Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows Virtualization-Based Security (VBS) Enclave

CVE-2026-20935: Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#auth#Windows Virtualization-Based Security (VBS) Enclave#Security Vulnerability
CVE-2026-20876: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain Virtual Trust Level 2 (VTL2) privileges.

CVE-2026-20819: Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could view Virtual Trust Level 1 (VTL1) data from Virtual Trust 0 (VTL0) which is the least privileged level.

CVE-2025-53717: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

CVE-2025-27735: Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass the Virtualization-based Security feature.

CVE-2025-21370: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

**What privileges would an attacker gain by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could potentially leak data from the target enclave or execute code within the context of the target enclave.