High
CVE-1999-1359
When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions…
Tag: Microsoft Windows
All CVEs associated with "Microsoft Windows". Page 121/121 • 14514 CVEs.
Subscribe CVEs: RSS for “Microsoft Windows” · RSS (High+Critical only)
About “Microsoft Windows”
A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14514 CVEs for this tag (all time). In the last 365 days, 1680 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').
In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
1999-12-31
Low
CVE-1999-1360
Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close…
Low
CVE-1999-1362
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
Low
CVE-1999-1363
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
Low
CVE-1999-1364
Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.
Low
CVE-1999-1452
GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.
High
CVE-1999-1455
RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized u…
Low
CVE-1999-1476
A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruct…
Critical
CVE-1999-1584
Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root pr…
1999-12-22
High
CVE-2000-0119
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers…
1999-12-16
Medium
CVE-1999-0994
Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.
High
CVE-1999-0995
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Id…
1999-12-10
Medium
CVE-1999-0975
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands…
1999-11-30
Medium
CVE-1999-0824
A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later us…
1999-11-29
High
CVE-1999-0387
A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.
High
CVE-1999-0839
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
1999-11-24
High
CVE-1999-1189
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument…
1999-11-18
Critical
CVE-1999-0987
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
1999-11-14
Medium
CVE-1999-1110
Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of fi…
1999-11-12
High
CVE-2000-0330
The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability.
1999-11-04
High
CVE-1999-0898
Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.
High
CVE-1999-0899
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.
High
CVE-1999-1065
Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in n…
1999-10-26
Medium
CVE-1999-1234
LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo.
1999-10-04
Medium
CVE-1999-1454
Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC…
1999-09-20
High
CVE-1999-0909
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.
1999-09-17
Critical
CVE-1999-0886
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
1999-09-02
Medium
CVE-1999-1356
Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT,…
1999-08-24
Medium
CVE-2000-0328
Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.
1999-08-16
Low
CVE-1999-0749
Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.
1999-08-09
Medium
CVE-1999-0680
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.
1999-07-23
Medium
CVE-1999-0224
Denial of service in Windows NT messenger service through a long username.
1999-07-20
High
CVE-1999-0721
Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.
1999-07-06
High
CVE-1999-0728
A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.
1999-07-03
High
CVE-1999-0918
Denial of service in various Windows systems via malformed, fragmented IGMP packets.
1999-06-30
High
CVE-1999-0726
An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.
1999-06-28
High
CVE-1999-1365
Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could a…
1999-06-23
High
CVE-1999-0723
The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.
1999-05-27
Medium
CVE-1999-0755
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
1999-05-17
Medium
CVE-1999-0716
Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.
1999-05-12
Medium
CVE-1999-0229
Denial of service in Windows NT IIS server using ..\..
1999-04-12
Medium
CVE-1999-0444
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
1999-03-12
High
CVE-1999-0382
The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.
1999-03-08
Medium
CVE-1999-1254
Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables.
1999-03-01
Medium
CVE-1999-0386
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.
1999-02-20
Medium
CVE-1999-0376
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.
1999-02-14
High
CVE-1999-0404
Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution.
1999-02-08
High
CVE-1999-0366
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
1999-02-06
Medium
CVE-1999-1201
Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain…
1999-01-25
Medium
CVE-1999-0357
Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets.
1999-01-19
Critical
CVE-1999-0119
Windows NT 4.0 beta allows users to read and delete shares.
1999-01-05
High
CVE-1999-0391
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
1999-01-01
Critical
CVE-1999-0200
Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password.
Critical
CVE-1999-0226
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
Critical
CVE-1999-0285
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
High
CVE-1999-0549
Windows NT automatically logs in an administrator upon rebooting.
Critical
CVE-1999-0560
A system-critical Windows NT file or directory has inappropriate permissions.
Critical
CVE-1999-0570
Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.
Critical
CVE-1999-0577
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
Medium
CVE-1999-0578
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
Critical
CVE-1999-0579
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
Critical
CVE-1999-0580
The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions.
Critical
CVE-1999-0581
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.
Critical
CVE-1999-0583
There is a one-way or two-way trust relationship between Windows NT domains.
Critical
CVE-1999-0584
A Windows NT file system is not NTFS.
Critical
CVE-1999-0589
A system-critical Windows NT registry key has inappropriate permissions.
Critical
CVE-1999-0591
An event log in Windows NT has inappropriate access permissions.
Critical
CVE-1999-0592
The Logon box of a Windows NT system displays the name of the last user who logged in.
Medium
CVE-1999-0593
The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.
Critical
CVE-1999-0594
A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive.
Critical
CVE-1999-0596
A Windows NT log file has an inappropriate maximum size or retention period.
Critical
CVE-1999-0597
A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire.
Critical
CVE-1999-0603
In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc.
Critical
CVE-1999-0611
A system-critical Windows NT registry key has an inappropriate value.
Critical
CVE-1999-0664
An application-critical Windows NT registry key has inappropriate permissions.
Critical
CVE-1999-0665
An application-critical Windows NT registry key has an inappropriate value.
1998-11-11
High
CVE-1999-1289
ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with pot…
1998-10-05
Medium
CVE-1999-1291
TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the t…
1998-10-01
High
CVE-1999-0505
A Windows NT domain user or administrator account has a guessable password.
High
CVE-1999-0506
A Windows NT domain user or administrator account has a default, null, blank, or missing password.
Medium
CVE-1999-0546
The Windows NT guest account is enabled.
1998-09-29
Medium
CVE-1999-0969
The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially set…
1998-08-31
Medium
CVE-1999-0158
Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known.
1998-08-01
Medium
CVE-1999-0288
The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonst…
1998-05-09
Medium
CVE-1999-1361
Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the serv…
1998-02-14
Medium
CVE-1999-0225
Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.
1998-02-06
High
CVE-1999-0012
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
1997-12-23
Medium
CVE-1999-1581
Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a larg…
1997-11-01
Critical
CVE-1999-0967
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.
1997-09-01
Medium
CVE-1999-1133
HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users.
1997-07-25
Medium
CVE-1999-1217
The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system program…
1997-07-10
Medium
CVE-1999-1463
Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which th…
1997-07-01
Medium
CVE-1999-0153
Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.
1997-06-10
Medium
CVE-1999-0275
Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.
1997-06-01
Medium
CVE-1999-0227
Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.
1997-05-04
Medium
CVE-1999-1380
Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malici…
1997-04-02
Medium
CVE-1999-1387
Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the…
1997-03-01
Medium
CVE-1999-1128
Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user.
1997-02-07
Medium
CVE-1999-0228
Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.
1997-01-01
Medium
CVE-1999-0179
Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share.
High
CVE-1999-0249
Windows NT RSHSVC program allows remote users to execute arbitrary commands.
Medium
CVE-1999-0274
Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.
Medium
CVE-1999-0345
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
High
CVE-1999-0496
A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.
High
CVE-1999-0503
A Windows NT local user or administrator account has a guessable password.
High
CVE-1999-0504
A Windows NT local user or administrator account has a default, null, blank, or missing password.
Medium
CVE-1999-0534
A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate…
Critical
CVE-1999-0535
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.
High
CVE-1999-0562
The registry in Windows NT can be accessed remotely by users who are not administrators.
Critical
CVE-1999-0572
.reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks.
High
CVE-1999-0575
A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Cha…
High
CVE-1999-0576
A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories.
Medium
CVE-1999-0582
A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.
1995-11-01
Critical
CVE-1999-0241
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.