVE-2024-49112 |
9.8 |
No |
Windows LDAP RCE; Critical CVSS 9.8; unauthenticated; wormable potential |
| 2025-01-14 |
24H2 |
KB5050009 |
CVE |
CVE-2025-21333 |
7.8 |
Yes |
Windows Hyper-V NT Kernel Integration VSP EoP zero-day; exploited |
| 2025-01-14 |
24H2 |
KB5050009 |
CVE |
CVE-2025-21334 |
7.8 |
Yes |
Windows Hyper-V NT Kernel Integration VSP EoP zero-day; exploited |
| 2025-01-14 |
24H2 |
KB5050009 |
CVE |
CVE-2025-21335 |
7.8 |
Yes |
Windows Hyper-V NT Kernel Integration VSP EoP zero-day; exploited; all three Hyper-V zero-days used in active campaigns |
| 2025-01-14 |
24H2 |
KB5050009 |
Bug |
— |
— |
— |
USB DAC audio broken: KB5050009 (24H2) and KB5050021 (23H2) broke audio output on external USB Digital-to-Analog Converter devices |
| 2025-01-14 |
24H2 |
KB5050009 |
Bug |
— |
— |
— |
RDP broken in 24H2: Remote Desktop Protocol connections stopped working in Windows 11 24H2 even with RDP service running |
| 2025-02-11 |
24H2 |
KB5051987 |
CVE |
CVE-2025-21391 |
7.1 |
Yes |
Windows Storage EoP zero-day; exploited; allows deletion of targeted files |
| 2025-02-11 |
24H2 |
KB5051987 |
CVE |
CVE-2025-21418 |
7.8 |
Yes |
Windows Ancillary Function Driver for WinSock EoP zero-day; exploited; SYSTEM privilege escalation |
| 2025-03-11 |
24H2 |
KB5053598 |
CVE |
CVE-2025-26633 |
7.0 |
Yes |
Microsoft Management Console (MMC) SFB; exploited by "MSC EvilTwin" trojan loader; used by multiple threat groups; 57 total CVEs, 7 zero-days |
| 2025-03-11 |
24H2 |
KB5053598 |
CVE |
CVE-2025-24993 |
7.8 |
No |
Windows NTFS Remote Code Execution; memory corruption; affects virtually all Windows systems |
| 2025-03-11 |
24H2 |
KB5053598 |
CVE |
CVE-2025-24985 |
7.8 |
No |
Windows Fast FAT File System Driver RCE |
| 2025-03-11 |
24H2 |
KB5053598 |
CVE |
CVE-2025-24983 |
7.0 |
Yes |
Windows Win32 Kernel Subsystem EoP zero-day; exploited |
| 2025-03-11 |
24H2 |
KB5053598 |
Bug |
— |
— |
— |
March update stuck/looping: KB5053598 installations got stuck at various percentages and entered install-fail-revert loops on some systems |
| 2025-04-08 |
24H2 |
KB5055523 |
CVE |
CVE-2025-29824 |
7.8 |
Yes |
Windows CLFS EoP zero-day; exploited by RansomEXX ransomware gang for SYSTEM-level access |
| 2025-04-08 |
24H2 |
KB5055523 |
Bug |
— |
— |
— |
BSOD epidemic: KB5055523 caused SECURE_KERNEL_ERROR blue screens on affected PCs; also impacted KB5053656 and KB5053598; emergency out-of-band fix required |
| 2025-04-08 |
24H2 |
KB5055523 |
Bug |
— |
— |
— |
Windows Hello broken: Face/iris recognition sign-in stopped working after KB5055523 install |
| 2025-05-13 |
24H2 |
KB5058411 |
CVE |
CVE-2025-30397 |
7.5 |
Yes |
Windows Scripting Engine Memory Corruption zero-day; exploited in browser-based attacks |
| 2025-05-13 |
24H2 |
KB5058411 |
CVE |
CVE-2025-29812 |
9.8 |
No |
DirectX Graphics Kernel EoP; Critical CVSS 9.8; no authentication required |
| 2025-06-10 |
24H2 |
KB5060829 |
CVE |
CVE-2025-29828 |
9.0 |
No |
Schannel Remote Code Execution; Critical; memory corruption in TLS stack |
| 2025-06-10 |
24H2 |
KB5060829 |
CVE |
CVE-2025-33053 |
8.8 |
Yes |
Windows Internet Shortcut Files RCE zero-day; exploited; MotW bypass chained with phishing |
| 2025-06-10 |
24H2 |
KB5060829 |
CVE |
CVE-2025-33073 |
7.8 |
Yes |
Windows EoP zero-day; exploited in confirmed attacks |
| 2025-06-10 |
24H2 |
KB5060829 |
Bug |
— |
— |
— |
False firewall critical errors: Event Viewer flooded with spurious Critical-level Windows Firewall errors; falsely indicated firewall service failure; initial "fix" in July (KB5062553) did not actually resolve the issue |
| 2025-07-08 |
24H2 |
KB5062553 |
Bug |
— |
— |
— |
Start Menu / Search / Taskbar / Explorer broken after provisioning: After provisioning a PC with cumulative updates from July 2025 onward, SystemSettings, Search, StartMenuExperienceHost, Taskbar, and Explorer experienced crashes and failures |
| 2025-07-08 |
24H2 |
KB5062553 |
Bug |
— |
— |
— |
BitLocker settings locked: Bug prevented changing BitLocker settings on unmanaged PCs using TPM module; affected all modern TPM-equipped systems |
| 2025-08-12 |
25H2 |
KB5063875 |
Bug |
— |
— |
— |
Reset and Recovery broken: KB5063875 (23H2) and KB5063709 (Windows 10) broke "Reset this PC" and Windows recovery features; affected systems could not perform factory resets |
| 2025-09-09 |
25H2 |
KB5063869 |
CVE |
CVE-2025-38044 |
8.8 |
Yes |
Windows LDAP Client RCE; zero-day; exploited remotely without authentication in some configs |
| 2025-10-14 |
25H2 |
KB5067144 |
CVE |
CVE-2025-53764 |
9.8 |
No |
Windows Remote Desktop Licensing Service RCE; Critical CVSS 9.8; unauthenticated; 172 total CVEs, 6 zero-days |
| 2025-10-14 |
25H2 |
KB5067144 |
CVE |
CVE-2025-53771 |
8.1 |
Yes |
Windows Kerberos Security Feature Bypass zero-day; exploited |
| 2025-10-14 |
25H2 |
KB5067144 |
CVE |
CVE-2025-53772 |
7.8 |
Yes |
Windows Task Scheduler EoP zero-day; exploited |
| 2025-10-14 |
25H2 |
KB5067144 |
Bug |
— |
— |
— |
Call of Duty / Xbox app crash: Black Ops 6 and other Xbox app titles failed to launch; app showed 17-second load then "game crashed" error after this update cycle |
| 2025-11-11 |
25H2 |
KB5069616 |
CVE |
CVE-2025-62215 |
8.8 |
Yes |
Windows Kernel EoP; actively exploited; SYSTEM-level privilege escalation; 63 total CVEs, 5 Critical |
| 2025-11-11 |
25H2 |
KB5069616 |
CVE |
CVE-2025-60724 |
9.8 |
No |
Windows GDI (Graphics Device Interface) RCE; Critical CVSS 9.8; unauthenticated |
| 2025-12-09 |
25H2 |
KB5071558 |
CVE |
CVE-2025-62221 |
7.8 |
Yes |
Windows Cloud Files Mini Filter Driver EoP zero-day; actively exploited; device hijacking possible |
| 2025-12-09 |
25H2 |
KB5071558 |
CVE |
CVE-2025-64671 |
8.8 |
No |
GitHub Copilot for JetBrains RCE; Critical |
| 2025-12-09 |
25H2 |
KB5071558 |
CVE |
CVE-2025-54100 |
8.4 |
No |
Windows PowerShell RCE; 57 total CVEs, 3 zero-days |
| 2026-01-13 |
25H2 |
KB5074109 |
CVE |
CVE-2026-20944 |
8.4 |
No |
Microsoft Office RCE; Critical; one of 6 RCE Critical CVEs; 112 total CVEs, 8 Critical |
| 2026-01-13 |
25H2 |
KB5074109 |
CVE |
CVE-2026-20854 |
8.4 |
No |
Microsoft Excel RCE; Critical |
| 2026-01-13 |
25H2 |
KB5074109 |
CVE |
CVE-2026-20957 |
8.1 |
No |
Windows LSASS (Local Security Authority Subsystem Service) RCE; Critical |
| 2026-01-13 |
25H2 |
KB5074109 |
Bug |
— |
— |
— |
UNMOUNTABLE_BOOT_VOLUME BSOD: KB5074109 caused boot-level BSODs on some commercial/enterprise PCs; systems unable to start; Microsoft issued out-of-band fix |
| 2026-02-10 |
26H1 |
KB5076843 |
CVE |
CVE-2026-21510 |
8.8 |
Yes |
Windows SmartScreen Security Feature Bypass zero-day; actively exploited |
| 2026-02-10 |
26H1 |
KB5076843 |
CVE |
CVE-2026-21513 |
7.5 |
Yes |
Windows MSHTML Framework Security Feature Bypass zero-day; exploited |
| 2026-02-10 |
26H1 |
KB5076843 |
CVE |
CVE-2026-21533 |
8.8 |
Yes |
Remote Desktop Services EoP zero-day; discovered by CrowdStrike; exploited; 6 actively exploited zero-days in this cycle |
| 2026-02-10 |
26H1 |
KB5076843 |
Bug |
— |
— |
— |
GPU BSOD (KERNEL_SECURITY_CHECK_FAILURE): dxgmms2.sys (DirectX graphics memory management) caused BSOD on specific GPU configurations after this update |
| 2026-02-10 |
26H1 |
KB5076843 |
Bug |
— |
— |
— |
WPA3 Wi-Fi broken: WPA3-Personal security protocol connections failed to establish after this update; affected modern Wi-Fi hardware |
| 2026-03-10 |
26H1 |
KB5079473 |
CVE |
CVE-2026-21262 |
8.8 |
No |
SQL Server RCE; publicly disclosed zero-day before patch; 79 total CVEs |
| 2026-03-10 |
26H1 |
KB5079473 |
CVE |
CVE-2026-26127 |
7.8 |
No |
.NET Framework EoP; publicly disclosed before patch |
| 2026-03-10 |
26H1 |
KB5079473 |
CVE |
CVE-2026-26803 |
9.8 |
No |
AI-discovered Windows Kernel RCE; CVSS 9.8; first CVE in this cycle found via automated AI vulnerability research |
| 2026-04-14 |
26H1 |
KB5083769 |
CVE |
CVE-2026-32201 |
7.5 |
Yes |
Microsoft SharePoint Server Spoofing zero-day; actively exploited in the wild; improper input validation leaks sensitive org data |
| 2026-04-14 |
26H1 |
KB5083769 |
CVE |
CVE-2026-33824 |
9.8 |
No |
Windows IKE (Internet Key Exchange) Service Extensions RCE; Critical CVSS 9.8; unauthenticated; 163–167 total CVEs, 11 Critical |
| 2026-04-14 |
26H1 |
KB5083769 |
CVE |
CVE-2026-33825 |
7.8 |
No |
Microsoft Defender for Endpoint EoP; Critical |
| 2026-04-14 |
26H1 |
KB5083769 |
CVE |
CVE-2026-BlueHammer |
— |
Yes |
Unpatched "BlueHammer" zero-day: Publicly disclosed kernel privilege escalation exploit; Microsoft acknowledged but did NOT release a patch in the April 2026 cycle; active exploitation ongoing |
