The vulnerabilities are a denial of service (DoS) attack that could be used to exploit vulnerabilities in Windows 10, Microsoft said.
The flaws are a CVE-2017-1038 and CVE-2016-0227, which Microsoft has since patched.
Windows 10 is a free operating system released on February 13, 2020.
In a blog post, Microsoft described how the exploit could be deployed in a way that could compromise Windows machines.
“It’s possible that an attacker could use this attack to compromise Windows systems that have been upgraded to Windows 10,” the post read.
“An attacker could exploit this vulnerability to install an unpatched version of Windows or other operating system, and then execute arbitrary code in the process.
The attacker would not need to physically install or run the affected operating system.
An attacker could then compromise a Windows computer by visiting a website, downloading an app, or launching an unsigned application from the compromised computer.”
Microsoft has patched the vulnerabilities in its software, and the vulnerability can be prevented with Windows updates.