Download
Beveilingsadvies; NCSC-2026-0119 [1.0.0]
- Beveiligingsadvies
- NCSC-2026-0119 [1.0.0]
- Publicatie
- 15-04-2026 10:53 (Europe/Amsterdam)
- Prioriteit
- Normaal
- Betreft
- Kwetsbaarheden verholpen in Microsoft Windows
Kenmerken
- Improper Input Validation
- Improper Link Resolution Before File Access ('Link Following')
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- Stack-based Buffer Overflow
- Heap-based Buffer Overflow
- Out-of-bounds Read
- Buffer Over-read
- Integer Overflow or Wraparound
- Integer Underflow (Wrap or Wraparound)
- Exposure of Sensitive Information to an Unauthorized Actor
- Improper Removal of Sensitive Information Before Storage or Transfer
- Improper Privilege Management
- Improper Handling of Insufficient Permissions or Privileges
- Improper Access Control
- Improper Authorization
- Improper Authentication
- Missing Authentication for Critical Function
- Missing Cryptographic Step
- Acceptance of Extraneous Untrusted Data With Trusted Data
- Insufficient UI Warning of Dangerous Operations
- Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- Time-of-check Time-of-use (TOCTOU) Race Condition
- Double Free
- Use After Free
- NULL Pointer Dereference
- Insertion of Sensitive Information into Log File
- Incorrect Conversion between Numeric Types
- Protection Mechanism Failure
- Reliance on Untrusted Inputs in a Security Decision
- Untrusted Pointer Dereference
- Access of Resource Using Incompatible Type ('Type Confusion')
- Use of Uninitialized Resource
- Insecure Storage of Sensitive Information
Omschrijving
Microsoft heeft kwetsbaarheden verholpen in Windows.
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Toegang tot gevoelige gegevens
- Uitvoeren van willekeurige code (gebruikersrechten)
- Verkrijgen van verhoogde rechten
- Omzeilen van een beveiligingsmaatregel
- Spoofing
Function Discovery Service (fdwsd.dll):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32087 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-32093 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-32086 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-32150 | 7,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Applocker Filter Driver (applockerfltr.sys):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-25184 | 7,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Kernel:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26179 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-26180 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32195 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-32215 | 5,50 | Toegang tot gevoelige gegevens |
| CVE-2026-32217 | 5,50 | Toegang tot gevoelige gegevens |
| CVE-2026-32218 | 5,50 | Toegang tot gevoelige gegevens |
| CVE-2026-26163 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Remote Procedure Call:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32085 | 5,50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows Common Log File System Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32070 | 7,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Microsoft Management Console:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27914 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Push Notification Core:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26167 | 8,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32158 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32159 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32160 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-26172 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Installer:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27910 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows File Explorer:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32081 | 5,50 | Toegang tot gevoelige gegevens |
| CVE-2026-32079 | 5,50 | Toegang tot gevoelige gegevens |
| CVE-2026-32084 | 5,50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows Boot Manager:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26175 | 4,60 | Omzeilen van beveiligingsmaatregel |
|----------------|------|-------------------------------------|
Windows Boot Loader:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-0390 | 6,70 | Omzeilen van beveiligingsmaatregel |
|----------------|------|-------------------------------------|
Windows User Interface Core:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32165 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-27911 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32163 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32164 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Microsoft Windows Speech:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32153 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows USB Print Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32223 | 6,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows COM:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-20806 | 5,50 | Toegang tot gevoelige gegevens |
| CVE-2026-32162 | 8,40 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Input-Output Memory Management Unit (IOMMU):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2023-20585 | 5,30 | <Vertaal: Tampering> |
|----------------|------|-------------------------------------|
Universal Plug and Play (upnp.dll):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32212 | 5,50 | Toegang tot gevoelige gegevens |
| CVE-2026-32214 | 5,50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows Redirected Drive Buffering:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32216 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Virtualization-Based Security (VBS) Enclave:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-23670 | 5,70 | Omzeilen van beveiligingsmaatregel |
| CVE-2026-32220 | 4,40 | Omzeilen van beveiligingsmaatregel |
|----------------|------|-------------------------------------|
Windows Active Directory:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-33826 | 8,00 | Uitvoeren van willekeurige code |
| CVE-2026-32072 | 6,20 | Voordoen als andere gebruiker |
|----------------|------|-------------------------------------|
Windows Shell:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26165 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-26166 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-27918 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32202 | 4,30 | Voordoen als andere gebruiker |
| CVE-2026-32151 | 6,50 | Toegang tot gevoelige gegevens |
| CVE-2026-32225 | 8,80 | Omzeilen van beveiligingsmaatregel |
|----------------|------|-------------------------------------|
Windows Server Update Service:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26154 | 7,50 | <Vertaal: Tampering> |
| CVE-2026-26174 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-32224 | 7,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows TCP/IP:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27921 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-33827 | 8,10 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Kernel Memory:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26169 | 6,10 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows BitLocker:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27913 | 7,70 | Omzeilen van beveiligingsmaatregel |
|----------------|------|-------------------------------------|
Windows GDI:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27931 | 5,50 | Toegang tot gevoelige gegevens |
| CVE-2026-27930 | 5,50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Windows Kerberos:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27912 | 8,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows RPC API:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26183 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Ancillary Function Driver for WinSock:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32073 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-26168 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-26173 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-26177 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-26182 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-27922 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-33099 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-33100 | 7,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Remote Desktop Licensing Service:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26160 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-26159 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Snipping Tool:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32183 | 7,80 | Uitvoeren van willekeurige code |
| CVE-2026-33829 | 4,30 | Voordoen als andere gebruiker |
|----------------|------|-------------------------------------|
Windows Local Security Authority Subsystem Service (LSASS):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26155 | 6,50 | Toegang tot gevoelige gegevens |
| CVE-2026-32071 | 7,50 | Denial-of-Service |
|----------------|------|-------------------------------------|
Windows Cryptographic Services:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26152 | 7,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27917 | 7,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Print Spooler Components:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-33101 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Projected File System:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27927 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-26184 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32069 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32074 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32078 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows LUAFV:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27929 | 7,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Universal Plug and Play (UPnP) Device Host:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27915 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-27919 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32075 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32156 | 8,40 | Uitvoeren van willekeurige code |
| CVE-2026-27916 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-27920 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-27925 | 7,50 | Toegang tot gevoelige gegevens |
| CVE-2026-32077 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Win32K - GRFX:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-33104 | 7,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Hello:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27906 | 4,40 | Omzeilen van beveiligingsmaatregel |
| CVE-2026-27928 | 7,70 | Omzeilen van beveiligingsmaatregel |
|----------------|------|-------------------------------------|
Windows Cloud Files Mini Filter Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27926 | 7,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Admin Center:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32196 | 6,10 | Voordoen als andere gebruiker |
|----------------|------|-------------------------------------|
Windows Win32K - ICOMP:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32222 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Remote Desktop Client:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32157 | 8,80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows WalletService:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32080 | 7,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Microsoft Windows Search Component:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27909 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Desktop Window Manager:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27924 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32152 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32154 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-27923 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32155 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows HTTP.sys:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-33096 | 7,50 | Denial-of-Service |
|----------------|------|-------------------------------------|
Windows Secure Boot:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-25250 | 6,00 | Omzeilen van beveiligingsmaatregel, |
|----------------|------|-------------------------------------|
Microsoft PowerShell:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26170 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Microsoft Windows:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32181 | 5,50 | Denial-of-Service |
|----------------|------|-------------------------------------|
Windows SSDP Service:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32082 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-32083 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-32068 | 7,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Client Side Caching driver (csc.sys):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26176 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Sensor Data Service:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26161 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Encrypting File System (EFS):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26153 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows TDI Translation Driver (tdx.sys):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27908 | 7,00 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Storage Spaces Controller:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-27907 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32076 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Microsoft Brokering File System:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26181 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32219 | 7,00 | Verkrijgen van verhoogde rechten |
| CVE-2026-32091 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows IKE Extension:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-33824 | 9,80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Biometric Service:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32088 | 6,10 | Omzeilen van beveiligingsmaatregel |
|----------------|------|-------------------------------------|
Windows Advanced Rasterization Platform:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26178 | 8,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows OLE:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26162 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Recovery Environment Agent:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-20928 | 4,60 | Omzeilen van beveiligingsmaatregel |
|----------------|------|-------------------------------------|
Windows Speech Brokered Api:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32089 | 7,80 | Verkrijgen van verhoogde rechten |
| CVE-2026-32090 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Container Isolation FS Filter Driver:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-33098 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Windows Management Services:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-20930 | 7,80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Role: Windows Hyper-V:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26156 | 7,80 | Uitvoeren van willekeurige code |
| CVE-2026-32149 | 7,30 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Remote Desktop:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-26151 | 7,10 | Voordoen als andere gebruiker |
|----------------|------|-------------------------------------|
Microsoft Graphics Component:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32221 | 8,40 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Oplossingen
Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
CVE's
- CVE-2026-32068 - CVSS (v3) 7.0
- CVE-2026-32069 - CVSS (v3) 7.8
- CVE-2026-32070 - CVSS (v3) 7.0
- CVE-2026-32071 - CVSS (v3) 7.5
- CVE-2026-32072 - CVSS (v3) 6.2
- CVE-2026-32073 - CVSS (v3) 7.0
- CVE-2026-32074 - CVSS (v3) 7.8
- CVE-2026-32075 - CVSS (v3) 7.0
- CVE-2026-32076 - CVSS (v3) 7.8
- CVE-2026-32077 - CVSS (v3) 7.8
- CVE-2026-32078 - CVSS (v3) 7.8
- CVE-2026-32079 - CVSS (v3) 5.5
- CVE-2026-32080 - CVSS (v3) 7.0
- CVE-2026-32081 - CVSS (v3) 5.5
- CVE-2026-32082 - CVSS (v3) 7.0
- CVE-2026-32083 - CVSS (v3) 7.0
- CVE-2026-32084 - CVSS (v3) 5.5
- CVE-2026-32085 - CVSS (v3) 5.5
- CVE-2026-32086 - CVSS (v3) 7.0
- CVE-2026-32087 - CVSS (v3) 7.0
- CVE-2026-32088 - CVSS (v3) 6.1
- CVE-2026-32089 - CVSS (v3) 7.8
- CVE-2026-32090 - CVSS (v3) 7.8
- CVE-2026-32091 - CVSS (v3) 8.4
- CVE-2026-32093 - CVSS (v3) 7.0
- CVE-2026-32149 - CVSS (v3) 7.3
- CVE-2026-32150 - CVSS (v3) 7.0
- CVE-2026-32151 - CVSS (v3) 6.5
- CVE-2026-32152 - CVSS (v3) 7.8
- CVE-2026-32153 - CVSS (v3) 7.8
- CVE-2026-32154 - CVSS (v3) 7.8
- CVE-2026-32155 - CVSS (v3) 7.8
- CVE-2026-32156 - CVSS (v3) 7.4
- CVE-2026-32157 - CVSS (v3) 8.8
- CVE-2026-32158 - CVSS (v3) 7.8
- CVE-2026-32159 - CVSS (v3) 7.8
- CVE-2026-32160 - CVSS (v3) 7.8
- CVE-2026-32162 - CVSS (v3) 8.4
- CVE-2026-32163 - CVSS (v3) 7.8
- CVE-2026-32164 - CVSS (v3) 7.8
- CVE-2026-32165 - CVSS (v3) 7.8
- CVE-2026-32181 - CVSS (v3) 5.5
- CVE-2026-32183 - CVSS (v3) 7.8
- CVE-2026-32195 - CVSS (v3) 7.0
- CVE-2026-32196 - CVSS (v3) 6.1
- CVE-2026-32202 - CVSS (v3) 4.3
- CVE-2026-32212 - CVSS (v3) 5.5
- CVE-2026-32214 - CVSS (v3) 5.5
- CVE-2026-32215 - CVSS (v3) 5.5
- CVE-2026-32216 - CVSS (v3) 5.5
- CVE-2026-32217 - CVSS (v3) 5.5
- CVE-2026-32218 - CVSS (v3) 5.5
- CVE-2026-32219 - CVSS (v3) 7.0
- CVE-2026-32220 - CVSS (v3) 4.4
- CVE-2026-32221 - CVSS (v3) 8.4
- CVE-2026-32222 - CVSS (v3) 7.8
- CVE-2026-32223 - CVSS (v3) 6.8
- CVE-2026-32224 - CVSS (v3) 7.0
- CVE-2026-32225 - CVSS (v3) 8.8
- CVE-2026-33096 - CVSS (v3) 7.5
- CVE-2026-33098 - CVSS (v3) 7.8
- CVE-2026-33099 - CVSS (v3) 7.0
- CVE-2026-33100 - CVSS (v3) 7.0
- CVE-2026-33101 - CVSS (v3) 7.8
- CVE-2026-33104 - CVSS (v3) 7.0
- CVE-2026-33824 - CVSS (v3) 9.8
- CVE-2026-33826 - CVSS (v3) 8.0
- CVE-2026-33827 - CVSS (v3) 8.1
- CVE-2026-33829 - CVSS (v3) 4.3
- CVE-2023-20585 - CVSS (v3) 5.3
- CVE-2026-0390 - CVSS (v3) 6.7
- CVE-2026-20806 - CVSS (v3) 5.5
- CVE-2026-20928 - CVSS (v3) 4.6
- CVE-2026-20930 - CVSS (v3) 7.8
- CVE-2026-23670 - CVSS (v3) 5.7
- CVE-2026-25184 - CVSS (v3) 7.0
- CVE-2026-25250 - CVSS (v3) 6.0
- CVE-2026-26151 - CVSS (v3) 7.1
- CVE-2026-26152 - CVSS (v3) 7.0
- CVE-2026-26153 - CVSS (v3) 7.8
- CVE-2026-26154 - CVSS (v3) 7.5
- CVE-2026-26155 - CVSS (v3) 6.5
- CVE-2026-26156 - CVSS (v3) 7.8
- CVE-2026-26159 - CVSS (v3) 7.8
- CVE-2026-26160 - CVSS (v3) 7.8
- CVE-2026-26161 - CVSS (v3) 7.8
- CVE-2026-26162 - CVSS (v3) 7.8
- CVE-2026-26163 - CVSS (v3) 7.8
- CVE-2026-26165 - CVSS (v3) 7.0
- CVE-2026-26166 - CVSS (v3) 7.0
- CVE-2026-26167 - CVSS (v3) 8.8
- CVE-2026-26168 - CVSS (v3) 7.8
- CVE-2026-26169 - CVSS (v3) 6.1
- CVE-2026-26170 - CVSS (v3) 7.8
- CVE-2026-26172 - CVSS (v3) 7.8
- CVE-2026-26173 - CVSS (v3) 7.0
- CVE-2026-26174 - CVSS (v3) 7.0
- CVE-2026-26175 - CVSS (v3) 4.6
- CVE-2026-26176 - CVSS (v3) 7.8
- CVE-2026-26177 - CVSS (v3) 7.0
- CVE-2026-26178 - CVSS (v3) 8.8
- CVE-2026-26179 - CVSS (v3) 7.8
- CVE-2026-26180 - CVSS (v3) 7.8
- CVE-2026-26181 - CVSS (v3) 7.8
- CVE-2026-26182 - CVSS (v3) 7.0
- CVE-2026-26183 - CVSS (v3) 7.8
- CVE-2026-26184 - CVSS (v3) 7.8
- CVE-2026-27906 - CVSS (v3) 4.4
- CVE-2026-27907 - CVSS (v3) 7.8
- CVE-2026-27908 - CVSS (v3) 7.0
- CVE-2026-27909 - CVSS (v3) 7.8
- CVE-2026-27910 - CVSS (v3) 7.8
- CVE-2026-27911 - CVSS (v3) 7.8
- CVE-2026-27912 - CVSS (v3) 8.0
- CVE-2026-27913 - CVSS (v3) 7.7
- CVE-2026-27914 - CVSS (v3) 7.8
- CVE-2026-27915 - CVSS (v3) 7.8
- CVE-2026-27916 - CVSS (v3) 7.8
- CVE-2026-27917 - CVSS (v3) 7.0
- CVE-2026-27918 - CVSS (v3) 7.8
- CVE-2026-27919 - CVSS (v3) 7.8
- CVE-2026-27920 - CVSS (v3) 7.8
- CVE-2026-27921 - CVSS (v3) 7.0
- CVE-2026-27922 - CVSS (v3) 7.0
- CVE-2026-27923 - CVSS (v3) 7.8
- CVE-2026-27924 - CVSS (v3) 7.8
- CVE-2026-27925 - CVSS (v3) 6.5
- CVE-2026-27926 - CVSS (v3) 7.0
- CVE-2026-27927 - CVSS (v3) 7.8
- CVE-2026-27928 - CVSS (v3) 8.7
- CVE-2026-27929 - CVSS (v3) 7.0
- CVE-2026-27930 - CVSS (v3) 5.5
- CVE-2026-27931 - CVSS (v3) 5.5
Producten
Microsoft
Microsoft Windows 11 Version 26H1
Microsoft Windows Admin Center
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2022
Microsoft Windows Server 2025
Remote Desktop client for Windows Desktop
Windows
Windows 10
Windows 10 1607
Windows 10 1809
Windows 10 21h2
Windows 10 22h2
Windows 10 Version 1607
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11
Windows 11 23H2
Windows 11 Version 23H2
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 24H2
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows 11 Version 25H2
Windows 11 Version 25H2 for ARM systems
Windows 11 Version 25H2 for x64-based Systems
Windows 11 Version 26H1 for ARM64-based Systems
Windows 11 version 22H3
Windows 11 version 26H1
Windows 11 version 26H1 for x64-based Systems
Windows Admin Center
Windows App Client for Windows Desktop
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022 Version 23H2
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2025
Windows Server 2025 (Server Core installation)
Windows_11_25H2
window_server
windows_10
windows_11
windows_server_2012
windows_server_2016
windows_server_2016_(server_core_installation)
windows_server_2019
windows_server_2019_(server_core_installation)
windows_server_2022
windows_server_2025
windows_service_2012_server_core_installation
Disclaimer
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.