January 2025 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2025-Jan 2025-Jan Final 1.0 467 2026-05-22T01:40:18 January 2025 Security Updates 2025-01-14T00:00:00 2026-05-22T01:40:18 <h2 id="this-release-consists-of-the-following-165-microsoft-cves">This release consists of the following 165 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>.NET</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21171">CVE-2025-21171</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21172">CVE-2025-21172</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21173">CVE-2025-21173</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET, .NET Framework, Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21176">CVE-2025-21176</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21178">CVE-2025-21178</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21185">CVE-2025-21185</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Access</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21186">CVE-2025-21186</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Power Automate</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21187">CVE-2025-21187</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MapUrlToZone</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21189">CVE-2025-21189</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Active Directory Federation Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21193">CVE-2025-21193</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Recovery Environment Agent</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21202">CVE-2025-21202</a></td> <td>6.1</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Connected Devices Platform Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21207">CVE-2025-21207</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Virtual Trusted Platform Module</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21210">CVE-2025-21210</a></td> <td>4.2</td> <td>CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Boot Loader</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21211">CVE-2025-21211</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21213">CVE-2025-21213</a></td> <td>4.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21214">CVE-2025-21214</a></td> <td>4.2</td> <td>CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Boot Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21215">CVE-2025-21215</a></td> <td>4.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTLM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21217">CVE-2025-21217</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kerberos</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21218">CVE-2025-21218</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MapUrlToZone</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21219">CVE-2025-21219</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21220">CVE-2025-21220</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21223">CVE-2025-21223</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Line Printer Daemon Service (LPD)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21224">CVE-2025-21224</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Remote Desktop Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21225">CVE-2025-21225</a></td> <td>5.9</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21226">CVE-2025-21226</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21227">CVE-2025-21227</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21228">CVE-2025-21228</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21229">CVE-2025-21229</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21230">CVE-2025-21230</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>IP Helper</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21231">CVE-2025-21231</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21232">CVE-2025-21232</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21233">CVE-2025-21233</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PrintWorkflowUserSvc</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21234">CVE-2025-21234</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PrintWorkflowUserSvc</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21235">CVE-2025-21235</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21236">CVE-2025-21236</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21237">CVE-2025-21237</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21238">CVE-2025-21238</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21239">CVE-2025-21239</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21240">CVE-2025-21240</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21241">CVE-2025-21241</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kerberos</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21242">CVE-2025-21242</a></td> <td>5.9</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21243">CVE-2025-21243</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21244">CVE-2025-21244</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21245">CVE-2025-21245</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21246">CVE-2025-21246</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21248">CVE-2025-21248</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21249">CVE-2025-21249</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21250">CVE-2025-21250</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21251">CVE-2025-21251</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21252">CVE-2025-21252</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21255">CVE-2025-21255</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21256">CVE-2025-21256</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows WLAN Auto Config Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21257">CVE-2025-21257</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21258">CVE-2025-21258</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21260">CVE-2025-21260</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21261">CVE-2025-21261</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21262">CVE-2025-21262</a></td> <td>5.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21263">CVE-2025-21263</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21265">CVE-2025-21265</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21266">CVE-2025-21266</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MapUrlToZone</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21268">CVE-2025-21268</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MapUrlToZone</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21269">CVE-2025-21269</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21270">CVE-2025-21270</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21271">CVE-2025-21271</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows COM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21272">CVE-2025-21272</a></td> <td>6.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21273">CVE-2025-21273</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Event Tracing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21274">CVE-2025-21274</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Installer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21275">CVE-2025-21275</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MapUrlToZone</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21276">CVE-2025-21276</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21277">CVE-2025-21277</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21278">CVE-2025-21278</a></td> <td>6.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Virtual Trusted Platform Module</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21280">CVE-2025-21280</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows COM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21281">CVE-2025-21281</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21282">CVE-2025-21282</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Virtual Trusted Platform Module</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21284">CVE-2025-21284</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21285">CVE-2025-21285</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21286">CVE-2025-21286</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Installer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21287">CVE-2025-21287</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows COM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21288">CVE-2025-21288</a></td> <td>6.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21289">CVE-2025-21289</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21290">CVE-2025-21290</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Direct Show</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21291">CVE-2025-21291</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Search Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21292">CVE-2025-21292</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Active Directory Domain Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21293">CVE-2025-21293</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Digest Authentication</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21294">CVE-2025-21294</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SPNEGO Extended Negotiation</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21295">CVE-2025-21295</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>BranchCache</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21296">CVE-2025-21296</a></td> <td>7.5</td> <td>CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21297">CVE-2025-21297</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows OLE</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21298">CVE-2025-21298</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td><strong>Yes</strong></td> <td>No</td> </tr> <tr> <td>Windows Kerberos</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21299">CVE-2025-21299</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows UPnP Device Host</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21300">CVE-2025-21300</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Geolocation Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21301">CVE-2025-21301</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21302">CVE-2025-21302</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21303">CVE-2025-21303</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21304">CVE-2025-21304</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21305">CVE-2025-21305</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21306">CVE-2025-21306</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Reliable Multicast Transport Driver (RMCAST)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21307">CVE-2025-21307</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Themes</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21308">CVE-2025-21308</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Remote Desktop Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21309">CVE-2025-21309</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21310">CVE-2025-21310</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTLM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21311">CVE-2025-21311</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Smart Card</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21312">CVE-2025-21312</a></td> <td>2.4</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Security Account Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21313">CVE-2025-21313</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SmartScreen</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21314">CVE-2025-21314</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Brokering File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21315">CVE-2025-21315</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel Memory</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21316">CVE-2025-21316</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel Memory</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21317">CVE-2025-21317</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel Memory</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21318">CVE-2025-21318</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel Memory</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21319">CVE-2025-21319</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel Memory</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21320">CVE-2025-21320</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel Memory</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21321">CVE-2025-21321</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel Memory</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21323">CVE-2025-21323</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21324">CVE-2025-21324</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Kernel Mode</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21325">CVE-2025-21325</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Internet Explorer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21326">CVE-2025-21326</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21327">CVE-2025-21327</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MapUrlToZone</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21328">CVE-2025-21328</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MapUrlToZone</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21329">CVE-2025-21329</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21330">CVE-2025-21330</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Installer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21331">CVE-2025-21331</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MapUrlToZone</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21332">CVE-2025-21332</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V NT Kernel Integration VSP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21333">CVE-2025-21333</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V NT Kernel Integration VSP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21334">CVE-2025-21334</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V NT Kernel Integration VSP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21335">CVE-2025-21335</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cryptographic Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21336">CVE-2025-21336</a></td> <td>5.6</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21338">CVE-2025-21338</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21339">CVE-2025-21339</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hello</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21340">CVE-2025-21340</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21341">CVE-2025-21341</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Web Threat Defense User Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21343">CVE-2025-21343</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21344">CVE-2025-21344</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Visio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21345">CVE-2025-21345</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21346">CVE-2025-21346</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21348">CVE-2025-21348</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21354">CVE-2025-21354</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Visio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21356">CVE-2025-21356</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21357">CVE-2025-21357</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft AutoUpdate (MAU)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21360">CVE-2025-21360</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook for Mac</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21361">CVE-2025-21361</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21362">CVE-2025-21362</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21363">CVE-2025-21363</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21364">CVE-2025-21364</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21365">CVE-2025-21365</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Access</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21366">CVE-2025-21366</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Virtualization-Based Security (VBS) Enclave</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21370">CVE-2025-21370</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Brokering File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21372">CVE-2025-21372</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Client-Side Caching (CSC) Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21374">CVE-2025-21374</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Client-Side Caching (CSC) Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21378">CVE-2025-21378</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Marketplace SaaS Resources</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21380">CVE-2025-21380</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21382">CVE-2025-21382</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Purview</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21385">CVE-2025-21385</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows UPnP Device Host</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21389">CVE-2025-21389</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21393">CVE-2025-21393</a></td> <td>6.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Access</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21395">CVE-2025-21395</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Account</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21396">CVE-2025-21396</a></td> <td></td> <td></td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21399">CVE-2025-21399</a></td> <td>7.4</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office OneNote</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21402">CVE-2025-21402</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Azure Gateway Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21403">CVE-2025-21403</a></td> <td>6.4</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21405">CVE-2025-21405</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21409">CVE-2025-21409</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21411">CVE-2025-21411</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21413">CVE-2025-21413</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure AI Face Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21415">CVE-2025-21415</a></td> <td>9.9</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21417">CVE-2025-21417</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-18-non-microsoft-cves">We are republishing 18 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>GitHub</td> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-50338">CVE-2024-50338</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>CERT CC</td> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7344">CVE-2024-7344</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0291">CVE-2025-0291</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0434">CVE-2025-0434</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0435">CVE-2025-0435</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0436">CVE-2025-0436</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0437">CVE-2025-0437</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0438">CVE-2025-0438</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0439">CVE-2025-0439</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0440">CVE-2025-0440</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0441">CVE-2025-0441</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0442">CVE-2025-0442</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0443">CVE-2025-0443</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0446">CVE-2025-0446</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0447">CVE-2025-0447</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0448">CVE-2025-0448</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0611">CVE-2025-0611</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0612">CVE-2025-0612</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>November 12, 2024</td> <td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td> </tr> <tr> <td>June 27, 2024</td> <td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td> </tr> <tr> <td>April 9, 2024</td> <td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td> </tr> <tr> <td>January 6, 2023</td> <td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5049981">5049981</a></td> <td>Windows 10, version 21H2, Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5049983">5049983</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5049984">5049984</a></td> <td>Windows Server 2022, 23H2 Edition (Server Core installation)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5050008">5050008</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5050009">5050009</a></td> <td>Windows 11, version 24H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5050021">5050021</a></td> <td>Windows 11, version 22H2, Windows 11, version 23H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5050061">5050061</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5050063">5050063</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2022 version 17.6 Microsoft Visual Studio 2022 version 17.8 Microsoft Visual Studio 2022 version 17.10 Microsoft Visual Studio 2022 version 17.12 PowerShell 7.5 installed on Windows PowerShell 7.5 installed on Linux PowerShell 7.5 installed on MacOS .NET 9.0 installed on Linux .NET 9.0 installed on Mac OS .NET 9.0 installed on Windows Microsoft Visual Studio 2015 Update 3 .NET 8.0 installed on Windows .NET 8.0 installed on Linux .NET 8.0 installed on Mac OS Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for x64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows Server 2025 (Server Core installation) Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2025 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Office Online Server Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC for Mac 2024 Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Access 2016 (32-bit edition) Microsoft Access 2016 (64-bit edition) Microsoft Office for Mac Microsoft Office for iOS Microsoft Office for Android Microsoft Office for Universal Microsoft AutoUpdate for Mac Microsoft Outlook for Mac Microsoft OneNote for Mac Microsoft Purview On-Premises Data Gateway Microsoft Account Azure AI Face Service Marketplace SaaS Microsoft Edge (Chromium-based) Microsoft Edge Update Setup Power Automate for Desktop cbl2 packer 1.9.5-5 on CBL Mariner 2.0 cbl2 rsync 3.2.5-1 on CBL Mariner 2.0 azl3 rsync 3.2.7-1 on Azure Linux 3.0 cbl2 redis 6.2.16-1 on CBL Mariner 2.0 cbl2 libxml2 2.10.4-6 on CBL Mariner 2.0 azl3 git-lfs 3.4.1-1 on Azure Linux 3.0 cbl2 git-lfs 3.5.1-5 on CBL Mariner 2.0 cbl2 packer 1.9.5-7 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-12 on CBL Mariner 2.0 azl3 packer 1.9.5-5 on Azure Linux 3.0 azl3 packer 1.9.5-6 on Azure Linux 3.0 cbl2 rsync 3.4.1-1 on CBL Mariner 2.0 azl3 rsync 3.4.1-1 on Azure Linux 3.0 cbl2 redis 6.2.17-1 on CBL Mariner 2.0 azl3 valkey 8.0.2-1 on Azure Linux 3.0 azl3 valkey 8.0.1-1 on Azure Linux 3.0 cbl2 libxml2 2.10.4-5 on CBL Mariner 2.0 cbl2 git-lfs 3.5.1-4 on CBL Mariner 2.0 azl3 git-lfs 3.6.1-1 on Azure Linux 3.0 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Visual Studio 2015 Update 3 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Access 2016 (32-bit edition) Microsoft Access 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Windows Server 2016 Office Online Server Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft AutoUpdate for Mac Microsoft SharePoint Enterprise Server 2016 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Server 2019 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft Edge (Chromium-based) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based Systems Microsoft Office for Android Microsoft Office for Universal Microsoft Office for iOS Microsoft Visual Studio 2022 version 17.6 Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft Visual Studio 2022 version 17.8 Microsoft Visual Studio 2022 version 17.10 Microsoft Purview Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Power Automate for Desktop .NET 8.0 installed on Windows .NET 8.0 installed on Linux .NET 8.0 installed on Mac OS Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions .NET 9.0 installed on Linux .NET 9.0 installed on Mac OS .NET 9.0 installed on Windows Windows Server 2025 Windows Server 2025 (Server Core installation) Microsoft Office LTSC for Mac 2024 Microsoft Visual Studio 2022 version 17.12 On-Premises Data Gateway Marketplace SaaS Microsoft Outlook for Mac Microsoft OneNote for Mac Microsoft Office for Mac Microsoft Edge Update Setup Microsoft Account Azure AI Face Service PowerShell 7.5 installed on Windows PowerShell 7.5 installed on Linux PowerShell 7.5 installed on MacOS azl3 git 2.45.2-1 on Azure Linux 3.0 azl3 shim-unsigned-x64 15.8-5 on Azure Linux 3.0 azl3 shim-unsigned-aarch64 15.8-5 on Azure Linux 3.0 cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.57.1-7 on Azure Linux 3.0 cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.176.3-3 on CBL Mariner 2.0 cbl2 kernel 5.15.176.3-3 on CBL Mariner 2.0 cbl2 kernel 5.15.179.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.176.3-1 on CBL Mariner 2.0 cbl2 vitess 17.0.7-4 on CBL Mariner 2.0 cbl2 sriov-network-device-plugin 3.6.2-8 on CBL Mariner 2.0 cbl2 msft-golang 1.23.3-2 on CBL Mariner 2.0 cbl2 golang 1.18.8-5 on CBL Mariner 2.0 cbl2 golang 1.22.7-2 on CBL Mariner 2.0 cbl2 rsync 3.4.1-1 on CBL Mariner 2.0 cbl2 git 2.40.4-1 on CBL Mariner 2.0 cbl2 git-lfs 3.5.1-4 on CBL Mariner 2.0 cbl2 kernel 5.15.173.1-1 on CBL Mariner 2.0 cbl2 redis 6.2.17-1 on CBL Mariner 2.0 cbl2 mysql 8.0.41-1 on CBL Mariner 2.0 cbl2 application-gateway-kubernetes-ingress 1.4.0-25 on CBL Mariner 2.0 cbl2 redis 6.2.16-1 on CBL Mariner 2.0 cbl2 mariadb 10.6.20-1 on CBL Mariner 2.0 cbl2 nodejs18 18.20.3-3 on CBL Mariner 2.0 cbl2 git 2.39.4-1 on CBL Mariner 2.0 cbl2 glibc 2.35-7 on CBL Mariner 2.0 azl3 qemu 8.2.0-16 on Azure Linux 3.0 azl3 kernel 6.6.78.1-3 on Azure Linux 3.0 azl3 kernel 6.6.76.1-1 on Azure Linux 3.0 azl3 openssl 3.3.3-1 on Azure Linux 3.0 azl3 bind 9.20.5-1 on Azure Linux 3.0 azl3 sriov-network-device-plugin 3.7.0-3 on Azure Linux 3.0 azl3 vitess 19.0.4-4 on Azure Linux 3.0 azl3 golang 1.23.7-1 on Azure Linux 3.0 azl3 docker-compose 2.27.0-4 on Azure Linux 3.0 azl3 edk2 20240524git3e722403cd16-6 on Azure Linux 3.0 azl3 kernel 6.6.64.2-1 on Azure Linux 3.0 azl3 rsync 3.4.1-1 on Azure Linux 3.0 azl3 git 2.45.3-1 on Azure Linux 3.0 azl3 git-lfs 3.6.1-1 on Azure Linux 3.0 azl3 valkey 8.0.2-1 on Azure Linux 3.0 azl3 kernel 6.6.57.1-5 on Azure Linux 3.0 azl3 kernel 6.6.64.2-9 on Azure Linux 3.0 azl3 mysql 8.0.41-1 on Azure Linux 3.0 azl3 python3 3.12.3-5 on Azure Linux 3.0 azl3 vitess 19.0.4-7 on Azure Linux 3.0 azl3 jx 3.10.182-1 on Azure Linux 3.0 azl3 prometheus 2.45.4-12 on Azure Linux 3.0 azl3 valkey 8.0.1-1 on Azure Linux 3.0 azl3 python3 3.12.9-1 on Azure Linux 3.0 azl3 mariadb 10.11.10-1 on Azure Linux 3.0 azl3 edk2 20240524git3e722403cd16-8 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 bind 9.20.0-1 on Azure Linux 3.0 azl3 nodejs 20.14.0-5 on Azure Linux 3.0 azl3 packer 1.9.5-6 on Azure Linux 3.0 azl3 libcontainers-common 20240213-3 on Azure Linux 3.0 cbl2 cri-o 1.22.3-12 on CBL Mariner 2.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 golang 1.22.7-3 on CBL Mariner 2.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 cbl2 fcgi 2.4.0-7 on CBL Mariner 2.0 azl3 fcgi 2.4.0-7 on Azure Linux 3.0 cbl2 binutils 2.37-11 on CBL Mariner 2.0 azl3 binutils 2.41-4 on Azure Linux 3.0 cbl2 python3 3.9.19-10 on CBL Mariner 2.0 azl3 vim 9.1.0791-4 on Azure Linux 3.0 azl3 keras 3.3.3-2 on Azure Linux 3.0 azl3 binutils 2.41-5 on Azure Linux 3.0 cbl2 mariadb 10.6.21-1 on CBL Mariner 2.0 azl3 mariadb 10.11.11-1 on Azure Linux 3.0 cbl2 packer 1.9.5-7 on CBL Mariner 2.0 azl3 packer 1.9.5-5 on Azure Linux 3.0 cbl2 cri-o 1.22.3-13 on CBL Mariner 2.0 cbl2 vim 9.1.0791-2 on CBL Mariner 2.0 azl3 vim 9.1.0791-2 on Azure Linux 3.0 azl3 docker-compose 2.27.0-5 on Azure Linux 3.0 azl3 sriov-network-device-plugin 3.7.0-4 on Azure Linux 3.0 cbl2 fcgi 2.4.5-1 on CBL Mariner 2.0 azl3 fcgi 2.4.5-1 on Azure Linux 3.0 azl3 nodejs 20.14.0-4 on Azure Linux 3.0 cbl2 vim 9.1.0791-3 on CBL Mariner 2.0 azl3 vim 9.1.0791-3 on Azure Linux 3.0 cbl2 libxml2 2.10.4-5 on CBL Mariner 2.0 azl3 kernel 6.6.92.2-1 on Azure Linux 3.0 cm2 frr 8.5.5-3 on CBL Mariner 2.0 azl3 frr 9.1.1-3 on Azure Linux 3.0 azl3 glibc 2.38-11 on Azure Linux 3.0 azl3 nodejs 20.14.0-8 on Azure Linux 3.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 cbl2 kernel 5.15.173.1-2 on CBL Mariner 2.0 azl3 golang 1.23.9-1 on Azure Linux 3.0 cbl2 sriov-network-device-plugin 3.6.2-9 on CBL Mariner 2.0 cbl2 python3 3.9.19-13 on CBL Mariner 2.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 cbl2 jx 3.2.236-21 on CBL Mariner 2.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 cbl2 vitess 17.0.7-8 on CBL Mariner 2.0 cbl2 kernel 5.15.176.3-3 on CBL Mariner 2.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 cbl2 application-gateway-kubernetes-ingress 1.4.0-25 on CBL Mariner 2.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 cbl2 prometheus 2.37.9-4 on CBL Mariner 2.0 cbl2 glog 0.3.5-16 on CBL Mariner 2.0 azl3 kernel 6.6.85.1-4 on Azure Linux 3.0 cbl2 bind 9.16.50-1 on CBL Mariner 2.0 cbl2 vim 9.1.0791-4 on CBL Mariner 2.0 cbl2 golang 1.22.7-3 on CBL Mariner 2.0 cbl2 dhcp 4.4.3.P1-2 on CBL Mariner 2.0 cbl2 golang 1.18.8-8 on CBL Mariner 2.0 cbl2 binutils 2.37-14 on CBL Mariner 2.0 cbl2 redis 6.2.16-1 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-14 on CBL Mariner 2.0 cbl2 golang 1.18.8-7 on CBL Mariner 2.0 cbl2 libcontainers-common 20210626-7 on CBL Mariner 2.0 cbl2 shim-unsigned-aarch64 15-5 on CBL Mariner 2.0 cbl2 cloud-hypervisor-cvm 38.0.72.2-5 on CBL Mariner 2.0 cbl2 openssl 1.1.1k-36 on CBL Mariner 2.0 cbl2 shim-unsigned-x64 15.8-1 on CBL Mariner 2.0 azl3 cloud-hypervisor-cvm 41.0.79-1 on Azure Linux 3.0 azl3 openssl 3.3.2-2 on Azure Linux 3.0 cbl2 mysql 8.0.40-4 on CBL Mariner 2.0 cbl2 packer 1.9.5-5 on CBL Mariner 2.0 cbl2 nodejs18 18.20.3-6 on CBL Mariner 2.0 cbl2 glibc 2.35-7 on CBL Mariner 2.0 azl3 kernel 6.6.92.2-2 on Azure Linux 3.0 cbl2 frr 8.5.5-3 on CBL Mariner 2.0 cbl2 git 2.39.4-1 on CBL Mariner 2.0 cbl2 git-lfs 3.5.1-5 on CBL Mariner 2.0 azl3 git-lfs 3.4.1-1 on Azure Linux 3.0 cbl2 rsync 3.2.5-1 on CBL Mariner 2.0 azl3 rsync 3.2.7-1 on Azure Linux 3.0 azl3 git 2.45.4-3 on Azure Linux 3.0 cbl2 git 2.40.4-2 on CBL Mariner 2.0 cbl2 libxml2 2.10.4-6 on CBL Mariner 2.0 cbl2 msft-golang 1.24.1-3 on CBL Mariner 2.0 cbl2 mariadb 10.6.20-1 on CBL Mariner 2.0 cbl2 fcgi 2.4.0-7 on CBL Mariner 2.0 cbl2 golang 1.18.8-9 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-15 on CBL Mariner 2.0 cbl2 msft-golang 1.24.5-1 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-2 on Azure Linux 3.0 azl3 keras 3.3.3-3 on Azure Linux 3.0 azl3 cloud-hypervisor 41.0.139-1 on Azure Linux 3.0 cbl2 golang 1.18.8-10 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-16 on CBL Mariner 2.0 cbl2 msft-golang 1.24.8-1 on CBL Mariner 2.0 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 azl3 keras 3.3.3-4 on Azure Linux 3.0 cbl2 msft-golang 1.24.9-1 on CBL Mariner 2.0 azl3 kernel 6.6.112.1-2 on Azure Linux 3.0 azl3 keras 3.3.3-5 on Azure Linux 3.0 cbl2 msft-golang 1.24.11-1 on CBL Mariner 2.0 azl3 kernel 6.6.117.1-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-3 on Azure Linux 3.0 azl3 keras 3.3.3-6 on Azure Linux 3.0 azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 cbl2 msft-golang 1.24.12-1 on CBL Mariner 2.0 cbl2 glibc 2.35-9 on CBL Mariner 2.0 cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0 cbl2 msft-golang 1.24.13-1 on CBL Mariner 2.0 azl3 kernel 6.6.126.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.130.1-3 on Azure Linux 3.0 azl3 kernel 6.6.134.1-2 on Azure Linux 3.0 azl3 keras 3.3.3-7 on Azure Linux 3.0 azl3 kernel 6.6.137.1-2 on Azure Linux 3.0 azl3 kernel 6.6.138.1-1 on Azure Linux 3.0 azl3 kernel 6.6.139.1-1 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Bluetooth: btusb: mediatek: add intf release flow when usb disconnect <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56757 17123-16823 17495-17084 19529-17084 19682-17086 18490-17086 17123-16823 17495-17084 19529-17084 19682-17086 18490-17086 Moderate 17123-16823 Moderate 17495-17084 19529-17084 19682-17086 18490-17086 CBL-Mariner Releases 17123-16823 No Security Update 5.15.173.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17123-16823 CBL-Mariner Releases CBL-Mariner Releases 17495-17084 No Security Update 6.6.57.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17495-17084 CBL-Mariner Releases 2.0 2026-02-18T01:17:59 <p>Information published.</p> 1.0 2025-09-03T20:07:07 <p>Information published.</p> GNU Binutils objdump.c disassemble_bytes stack-based overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-0840 Stack-based Buffer Overflow 19760-17086 19258-16823 19259-17084 19280-17084 19760-17086 19258-16823 19259-17084 19280-17084 Moderate 19760-17086 Moderate 19258-16823 Moderate 19259-17084 Moderate 19280-17084 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 19760-17086 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 19258-16823 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 19259-17084 5.0 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 19280-17084 CBL-Mariner Releases 19760-17086 19258-16823 No Security Update 2.37-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19760-17086 19258-16823 CBL-Mariner Releases CBL-Mariner Releases 19259-17084 19280-17084 No Security Update 2.41-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19259-17084 19280-17084 CBL-Mariner Releases 3.1 2026-02-18T02:50:51 <p>Information published.</p> 1.0 2025-02-16T00:00:00 <p>Information published.</p> 2.0 2025-03-05T00:00:00 <p>Information published.</p> 3.0 2025-03-13T00:00:00 <p>Information published.</p> go-git has an Argument Injection via the URL field <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-21613 Improper Neutralization of Argument Delimiters in a Command (&#39;Argument Injection&#39;) 19843-17086 19285-16823 18129-16823 19286-17084 17759-17084 19843-17086 19285-16823 18129-16823 19286-17084 17759-17084 Important 19843-17086 Important 19285-16823 Important 18129-16823 Important 19286-17084 Important 17759-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19843-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19285-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18129-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19286-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17759-17084 CBL-Mariner Releases 19843-17086 19285-16823 No Security Update 1.9.5-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19843-17086 19285-16823 CBL-Mariner Releases CBL-Mariner Releases 18129-16823 No Security Update 1.22.3-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18129-16823 CBL-Mariner Releases CBL-Mariner Releases 19286-17084 17759-17084 No Security Update 1.9.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19286-17084 17759-17084 CBL-Mariner Releases 2.0 2025-01-17T00:00:00 <p>Information published.</p> 1.0 2025-01-16T00:00:00 <p>Information published.</p> 2.1 2026-02-18T01:23:56 <p>Information published.</p> go-git clients vulnerable to DoS via maliciously crafted Git server replies <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-21614 Uncontrolled Resource Consumption 17759-17084 19843-17086 19777-17086 19287-16823 19285-16823 19286-17084 17759-17084 19843-17086 19777-17086 19287-16823 19285-16823 19286-17084 Important 17759-17084 Important 19843-17086 Important 19777-17086 Important 19287-16823 Important 19285-16823 Important 19286-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17759-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19843-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19777-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19287-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19285-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19286-17084 CBL-Mariner Releases 17759-17084 19286-17084 No Security Update 1.9.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17759-17084 19286-17084 CBL-Mariner Releases CBL-Mariner Releases 19843-17086 19285-16823 No Security Update 1.9.5-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19843-17086 19285-16823 CBL-Mariner Releases CBL-Mariner Releases 19777-17086 19287-16823 No Security Update 1.22.3-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19777-17086 19287-16823 CBL-Mariner Releases 1.0 2025-01-16T00:00:00 <p>Information published.</p> 2.0 2025-01-17T00:00:00 <p>Information published.</p> 8.0 2025-04-14T00:00:00 <p>Information published.</p> 9.0 2025-04-15T00:00:00 <p>Information published.</p> 1.0 2025-04-16T00:00:00 <p>Information published.</p> 1.1 2025-04-17T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 1.2 2025-04-18T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 1.5 2025-04-21T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 1.9 2025-04-25T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 2.2 2025-04-29T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 2.3 2025-04-30T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 2.4 2025-05-01T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 2.6 2025-05-03T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 2.9 2025-05-06T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 3.0 2025-05-07T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 3.1 2025-05-08T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 3.4 2025-05-11T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 3.8 2025-05-15T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 4.3 2025-05-20T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 4.4 2025-05-21T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 4.5 2025-05-22T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 4.7 2025-05-24T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 4.9 2025-05-26T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 5.0 2025-05-27T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 3.0 2025-04-09T00:00:00 <p>Information published.</p> 4.0 2025-04-10T00:00:00 <p>Information published.</p> 5.0 2025-04-11T00:00:00 <p>Information published.</p> 6.0 2025-04-12T00:00:00 <p>Information published.</p> 7.0 2025-04-13T00:00:00 <p>Information published.</p> 1.3 2025-04-19T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 1.4 2025-04-20T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 1.6 2025-04-22T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 1.7 2025-04-23T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 1.8 2025-04-24T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 2.0 2025-04-26T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 2.1 2025-04-28T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 2.5 2025-05-02T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 2.7 2025-05-04T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 2.8 2025-05-05T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 3.2 2025-05-09T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 3.3 2025-05-10T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 3.5 2025-05-12T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 3.6 2025-05-13T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 3.7 2025-05-14T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 3.9 2025-05-16T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 4.0 2025-05-17T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 4.1 2025-05-18T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 4.2 2025-05-19T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 4.6 2025-05-23T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 4.8 2025-05-25T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added packer to Azure Linux 3.0</p> 9.1 2026-02-18T01:25:17 <p>Information published.</p> sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21636 19705-17086 17095-16823 17471-17084 17501-17084 17099-17086 19705-17086 17095-16823 17471-17084 17501-17084 17099-17086 19705-17086 Moderate 17095-16823 Moderate 17471-17084 Moderate 17501-17084 Moderate 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17471-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 19705-17086 17095-16823 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17095-16823 17099-17086 CBL-Mariner Releases CBL-Mariner Releases 17471-17084 17501-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17471-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2026-02-21T03:19:38 <p>Information published.</p> sctp: sysctl: udp_port: avoid using current->nsproxy <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21637 NULL Pointer Dereference 19705-17086 17095-16823 17471-17084 17501-17084 17099-17086 19705-17086 17095-16823 17471-17084 17501-17084 17099-17086 19705-17086 Moderate 17095-16823 Moderate 17471-17084 Moderate 17501-17084 Moderate 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17471-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 19705-17086 17095-16823 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17095-16823 17099-17086 CBL-Mariner Releases CBL-Mariner Releases 17471-17084 17501-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17471-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2026-02-21T03:29:34 <p>Information published.</p> sctp: sysctl: auth_enable: avoid using current->nsproxy <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21638 NULL Pointer Dereference 17095-16823 17471-17084 19705-17086 17501-17084 17099-17086 17095-16823 17471-17084 19705-17086 17501-17084 17099-17086 Moderate 17095-16823 Moderate 17471-17084 19705-17086 Moderate 17501-17084 Moderate 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17471-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 17095-16823 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 19705-17086 17099-17086 CBL-Mariner Releases CBL-Mariner Releases 17471-17084 17501-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17471-17084 17501-17084 CBL-Mariner Releases 2.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2026-02-21T03:23:14 <p>Information published.</p> 1.0 2025-03-14T00:00:00 <p>Information published.</p> sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21640 19682-17086 17501-17084 17103-16823 17471-17084 18490-17086 19682-17086 17501-17084 17103-16823 17471-17084 18490-17086 19682-17086 Moderate 17501-17084 Moderate 17103-16823 Moderate 17471-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases CBL-Mariner Releases 17501-17084 17471-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 17471-17084 CBL-Mariner Releases CBL-Mariner Releases 17103-16823 No Security Update 5.15.179.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17103-16823 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> 2.0 2026-02-21T03:24:41 <p>Information published.</p> mptcp: sysctl: sched: avoid using current->nsproxy <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21642 17471-17084 17501-17084 17471-17084 17501-17084 Moderate 17471-17084 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17471-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17471-17084 17501-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17471-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> ipvlan: Fix use-after-free in ipvlan_get_iflink(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21652 17476-17084 17501-17084 17476-17084 17501-17084 Important 17476-17084 Important 17501-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17476-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:03:06 <p>Information published.</p> filemap: avoid truncating 64-bit offset to 32 bits <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21665 Loop with Unreachable Exit Condition (&#39;Infinite Loop&#39;) 19705-17086 17099-17086 17095-16823 17476-17084 17501-17084 19705-17086 17099-17086 17095-16823 17476-17084 17501-17084 19705-17086 17099-17086 Moderate 17095-16823 Moderate 17476-17084 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 19705-17086 17099-17086 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 2.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2026-02-18T03:04:28 <p>Information published.</p> 1.0 2025-03-14T00:00:00 <p>Information published.</p> vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21666 NULL Pointer Dereference 17095-16823 17476-17084 17501-17084 19705-17086 17099-17086 17095-16823 17476-17084 17501-17084 19705-17086 17099-17086 Moderate 17095-16823 Moderate 17476-17084 17501-17084 19705-17086 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 17095-16823 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 19705-17086 17099-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 2.0 2025-05-05T00:00:00 <p>Information published.</p> 1.0 2025-03-14T00:00:00 <p>Information published.</p> 3.0 2026-02-18T03:06:02 <p>Information published.</p> iomap: avoid avoid truncating 64-bit offset to 32 bits <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21667 17087-17086 20925-17086 21093-17086 17476-17084 17501-17084 17087-17086 20925-17086 21093-17086 17476-17084 17501-17084 17087-17086 20925-17086 21093-17086 Moderate 17476-17084 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> 2.0 2026-03-03T14:35:36 <p>Information published.</p> 3.0 2026-03-31T14:45:42 <p>Information published.</p> vsock/bpf: return early if transport is not assigned <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21670 NULL Pointer Dereference 17476-17084 17501-17084 17476-17084 17501-17084 Moderate 17476-17084 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> smb: client: fix double free of TCP_Server_Info::hostname <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21673 Double Free 17501-17084 17087-17086 21093-17086 17476-17084 20925-17086 17501-17084 17087-17086 21093-17086 17476-17084 20925-17086 17501-17084 17087-17086 21093-17086 Moderate 17476-17084 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 CBL-Mariner Releases 17501-17084 17476-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 17476-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> 2.0 2026-03-03T14:36:20 <p>Information published.</p> 3.0 2026-03-31T14:46:55 <p>Information published.</p> net: fec: handle page_pool_dev_alloc_pages error <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21676 NULL Pointer Dereference 17501-17084 17476-17084 17501-17084 17476-17084 17501-17084 Moderate 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 CBL-Mariner Releases 17501-17084 17476-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 17476-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> pktgen: Avoid out-of-bounds access in get_imix_entries <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21680 Improper Validation of Array Index 19705-17086 17099-17086 17095-16823 17476-17084 17501-17084 19705-17086 17099-17086 17095-16823 17476-17084 17501-17084 19705-17086 Important 17099-17086 Important 17095-16823 Important 17476-17084 Important 17501-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19705-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17099-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17476-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17501-17084 CBL-Mariner Releases 19705-17086 17099-17086 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 3.0 2026-02-19T01:04:28 <p>Information published.</p> 1.0 2025-03-14T00:00:00 <p>Information published.</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> Undici Uses Insufficiently Random Values <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-22150 Use of Insufficiently Random Values 19608-17084 17280-16823 17696-17084 19873-17086 19608-17084 17280-16823 17696-17084 19873-17086 Moderate 19608-17084 Moderate 17280-16823 Moderate 17696-17084 Moderate 19873-17086 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 19608-17084 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 17280-16823 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 17696-17084 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 19873-17086 CBL-Mariner Releases 19608-17084 17696-17084 No Security Update 20.14.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19608-17084 17696-17084 CBL-Mariner Releases CBL-Mariner Releases 17280-16823 19873-17086 No Security Update 18.20.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17280-16823 19873-17086 CBL-Mariner Releases 1.0 2025-02-14T00:00:00 <p>Information published.</p> 2.0 2025-02-20T00:00:00 <p>Information published.</p> 2.1 2026-02-18T02:36:04 <p>Information published.</p> Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2025-23090 19353-17084 19608-17084 19353-17084 19608-17084 Important 19353-17084 Important 19608-17084 CBL-Mariner Releases 19353-17084 No Security Update 20.14.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19353-17084 CBL-Mariner Releases CBL-Mariner Releases 19608-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19608-17084 CBL-Mariner Releases 1.1 2026-02-18T02:33:37 <p>Information published.</p> 1.0 2025-09-03T22:50:35 <p>Information published.</p> segmentation fault in win_line() in Vim < 9.1.1043 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-24014 Out-of-bounds Write 19744-17086 19360-16823 19361-17084 19268-17084 19744-17086 19360-16823 19361-17084 19268-17084 Moderate 19744-17086 Moderate 19360-16823 Moderate 19361-17084 Moderate 19268-17084 4.2 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 19744-17086 4.2 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 19360-16823 4.2 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 19361-17084 4.2 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 19268-17084 CBL-Mariner Releases 19744-17086 19360-16823 19361-17084 19268-17084 No Security Update 9.1.0791-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19744-17086 19360-16823 19361-17084 19268-17084 CBL-Mariner Releases 2.0 2025-01-30T00:00:00 <p>Information published.</p> 2.1 2025-08-14T00:00:00 <p>Added vim to CBL-Mariner 2.0 Added vim to Azure Linux 3.0</p> 1.0 2025-01-29T00:00:00 <p>Information published.</p> 2.2 2026-02-18T02:13:48 <p>Information published.</p> Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Docker Yes CVE-2024-10846 Improper Input Validation 17486-17084 19334-17084 17486-17084 19334-17084 Moderate 17486-17084 Moderate 19334-17084 5.9 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H 17486-17084 5.9 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H 19334-17084 CBL-Mariner Releases 17486-17084 19334-17084 No Security Update 2.27.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17486-17084 19334-17084 CBL-Mariner Releases 1.1 2026-02-18T02:37:40 <p>Information published.</p> 1.0 2025-03-13T00:00:00 <p>Information published.</p> Many records in the additional section cause CPU exhaustion <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2024-11187 Asymmetric Resource Consumption (Amplification) 17482-17084 19739-17086 17676-17084 19750-17086 17482-17084 19739-17086 17676-17084 19750-17086 Important 17482-17084 Important 19739-17086 Important 17676-17084 Important 19750-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17482-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19739-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17676-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19750-17086 CBL-Mariner Releases 17482-17084 17676-17084 No Security Update 9.20.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17482-17084 17676-17084 CBL-Mariner Releases CBL-Mariner Releases 19739-17086 No Security Update 9.16.50-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19739-17086 CBL-Mariner Releases CBL-Mariner Releases 19750-17086 No Security Update 4.4.3.P1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19750-17086 CBL-Mariner Releases 2.0 2025-07-11T00:00:00 <p>Added bind to CBL-Mariner 2.0 Added bind to Azure Linux 3.0</p> 2.1 2026-02-18T02:50:00 <p>Information published.</p> 1.0 2025-02-20T00:00:00 <p>Information published.</p> Rsync: heap buffer overflow in rsync due to improper checksum length handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-12084 Heap-based Buffer Overflow 17120-16823 17490-17084 19944-17086 19946-17084 17120-16823 17490-17084 19944-17086 19946-17084 Critical 17120-16823 Critical 17490-17084 Critical 19944-17086 Critical 19946-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17120-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17490-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19944-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19946-17084 CBL-Mariner Releases 17120-16823 17490-17084 19944-17086 19946-17084 No Security Update 3.4.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17120-16823 17490-17084 19944-17086 19946-17084 CBL-Mariner Releases 1.0 2025-01-19T00:00:00 <p>Information published.</p> 2.0 2025-01-25T00:00:00 <p>Information published.</p> 2.1 2026-02-21T02:45:50 <p>Information published.</p> Rsync: info leak via uninitialized stack contents <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-12085 Use of Uninitialized Resource 17120-16823 17490-17084 19946-17084 19944-17086 17120-16823 17490-17084 19946-17084 19944-17086 Important 17120-16823 Important 17490-17084 Important 19946-17084 Important 19944-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17120-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17490-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19946-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19944-17086 CBL-Mariner Releases 17120-16823 17490-17084 19946-17084 19944-17086 No Security Update 3.4.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17120-16823 17490-17084 19946-17084 19944-17086 CBL-Mariner Releases 1.0 2025-01-19T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:46:48 <p>Information published.</p> Rsync: --safe-links option bypass leads to path traversal <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-12088 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 17120-16823 17490-17084 19944-17086 19946-17084 17120-16823 17490-17084 19944-17086 19946-17084 Moderate 17120-16823 Moderate 17490-17084 Moderate 19944-17086 Moderate 19946-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 17120-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 17490-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 19944-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 19946-17084 CBL-Mariner Releases 17120-16823 17490-17084 19944-17086 19946-17084 No Security Update 3.4.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17120-16823 17490-17084 19944-17086 19946-17084 CBL-Mariner Releases 2.0 2025-01-23T00:00:00 <p>Information published.</p> 2.1 2025-06-18T00:00:00 <p>Added rsync to CBL-Mariner 2.0 Added rsync to Azure Linux 3.0</p> 2.2 2026-02-21T02:50:21 <p>Information published.</p> 1.0 2025-01-19T00:00:00 <p>Information published.</p> DNS-over-HTTPS implementation suffers from multiple issues under heavy query load <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2024-12705 Allocation of Resources Without Limits or Throttling 17482-17084 17676-17084 17482-17084 17676-17084 Important 17482-17084 Important 17676-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17482-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17676-17084 CBL-Mariner Releases 17482-17084 17676-17084 No Security Update 9.20.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17482-17084 17676-17084 CBL-Mariner Releases 1.0 2025-02-20T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:51:23 <p>Information published.</p> i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43098 Improper Locking 17110-16823 17476-17084 17501-17084 19675-17086 17110-16823 17476-17084 17501-17084 19675-17086 Moderate 17110-16823 Moderate 17476-17084 17501-17084 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> Sensitive headers incorrectly sent after cross-domain redirect in net/http <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2024-45336 17115-16823 17117-16823 17485-17084 17667-17084 19679-17084 18315-17084 19668-17086 19712-17086 19718-17086 20196-17086 19697-17084 20375-17086 20597-17086 18447-17086 20867-17086 20942-17086 19693-17084 19747-17086 19755-17086 20366-17086 20519-17086 20523-17086 20687-17086 18444-17086 17115-16823 17117-16823 17485-17084 17667-17084 19679-17084 18315-17084 19668-17086 19712-17086 19718-17086 20196-17086 19697-17084 20375-17086 20597-17086 18447-17086 20867-17086 20942-17086 19693-17084 19747-17086 19755-17086 20366-17086 20519-17086 20523-17086 20687-17086 18444-17086 Important 17115-16823 Important 17117-16823 Important 17485-17084 Moderate 17667-17084 Important 19679-17084 Important 18315-17084 Moderate 19668-17086 Moderate 19712-17086 19718-17086 20196-17086 Moderate 19697-17084 Important 20375-17086 Important 20597-17086 Important 18447-17086 Important 20867-17086 Important 20942-17086 Moderate 19693-17084 19747-17086 19755-17086 Important 20366-17086 Important 20519-17086 Important 20523-17086 Important 20687-17086 Important 18444-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17115-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17117-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17485-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17667-17084 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 19679-17084 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 18315-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19668-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19712-17086 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 19718-17086 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 20196-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19697-17084 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 20375-17086 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 20597-17086 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 18447-17086 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 20867-17086 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 20942-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19693-17084 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 19747-17086 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 19755-17086 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 20366-17086 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 20519-17086 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 20523-17086 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 20687-17086 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 18444-17086 CBL-Mariner Releases 17115-16823 20196-17086 20375-17086 20597-17086 20867-17086 20942-17086 20523-17086 20687-17086 No Security Update 1.23.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17115-16823 20196-17086 20375-17086 20597-17086 20867-17086 20942-17086 20523-17086 20687-17086 CBL-Mariner Releases CBL-Mariner Releases 17117-16823 19747-17086 18444-17086 No Security Update 1.22.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17117-16823 19747-17086 18444-17086 CBL-Mariner Releases CBL-Mariner Releases 17485-17084 No Security Update 1.23.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17485-17084 CBL-Mariner Releases CBL-Mariner Releases 19679-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19679-17084 CBL-Mariner Releases 1.0 2025-02-13T00:00:00 <p>Information published.</p> 4.0 2026-03-03T14:58:29 <p>Information published.</p> 5.0 2026-03-26T01:36:04 <p>Information published.</p> 2.0 2025-12-06T14:35:10 <p>Information published.</p> 3.0 2026-02-18T02:42:07 <p>Information published.</p> Vulnerability when creating log files in github.com/golang/glog <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2024-45339 17113-16823 17114-16823 17483-17084 17484-17084 19698-17086 19341-17084 19720-17086 17582-17084 19728-17086 17197-17086 17547-17084 19680-17086 19694-17086 19713-17086 17581-17084 17113-16823 17114-16823 17483-17084 17484-17084 19698-17086 19341-17084 19720-17086 17582-17084 19728-17086 17197-17086 17547-17084 19680-17086 19694-17086 19713-17086 17581-17084 Important 17113-16823 Important 17114-16823 Important 17483-17084 Important 17484-17084 Important 19698-17086 Important 19341-17084 Important 19720-17086 Important 17582-17084 Important 19728-17086 Important 17197-17086 Important 17547-17084 Important 19680-17086 Important 19694-17086 19713-17086 Important 17581-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 17113-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 17114-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 17483-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 17484-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 19698-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 19341-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 19720-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 17582-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 19728-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 17197-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 17547-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 19680-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 19694-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 19713-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 17581-17084 CBL-Mariner Releases 17113-16823 19698-17086 No Security Update 17.0.7-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17113-16823 19698-17086 CBL-Mariner Releases CBL-Mariner Releases 17114-16823 19680-17086 No Security Update 3.6.2-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17114-16823 19680-17086 CBL-Mariner Releases CBL-Mariner Releases 17483-17084 19341-17084 No Security Update 3.7.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17483-17084 19341-17084 CBL-Mariner Releases CBL-Mariner Releases 17484-17084 17547-17084 No Security Update 19.0.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17484-17084 17547-17084 CBL-Mariner Releases 1.0 2025-02-11T00:00:00 <p>Information published.</p> 4.0 2026-02-18T02:48:57 <p>Information published.</p> 2.0 2025-02-13T00:00:00 <p>Information published.</p> 3.0 2025-02-21T00:00:00 <p>Information published.</p> Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2024-45341 17116-16823 17117-16823 17115-16823 19679-17084 17667-17084 19693-17084 20196-17086 19747-17086 19712-17086 19697-17084 20523-17086 20597-17086 18447-17086 20867-17086 20942-17086 18315-17084 19718-17086 19785-17086 19668-17086 20375-17086 20687-17086 18444-17086 17116-16823 17117-16823 17115-16823 19679-17084 17667-17084 19693-17084 20196-17086 19747-17086 19712-17086 19697-17084 20523-17086 20597-17086 18447-17086 20867-17086 20942-17086 18315-17084 19718-17086 19785-17086 19668-17086 20375-17086 20687-17086 18444-17086 Moderate 17116-16823 Moderate 17117-16823 Moderate 17115-16823 Moderate 19679-17084 Moderate 17667-17084 Moderate 19693-17084 20196-17086 19747-17086 Moderate 19712-17086 Moderate 19697-17084 Moderate 20523-17086 Moderate 20597-17086 Moderate 18447-17086 Moderate 20867-17086 Moderate 20942-17086 Moderate 18315-17084 19718-17086 Moderate 19785-17086 Moderate 19668-17086 Moderate 20375-17086 Moderate 20687-17086 Moderate 18444-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17116-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17117-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17115-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19679-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17667-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19693-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 20196-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19747-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19712-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19697-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 20523-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 20597-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18447-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 20867-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 20942-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18315-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19718-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19785-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19668-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 20375-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 20687-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18444-17086 CBL-Mariner Releases 17116-16823 19785-17086 No Security Update 1.18.8-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17116-16823 19785-17086 CBL-Mariner Releases CBL-Mariner Releases 17117-16823 19747-17086 18444-17086 No Security Update 1.22.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17117-16823 19747-17086 18444-17086 CBL-Mariner Releases CBL-Mariner Releases 17115-16823 20196-17086 20523-17086 20597-17086 20867-17086 20942-17086 20375-17086 20687-17086 No Security Update 1.23.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17115-16823 20196-17086 20523-17086 20597-17086 20867-17086 20942-17086 20375-17086 20687-17086 CBL-Mariner Releases 2.0 2025-12-06T14:35:04 <p>Information published.</p> 3.0 2026-02-18T02:45:15 <p>Information published.</p> 5.0 2026-03-26T01:35:59 <p>Information published.</p> 1.0 2025-02-13T00:00:00 <p>Information published.</p> 4.0 2026-03-03T14:58:08 <p>Information published.</p> i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-45828 NULL Pointer Dereference 17110-16823 17476-17084 19675-17086 17501-17084 17110-16823 17476-17084 19675-17086 17501-17084 Moderate 17110-16823 Moderate 17476-17084 19675-17086 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 2.0 2025-03-13T00:00:00 <p>Information published.</p> 1.0 2025-03-08T00:00:00 <p>Information published.</p> Redis' Lua library commands may lead to remote code execution <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-46981 Use After Free 17124-16823 17493-17084 19767-17086 17594-17084 17224-17086 17124-16823 17493-17084 19767-17086 17594-17084 17224-17086 Important 17124-16823 Important 17493-17084 19767-17086 Important 17594-17084 Important 17224-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17124-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17493-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19767-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17594-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17224-17086 CBL-Mariner Releases 17124-16823 19767-17086 17224-17086 No Security Update 6.2.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17124-16823 19767-17086 17224-17086 CBL-Mariner Releases CBL-Mariner Releases 17493-17084 17594-17084 No Security Update 8.0.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17493-17084 17594-17084 CBL-Mariner Releases 2.0 2025-01-24T00:00:00 <p>Information published.</p> 1.0 2025-01-18T00:00:00 <p>Information published.</p> 3.0 2026-02-18T01:07:12 <p>Information published.</p> bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-48881 NULL Pointer Dereference 17110-16823 17476-17084 17501-17084 19675-17086 17110-16823 17476-17084 17501-17084 19675-17086 Moderate 17110-16823 Moderate 17476-17084 17501-17084 19675-17086 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 2.0 2025-03-13T00:00:00 <p>Information published.</p> 1.0 2025-03-08T00:00:00 <p>Information published.</p> Redis allows denial-of-service due to malformed ACL selectors <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-51741 Improper Input Validation 17493-17084 17594-17084 17493-17084 17594-17084 Moderate 17493-17084 Moderate 17594-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17493-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17594-17084 CBL-Mariner Releases 17493-17084 17594-17084 No Security Update 8.0.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17493-17084 17594-17084 CBL-Mariner Releases 1.1 2026-02-18T01:47:23 <p>Information published.</p> 1.0 2025-01-18T00:00:00 <p>Information published.</p> Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-55916 NULL Pointer Dereference 17110-16823 17476-17084 19675-17086 17501-17084 17110-16823 17476-17084 19675-17086 17501-17084 Moderate 17110-16823 Moderate 17476-17084 19675-17086 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> tracing: Prevent bad count for tracing_cpumask_write <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56763 17110-16823 17476-17084 17501-17084 18490-17086 19682-17086 17110-16823 17476-17084 17501-17084 18490-17086 19682-17086 Moderate 17110-16823 Moderate 17476-17084 Moderate 17501-17084 Moderate 18490-17086 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:15:59 <p>Information published.</p> mtd: rawnand: fix double free in atmel_pmecc_create_user() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56766 Double Free 17110-16823 17476-17084 17501-17084 19682-17086 18490-17086 17110-16823 17476-17084 17501-17084 19682-17086 18490-17086 Important 17110-16823 Important 17476-17084 Important 17501-17084 19682-17086 Important 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17110-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17476-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17501-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:49:23 <p>Information published.</p> net/sched: netem: account for backlog updates from child qdisc <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56770 17110-16823 17476-17084 19675-17086 17501-17084 17110-16823 17476-17084 19675-17086 17501-17084 Moderate 17110-16823 Moderate 17476-17084 Moderate 19675-17086 Moderate 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> 2.1 2026-02-18T02:13:59 <p>Information published.</p> drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56777 Improper Check for Unusual or Exceptional Conditions 17110-16823 17489-17084 17088-17084 19675-17086 17110-16823 17489-17084 17088-17084 19675-17086 Moderate 17110-16823 Moderate 17489-17084 17088-17084 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17489-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17088-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17489-17084 17088-17084 No Security Update 6.6.64.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17489-17084 17088-17084 CBL-Mariner Releases 1.0 2025-01-29T00:00:00 <p>Information published.</p> 2.0 2025-03-08T00:00:00 <p>Information published.</p> drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56778 Improper Check for Unusual or Exceptional Conditions 17110-16823 17489-17084 17088-17084 19675-17086 17110-16823 17489-17084 17088-17084 19675-17086 Moderate 17110-16823 Moderate 17489-17084 17088-17084 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17489-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17088-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17489-17084 17088-17084 No Security Update 6.6.64.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17489-17084 17088-17084 CBL-Mariner Releases 2.0 2025-03-08T00:00:00 <p>Information published.</p> 1.0 2025-01-29T00:00:00 <p>Information published.</p> powerpc/prom_init: Fixup missing powermac #size-cells <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56781 17110-16823 17476-17084 19675-17086 17501-17084 17110-16823 17476-17084 19675-17086 17501-17084 Moderate 17110-16823 Moderate 17476-17084 19675-17086 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 2.0 2025-03-13T00:00:00 <p>Information published.</p> 1.0 2025-03-08T00:00:00 <p>Information published.</p> netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56783 Reachable Assertion 17476-17084 17501-17084 17476-17084 17501-17084 Moderate 17476-17084 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56786 17476-17084 19682-17086 17501-17084 18490-17086 17476-17084 19682-17086 17501-17084 18490-17086 Moderate 17476-17084 19682-17086 Moderate 17501-17084 Moderate 18490-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19682-17086 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17501-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 1.1 2025-06-19T00:00:00 <p>Added kernel to Azure Linux 3.0</p> 2.0 2026-02-18T02:05:09 <p>Information published.</p> soc: imx8m: Probe the SoC driver as platform driver <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56787 17110-16823 17476-17084 17501-17084 19675-17086 17110-16823 17476-17084 17501-17084 19675-17086 Moderate 17110-16823 Moderate 17476-17084 17501-17084 19675-17086 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 2.0 2025-03-13T00:00:00 <p>Information published.</p> 1.0 2025-03-08T00:00:00 <p>Information published.</p> netrom: check buffer length before accessing it <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57802 Use of Uninitialized Resource 17110-16823 17476-17084 19675-17086 17501-17084 17110-16823 17476-17084 19675-17086 17501-17084 Moderate 17110-16823 Moderate 17476-17084 19675-17086 17501-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> scsi: megaraid_sas: Fix for a potential deadlock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57807 Improper Locking 17110-16823 17476-17084 19675-17086 17501-17084 17110-16823 17476-17084 19675-17086 17501-17084 Moderate 17110-16823 Moderate 17476-17084 19675-17086 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57874 Use of Uninitialized Resource 17110-16823 17476-17084 19675-17086 17501-17084 17110-16823 17476-17084 19675-17086 17501-17084 Moderate 17110-16823 Moderate 17476-17084 19675-17086 17501-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 17110-16823 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 17476-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 19675-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 17501-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> mptcp: fix TCP options overflow. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57882 NULL Pointer Dereference 17103-16823 17476-17084 17501-17084 19682-17086 18490-17086 17103-16823 17476-17084 17501-17084 19682-17086 18490-17086 Moderate 17103-16823 Moderate 17476-17084 17501-17084 19682-17086 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17103-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17103-16823 No Security Update 5.15.179.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17103-16823 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:25:19 <p>Information published.</p> ksmbd: set ATTR_CTIME flags when setting mtime <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57895 17476-17084 17501-17084 20925-17086 21093-17086 17087-17086 17476-17084 17501-17084 20925-17086 21093-17086 17087-17086 Moderate 17476-17084 17501-17084 20925-17086 21093-17086 17087-17086 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 2.0 2026-03-03T14:56:38 <p>Information published.</p> 3.0 2026-03-31T15:17:35 <p>Information published.</p> 1.0 2025-03-13T00:00:00 <p>Information published.</p> btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57896 Use After Free 17110-16823 17476-17084 17501-17084 19675-17086 17110-16823 17476-17084 17501-17084 19675-17086 Important 17110-16823 Important 17476-17084 Important 17501-17084 Important 19675-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17110-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17476-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17501-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19675-17086 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> 2.1 2026-02-18T02:22:05 <p>Information published.</p> af_packet: fix vlan_get_tci() vs MSG_PEEK <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57902 17099-16823 17471-17084 17501-17084 19675-17086 17099-16823 17471-17084 17501-17084 19675-17086 Moderate 17099-16823 Moderate 17471-17084 17501-17084 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17471-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 CBL-Mariner Releases 17099-16823 19675-17086 No Security Update 5.15.176.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17471-17084 17501-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17471-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57911 Use of Uninitialized Resource 17095-16823 17476-17084 17099-17086 19705-17086 17501-17084 17095-16823 17476-17084 17099-17086 19705-17086 17501-17084 Moderate 17095-16823 Moderate 17476-17084 Moderate 17099-17086 19705-17086 Moderate 17501-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17095-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17501-17084 CBL-Mariner Releases 17095-16823 17099-17086 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 17099-17086 19705-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 2.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2026-02-18T03:01:22 <p>Information published.</p> 1.0 2025-03-13T00:00:00 <p>Information published.</p> drm/amd/display: Add check for granularity in dml ceil/floor helpers <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57922 17095-16823 17471-17084 17501-17084 19705-17086 17099-17086 17095-16823 17471-17084 17501-17084 19705-17086 17099-17086 Moderate 17095-16823 Moderate 17471-17084 Moderate 17501-17084 19705-17086 Moderate 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 17095-16823 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 19705-17086 17099-17086 CBL-Mariner Releases CBL-Mariner Releases 17471-17084 17501-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17471-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2026-02-21T03:31:04 <p>Information published.</p> gve: guard XSK operations on the existence of queues <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57933 NULL Pointer Dereference 17476-17084 17501-17084 17476-17084 17501-17084 Moderate 17476-17084 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> net/sctp: Prevent autoclose integer overflow in sctp_association_init() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57938 17110-16823 17476-17084 19675-17086 17501-17084 17110-16823 17476-17084 19675-17086 17501-17084 Moderate 17110-16823 Moderate 17476-17084 19675-17086 17501-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> exfat: fix the infinite loop in exfat_readdir() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57940 Loop with Unreachable Exit Condition (&#39;Infinite Loop&#39;) 17103-16823 17476-17084 17501-17084 19682-17086 18490-17086 17103-16823 17476-17084 17501-17084 19682-17086 18490-17086 Moderate 17103-16823 Moderate 17476-17084 17501-17084 19682-17086 18490-17086 CBL-Mariner Releases 17103-16823 No Security Update 5.15.179.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17103-16823 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 2.0 2026-02-18T02:32:30 <p>Information published.</p> 1.0 2025-03-13T00:00:00 <p>Information published.</p> virtio-blk: don't keep queue frozen during system suspend <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57946 17099-16823 17471-17084 17501-17084 19675-17086 17099-16823 17471-17084 17501-17084 19675-17086 Moderate 17099-16823 Moderate 17471-17084 17501-17084 19675-17086 CBL-Mariner Releases 17099-16823 19675-17086 No Security Update 5.15.176.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17471-17084 17501-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17471-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-49043 Use After Free 19520-16823 20051-17086 19520-16823 20051-17086 Critical 19520-16823 Critical 20051-17086 8.1 8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 19520-16823 10.0 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 20051-17086 CBL-Mariner Releases 19520-16823 20051-17086 No Security Update 2.10.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19520-16823 20051-17086 CBL-Mariner Releases 1.0 2025-02-01T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:38:12 <p>Information published.</p> ila: serialize calls to nf_register_net_hooks() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57900 Use After Free 17501-17084 19675-17086 17501-17084 19675-17086 Important 17501-17084 Important 19675-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17501-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19675-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19675-17086 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> 2.1 2026-02-18T02:24:10 <p>Information published.</p> ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57892 18490-17086 17501-17084 19682-17086 18490-17086 17501-17084 19682-17086 Important 18490-17086 Important 17501-17084 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17501-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:19:54 <p>Information published.</p> iio: imu: kmx61: fix information leak in triggered buffer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57908 Use of Uninitialized Resource 19682-17086 17501-17084 18490-17086 19682-17086 17501-17084 18490-17086 19682-17086 Important 17501-17084 Important 18490-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19682-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17501-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18490-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:25:07 <p>Information published.</p> iio: pressure: zpa2326: fix information leak in triggered buffer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57912 19682-17086 17501-17084 18490-17086 19682-17086 17501-17084 18490-17086 19682-17086 Important 17501-17084 Important 18490-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19682-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17501-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18490-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:53:49 <p>Information published.</p> usb: gadget: f_fs: Remove WARN_ON in functionfs_bind <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57913 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 19705-17086 17099-17086 17501-17084 19705-17086 17099-17086 17501-17084 19705-17086 Moderate 17099-17086 Moderate 17501-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 CBL-Mariner Releases CBL-Mariner Releases 17501-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases 2.0 2025-05-05T00:00:00 <p>Information published.</p> 1.0 2025-03-13T00:00:00 <p>Information published.</p> 3.0 2026-02-21T03:27:59 <p>Information published.</p> When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner glibc Yes CVE-2025-0395 Incorrect Calculation of Buffer Size 19587-17084 19876-17086 17348-17086 20868-17086 19587-17084 19876-17086 17348-17086 20868-17086 Low 19587-17084 19876-17086 Low 17348-17086 Low 20868-17086 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 19587-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 19876-17086 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 17348-17086 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 20868-17086 CBL-Mariner Releases 19587-17084 No Security Update 2.38-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19587-17084 CBL-Mariner Releases CBL-Mariner Releases 19876-17086 17348-17086 20868-17086 No Security Update 2.35-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19876-17086 17348-17086 20868-17086 CBL-Mariner Releases 2.0 2026-02-18T02:37:02 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57872 Missing Release of Memory after Effective Lifetime 19683-17084 20553-17084 20613-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 21248-17084 17087-17086 20412-17084 20725-17084 20956-17084 21094-17084 21308-17084 21332-17084 21344-17084 19683-17084 20553-17084 20613-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 21248-17084 17087-17086 20412-17084 20725-17084 20956-17084 21094-17084 21308-17084 21332-17084 21344-17084 19683-17084 20553-17084 20613-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 21248-17084 17087-17086 20412-17084 20725-17084 20956-17084 21094-17084 21308-17084 21332-17084 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:36:36 <p>Information published.</p> 7.0 2026-03-04T14:47:10 <p>Information published.</p> 8.0 2026-03-31T15:16:07 <p>Information published.</p> 11.0 2026-05-11T01:51:27 <p>Information published.</p> 1.0 2025-09-03T21:17:13 <p>Information published.</p> 3.0 2026-01-08T14:50:40 <p>Information published.</p> 4.0 2026-01-20T14:50:53 <p>Information published.</p> 5.0 2026-02-18T02:02:20 <p>Information published.</p> 6.0 2026-03-03T14:55:31 <p>Information published.</p> 9.0 2026-04-29T14:59:07 <p>Information published.</p> 10.0 2026-05-06T14:52:42 <p>Information published.</p> 12.0 2026-05-17T14:52:16 <p>Information published.</p> drm/amd/display: Fix handling of plane refcount <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56775 Missing Release of Memory after Effective Lifetime 20412-17084 20613-17084 20725-17084 20788-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 19683-17084 17087-17086 20553-17084 20823-17084 21308-17084 21332-17084 21344-17084 20412-17084 20613-17084 20725-17084 20788-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 19683-17084 17087-17086 20553-17084 20823-17084 21308-17084 21332-17084 21344-17084 Important 20412-17084 Important 20613-17084 Important 20725-17084 Important 20788-17084 Important 20860-17084 Important 20925-17086 Important 20956-17084 Important 21094-17084 Important 21093-17086 Important 21248-17084 19683-17084 Important 17087-17086 Important 20553-17084 Important 20823-17084 Important 21308-17084 Important 21332-17084 Moderate 21344-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T21:57:30 <p>Information published.</p> 2.0 2025-12-07T01:35:54 <p>Information published.</p> 3.0 2026-01-08T14:50:07 <p>Information published.</p> 4.0 2026-01-20T14:50:18 <p>Information published.</p> 6.0 2026-03-03T14:51:33 <p>Information published.</p> 7.0 2026-03-04T14:46:42 <p>Information published.</p> 9.0 2026-04-29T14:58:03 <p>Information published.</p> 11.0 2026-05-11T01:50:51 <p>Information published.</p> 12.1 2026-05-22T01:39:00 <p>Information published.</p> 5.0 2026-02-19T01:45:25 <p>Information published.</p> 8.0 2026-03-31T15:11:16 <p>Information published.</p> 10.0 2026-05-06T14:52:12 <p>Information published.</p> 12.0 2026-05-17T14:51:39 <p>Information published.</p> An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-55459 Download of Code Without Integrity Check 19276-17084 20630-17084 20859-17084 21265-17084 20434-17084 20558-17084 19276-17084 20630-17084 20859-17084 21265-17084 20434-17084 20558-17084 19276-17084 Moderate 20630-17084 Moderate 20859-17084 Moderate 21265-17084 Moderate 20434-17084 Moderate 20558-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 19276-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 20630-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 20859-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 21265-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 20434-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 20558-17084 3.0 2026-04-29T14:58:15 <p>Information published.</p> 1.0 2025-09-03T22:00:02 <p>Information published.</p> 2.0 2026-02-19T01:45:35 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-21521 Allocation of Resources Without Limits or Throttling 17539-17084 17539-17084 Important 17539-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17539-17084 CBL-Mariner Releases 17539-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17539-17084 CBL-Mariner Releases 1.1 2026-02-19T01:52:50 <p>Information published.</p> 1.0 2025-09-03T22:13:42 <p>Information published.</p> drm/amd/display: Adding array index check to prevent memory corruption <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56784 Out-of-bounds Write 19529-17084 18490-17086 19682-17086 19529-17084 18490-17086 19682-17086 Important 19529-17084 Important 18490-17086 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19529-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 1.0 2025-09-03T22:36:39 <p>Information published.</p> 2.0 2026-02-18T02:02:41 <p>Information published.</p> Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-11218 Improper Privilege Management 19777-17086 19792-17086 17793-17084 20374-17086 20522-17086 19777-17086 19792-17086 17793-17084 20374-17086 20522-17086 19777-17086 Important 19792-17086 Important 17793-17084 Important 20374-17086 Important 20522-17086 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 19777-17086 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 19792-17086 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 17793-17084 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 20374-17086 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 20522-17086 1.1 2026-02-18T02:35:03 <p>Information published.</p> 1.0 2025-09-03T22:59:20 <p>Information published.</p> block: RCU protect disk->conv_zones_bitmap <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57875 19683-17084 17087-17086 20613-17084 20725-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 20412-17084 20553-17084 20788-17084 20860-17084 21308-17084 21332-17084 21344-17084 19683-17084 17087-17086 20613-17084 20725-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 20412-17084 20553-17084 20788-17084 20860-17084 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 17087-17086 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 19683-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 20613-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 20725-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 20823-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 20956-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 21094-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 21248-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 20412-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 20553-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 20788-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 20860-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 21308-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 21332-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2025-09-03T23:34:39 <p>Information published.</p> 3.0 2026-01-08T14:49:01 <p>Information published.</p> 4.0 2026-01-20T14:45:20 <p>Information published.</p> 5.0 2026-02-19T01:47:25 <p>Information published.</p> 6.0 2026-03-03T15:04:20 <p>Information published.</p> 7.0 2026-03-05T01:41:01 <p>Information published.</p> 8.0 2026-03-31T15:08:21 <p>Information published.</p> 9.0 2026-04-29T14:51:13 <p>Information published.</p> 11.0 2026-05-11T01:44:16 <p>Information published.</p> 2.0 2025-12-07T01:50:38 <p>Information published.</p> 10.0 2026-05-06T14:45:51 <p>Information published.</p> 12.0 2026-05-17T14:45:24 <p>Information published.</p> sched: fix warning in sched_setaffinity <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41932 20412-17084 20553-17084 20613-17084 20788-17084 20860-17084 20956-17084 21094-17084 21308-17084 21332-17084 19683-17084 20725-17084 20823-17084 21248-17084 21344-17084 20412-17084 20553-17084 20613-17084 20788-17084 20860-17084 20956-17084 21094-17084 21308-17084 21332-17084 19683-17084 20725-17084 20823-17084 21248-17084 21344-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21308-17084 Moderate 21332-17084 19683-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 21248-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T23:48:23 <p>Information published.</p> 2.0 2025-12-07T01:35:30 <p>Information published.</p> 3.0 2026-01-08T14:49:10 <p>Information published.</p> 4.0 2026-01-20T14:45:30 <p>Information published.</p> 6.0 2026-03-04T14:42:45 <p>Information published.</p> 7.0 2026-03-31T15:08:44 <p>Information published.</p> 10.0 2026-05-11T01:44:24 <p>Information published.</p> 5.0 2026-02-19T01:47:32 <p>Information published.</p> 8.0 2026-04-30T01:45:27 <p>Information published.</p> 9.0 2026-05-06T14:46:00 <p>Information published.</p> 11.0 2026-05-17T14:45:33 <p>Information published.</p> scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57804 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20956-17084 21094-17084 21332-17084 20553-17084 20823-17084 20860-17084 21248-17084 21308-17084 21344-17084 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20956-17084 21094-17084 21332-17084 20553-17084 20823-17084 20860-17084 21248-17084 21308-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21332-17084 Moderate 20553-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21344-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20788-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20956-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21094-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21332-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20823-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20860-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21248-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21308-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-04T00:29:05 <p>Information published.</p> 2.0 2025-12-07T01:36:31 <p>Information published.</p> 4.0 2026-01-20T14:46:33 <p>Information published.</p> 6.0 2026-03-04T14:43:10 <p>Information published.</p> 8.0 2026-04-29T14:52:04 <p>Information published.</p> 10.0 2026-05-11T01:45:09 <p>Information published.</p> 3.0 2026-01-08T14:49:59 <p>Information published.</p> 5.0 2026-02-19T01:48:18 <p>Information published.</p> 7.0 2026-03-31T15:10:57 <p>Information published.</p> 9.0 2026-05-06T14:46:45 <p>Information published.</p> 11.0 2026-05-17T14:46:15 <p>Information published.</p> wifi: cfg80211: clear link ID from bitmap during link delete after clean up <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57898 20412-17084 20553-17084 20613-17084 20823-17084 20860-17084 20925-17086 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 17087-17086 20725-17084 20788-17084 20956-17084 21308-17084 21344-17084 20412-17084 20553-17084 20613-17084 20823-17084 20860-17084 20925-17086 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 17087-17086 20725-17084 20788-17084 20956-17084 21308-17084 21344-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20823-17084 Moderate 20860-17084 20925-17086 Moderate 21094-17084 21093-17086 Moderate 21248-17084 Moderate 21332-17084 19683-17084 17087-17086 Moderate 20725-17084 Moderate 20788-17084 Moderate 20956-17084 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:37:34 <p>Information published.</p> 4.0 2026-01-20T14:47:37 <p>Information published.</p> 5.0 2026-02-19T01:49:10 <p>Information published.</p> 6.0 2026-03-03T15:04:29 <p>Information published.</p> 8.0 2026-03-31T15:13:37 <p>Information published.</p> 10.0 2026-05-06T14:47:31 <p>Information published.</p> 11.0 2026-05-11T01:45:54 <p>Information published.</p> 1.0 2025-09-04T00:46:51 <p>Information published.</p> 3.0 2026-01-08T14:50:48 <p>Information published.</p> 7.0 2026-03-04T14:43:37 <p>Information published.</p> 9.0 2026-04-29T14:52:57 <p>Information published.</p> 12.0 2026-05-17T14:46:57 <p>Information published.</p> net: hns3: don't auto enable misc vector <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21651 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-04T02:46:28 <p>Information published.</p> rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21635 NULL Pointer Dereference 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 21093-17086 21248-17084 21332-17084 19683-17084 17087-17086 20553-17084 20788-17084 20925-17086 20956-17084 21094-17084 21308-17084 21344-17084 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 21093-17086 21248-17084 21332-17084 19683-17084 17087-17086 20553-17084 20788-17084 20925-17086 20956-17084 21094-17084 21308-17084 21344-17084 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 21093-17086 21248-17084 21332-17084 19683-17084 17087-17086 20553-17084 20788-17084 20925-17086 20956-17084 21094-17084 21308-17084 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-04T06:59:21 <p>Information published.</p> 2.0 2025-12-07T01:38:29 <p>Information published.</p> 4.0 2026-01-20T14:35:51 <p>Information published.</p> 5.0 2026-02-21T04:19:39 <p>Information published.</p> 6.0 2026-03-03T14:39:43 <p>Information published.</p> 7.0 2026-03-04T14:35:55 <p>Information published.</p> 8.0 2026-03-31T14:49:30 <p>Information published.</p> 9.0 2026-04-29T14:40:16 <p>Information published.</p> 3.0 2026-01-08T14:37:14 <p>Information published.</p> 10.0 2026-05-06T14:53:35 <p>Information published.</p> 11.0 2026-05-11T01:52:36 <p>Information published.</p> 12.0 2026-05-17T14:53:25 <p>Information published.</p> f2fs: fix to shrink read extent node in batches <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41935 Out-of-bounds Read 17087-17086 17087-17086 Important 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 1.0 2025-09-25T01:02:23 <p>Information published.</p> drm/dp_mst: Fix resetting msg rx state after topology removal <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57876 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 17087-17086 17087-17086 Important 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 1.0 2025-09-28T01:01:52 <p>Information published.</p> ALSA: seq: oss: Fix races at processing SysEx messages <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57893 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 20925-17086 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 21093-17086 1.0 2025-09-28T01:01:57 <p>Information published.</p> 2.0 2026-03-03T14:53:05 <p>Information published.</p> 3.0 2026-03-31T15:14:09 <p>Information published.</p> fs: relax assertions on failure to encode file handles <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57924 Reachable Assertion 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 20925-17086 Moderate 17087-17086 Moderate 21093-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 1.0 2025-09-28T01:02:02 <p>Information published.</p> 3.0 2026-03-31T15:14:28 <p>Information published.</p> 2.0 2026-03-03T14:53:23 <p>Information published.</p> riscv: mm: Fix the out of bound issue of vmemmap address <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57945 Out-of-bounds Read 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2026-03-03T14:53:42 <p>Information published.</p> 1.0 2025-09-28T01:02:08 <p>Information published.</p> 3.0 2026-03-31T15:14:46 <p>Information published.</p> hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21656 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-28T01:02:13 <p>Information published.</p> workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57888 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2026-03-03T14:37:28 <p>Information published.</p> 3.0 2026-03-31T14:45:47 <p>Information published.</p> 1.0 2025-10-22T01:02:36 <p>Information published.</p> net: hns3: fix kernel crash when 1588 is sent on HIP08 devices <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21649 19683-17084 17087-17086 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21248-17084 21308-17084 20860-17084 20925-17086 21094-17084 21093-17086 21332-17084 21344-17084 19683-17084 17087-17086 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21248-17084 21308-17084 20860-17084 20925-17086 21094-17084 21093-17086 21332-17084 21344-17084 19683-17084 17087-17086 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21248-17084 21308-17084 20860-17084 20925-17086 21094-17084 21093-17086 21332-17084 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:37:00 <p>Information published.</p> 3.0 2026-01-08T14:35:21 <p>Information published.</p> 4.0 2026-01-20T14:51:01 <p>Information published.</p> 5.0 2026-02-18T02:54:09 <p>Information published.</p> 6.0 2026-03-03T14:58:50 <p>Information published.</p> 7.0 2026-03-04T14:47:17 <p>Information published.</p> 9.0 2026-04-29T14:59:20 <p>Information published.</p> 1.0 2025-09-03T19:48:59 <p>Information published.</p> 8.0 2026-03-31T14:36:44 <p>Information published.</p> 10.0 2026-05-06T14:52:49 <p>Information published.</p> 11.0 2026-05-11T01:51:35 <p>Information published.</p> 12.0 2026-05-17T14:52:25 <p>Information published.</p> cgroup/cpuset: remove kernfs active break <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21634 17087-17086 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 21248-17084 20956-17084 21094-17084 21308-17084 21332-17084 21344-17084 17087-17086 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 21248-17084 20956-17084 21094-17084 21308-17084 21332-17084 21344-17084 17087-17086 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 21248-17084 20956-17084 21094-17084 21308-17084 21332-17084 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:37:34 <p>Information published.</p> 3.0 2026-01-08T14:35:50 <p>Information published.</p> 4.0 2026-01-20T14:51:27 <p>Information published.</p> 5.0 2026-02-18T03:02:54 <p>Information published.</p> 6.0 2026-03-03T15:02:56 <p>Information published.</p> 8.0 2026-03-31T14:42:54 <p>Information published.</p> 9.0 2026-04-29T14:38:56 <p>Information published.</p> 11.0 2026-05-11T01:52:01 <p>Information published.</p> 1.0 2025-09-03T20:27:53 <p>Information published.</p> 7.0 2026-03-04T14:35:17 <p>Information published.</p> 10.0 2026-05-06T14:53:10 <p>Information published.</p> 12.0 2026-05-17T14:52:50 <p>Information published.</p> btrfs: check folio mapping after unlock in relocate_one_folio() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56758 NULL Pointer Dereference 19880-17084 19880-17084 19880-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19880-17084 CBL-Mariner Releases 19880-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19880-17084 CBL-Mariner Releases 1.0 2025-09-03T20:04:09 <p>Information published.</p> RDMA/rxe: Remove the direct link to net_device <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57795 Use After Free 20412-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 17087-17086 19683-17084 20553-17084 20613-17084 20412-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21093-17086 17087-17086 19683-17084 20553-17084 20613-17084 Important 20412-17084 Important 20725-17084 Important 20788-17084 Important 20823-17084 Important 20860-17084 Important 20925-17086 Important 21093-17086 Important 17087-17086 19683-17084 Important 20553-17084 Important 20613-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 1.0 2025-09-03T19:51:00 <p>Information published.</p> 2.0 2025-12-07T01:40:58 <p>Information published.</p> 3.0 2026-01-08T14:40:33 <p>Information published.</p> 4.0 2026-01-20T14:37:57 <p>Information published.</p> 6.0 2026-03-03T14:54:10 <p>Information published.</p> 7.0 2026-03-31T15:12:12 <p>Information published.</p> 5.0 2026-02-18T15:12:41 <p>Information published.</p> With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2025-23083 Improper Access Control 19608-17084 19353-17084 19608-17084 19353-17084 Important 19608-17084 Important 19353-17084 7.7 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 19608-17084 7.7 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 19353-17084 CBL-Mariner Releases 19608-17084 19353-17084 No Security Update 20.14.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19608-17084 19353-17084 CBL-Mariner Releases 1.0 2025-02-01T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:34:11 <p>Information published.</p> x86/fred: Clear WFE in missing-ENDBRANCH #CPs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56761 17476-17084 19529-17084 17476-17084 19529-17084 Moderate 17476-17084 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 17476-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 CBL-Mariner Releases CBL-Mariner Releases 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 CBL-Mariner Releases 1.0 2025-09-03T20:01:52 <p>Information published.</p> URL parser allowed square brackets in domain names <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PSF Yes CVE-2025-0938 Improper Input Validation 19260-16823 17604-17084 17545-17084 19681-17086 17667-17084 19260-16823 17604-17084 17545-17084 19681-17086 17667-17084 Moderate 19260-16823 Moderate 17604-17084 Moderate 17545-17084 Moderate 19681-17086 Moderate 17667-17084 CBL-Mariner Releases 19260-16823 19681-17086 No Security Update 3.9.19-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19260-16823 19681-17086 CBL-Mariner Releases CBL-Mariner Releases 17604-17084 17545-17084 No Security Update 3.12.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17604-17084 17545-17084 CBL-Mariner Releases 2.0 2025-03-14T00:00:00 <p>Information published.</p> 2.1 2026-02-18T03:00:40 <p>Information published.</p> 1.0 2025-02-25T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-21490 Allocation of Resources Without Limits or Throttling 19825-17086 20206-17086 19282-16823 17153-16823 19283-17084 17616-17084 17231-17086 19825-17086 20206-17086 19282-16823 17153-16823 19283-17084 17616-17084 17231-17086 Moderate 19825-17086 20206-17086 Moderate 19282-16823 Moderate 17153-16823 Moderate 19283-17084 Moderate 17616-17084 Moderate 17231-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19825-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20206-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19282-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19283-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17616-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17231-17086 CBL-Mariner Releases 19825-17086 17153-16823 No Security Update 8.0.41-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19825-17086 17153-16823 CBL-Mariner Releases CBL-Mariner Releases 20206-17086 19282-16823 17231-17086 No Security Update 10.6.21-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20206-17086 19282-16823 17231-17086 CBL-Mariner Releases CBL-Mariner Releases 19283-17084 17616-17084 No Security Update 10.11.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19283-17084 17616-17084 CBL-Mariner Releases 2.0 2025-03-28T00:00:00 <p>Information published.</p> 3.0 2025-04-01T00:00:00 <p>Information published.</p> 1.0 2025-03-27T00:00:00 <p>Information published.</p> 4.0 2025-06-23T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mariadb to Azure Linux 3.0 Added mariadb to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0</p> 5.0 2026-02-18T02:17:59 <p>Information published.</p> block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21631 Use After Free 17099-17086 17095-16823 17476-17084 19705-17086 17501-17084 17099-17086 17095-16823 17476-17084 19705-17086 17501-17084 Important 17099-17086 Important 17095-16823 Important 17476-17084 19705-17086 Important 17501-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17099-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17476-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19705-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17501-17084 CBL-Mariner Releases 17099-17086 17095-16823 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-17086 17095-16823 19705-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 2.0 2025-05-05T00:00:00 <p>Information published.</p> 1.0 2025-03-14T00:00:00 <p>Information published.</p> 3.0 2026-02-18T03:03:36 <p>Information published.</p> sctp: sysctl: rto_min/max: avoid using current->nsproxy <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21639 NULL Pointer Dereference 19682-17086 17501-17084 17103-16823 17471-17084 18490-17086 19682-17086 17501-17084 17103-16823 17471-17084 18490-17086 19682-17086 Moderate 17501-17084 Moderate 17103-16823 Moderate 17471-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17103-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17471-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases CBL-Mariner Releases 17501-17084 17471-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 17471-17084 CBL-Mariner Releases CBL-Mariner Releases 17103-16823 No Security Update 5.15.179.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17103-16823 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> 2.0 2026-02-21T03:21:24 <p>Information published.</p> btrfs: avoid NULL pointer dereference if no valid extent tree <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21658 NULL Pointer Dereference 17501-17084 20925-17086 21093-17086 17476-17084 17087-17086 17501-17084 20925-17086 21093-17086 17476-17084 17087-17086 17501-17084 20925-17086 21093-17086 Moderate 17476-17084 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17501-17084 17476-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 17476-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> 2.0 2026-03-03T14:56:54 <p>Information published.</p> 3.0 2026-03-31T15:17:47 <p>Information published.</p> vsock/virtio: discard packets if the transport changes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21669 NULL Pointer Dereference 17501-17084 17095-16823 17476-17084 19705-17086 17099-17086 17501-17084 17095-16823 17476-17084 19705-17086 17099-17086 17501-17084 Moderate 17095-16823 Moderate 17476-17084 19705-17086 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 17501-17084 17476-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 17476-17084 CBL-Mariner Releases CBL-Mariner Releases 17095-16823 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 19705-17086 17099-17086 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> 3.0 2026-02-19T01:05:21 <p>Information published.</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21674 Improper Locking 17476-17084 17501-17084 17476-17084 17501-17084 Moderate 17476-17084 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> net/mlx5: Clear port select structure when fail to create <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21675 NULL Pointer Dereference 17476-17084 17501-17084 17476-17084 17501-17084 Moderate 17476-17084 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> openvswitch: fix lockup on tx to unregistering netdev with carrier <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21681 17501-17084 17476-17084 17501-17084 17476-17084 Moderate 17501-17084 Moderate 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17501-17084 17476-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 17476-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:55:11 <p>Information published.</p> bpf: Fix bpf_sk_select_reuseport() memory leak <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21683 Missing Release of Memory after Effective Lifetime 17099-17086 17095-16823 17476-17084 19705-17086 17501-17084 17099-17086 17095-16823 17476-17084 19705-17086 17501-17084 17099-17086 Moderate 17095-16823 Moderate 17476-17084 19705-17086 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17099-17086 17095-16823 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-17086 17095-16823 19705-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2026-02-18T03:04:59 <p>Information published.</p> heap-buffer-overflow with visual mode in Vim < 9.1.1003 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-22134 Heap-based Buffer Overflow 19289-16823 19290-17084 19268-17084 19744-17086 19289-16823 19290-17084 19268-17084 19744-17086 Moderate 19289-16823 Moderate 19290-17084 Moderate 19268-17084 Moderate 19744-17086 4.2 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 19289-16823 4.2 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 19290-17084 4.2 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 19268-17084 4.2 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 19744-17086 CBL-Mariner Releases 19289-16823 19290-17084 19268-17084 19744-17086 No Security Update 9.1.0791-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19289-16823 19290-17084 19268-17084 19744-17086 CBL-Mariner Releases 2.0 2025-01-22T00:00:00 <p>Information published.</p> 3.0 2025-02-05T00:00:00 <p>Information published.</p> 4.0 2025-03-12T00:00:00 <p>Information published.</p> 1.0 2025-01-18T00:00:00 <p>Information published.</p> 4.1 2025-08-14T00:00:00 <p>Added vim to CBL-Mariner 2.0 Added vim to Azure Linux 3.0</p> 4.2 2026-02-19T01:47:27 <p>Information published.</p> FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-23016 Integer Overflow or Wraparound 20222-17086 19226-17084 19351-16823 19352-17084 19225-17086 20222-17086 19226-17084 19351-16823 19352-17084 19225-17086 20222-17086 Critical 19226-17084 Critical 19351-16823 Critical 19352-17084 Critical 19225-17086 9.3 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 20222-17086 9.3 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 19226-17084 9.3 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 19351-16823 9.3 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 19352-17084 9.3 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 19225-17086 CBL-Mariner Releases 20222-17086 19226-17084 19351-16823 19352-17084 19225-17086 No Security Update 2.4.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20222-17086 19226-17084 19351-16823 19352-17084 19225-17086 CBL-Mariner Releases 1.0 2025-04-26T00:00:00 <p>Information published.</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2026-02-18T02:09:08 <p>Information published.</p> Rsync: rsync server leaks arbitrary client files <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-12086 Detection of Error Condition Without Action 17120-16823 17490-17084 19944-17086 19946-17084 17120-16823 17490-17084 19944-17086 19946-17084 Moderate 17120-16823 Moderate 17490-17084 Moderate 19944-17086 Moderate 19946-17084 6.1 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N 17120-16823 6.1 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N 17490-17084 6.1 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N 19944-17086 6.1 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N 19946-17084 CBL-Mariner Releases 17120-16823 17490-17084 19944-17086 19946-17084 No Security Update 3.4.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17120-16823 17490-17084 19944-17086 19946-17084 CBL-Mariner Releases 2.0 2025-01-23T00:00:00 <p>Information published.</p> 2.2 2025-06-21T00:00:00 <p>Added rsync to CBL-Mariner 2.0 Added rsync to Azure Linux 3.0</p> 2.4 2026-02-21T02:51:30 <p>Information published.</p> 1.0 2025-01-19T00:00:00 <p>Information published.</p> 2.1 2025-06-20T00:00:00 <p>Added rsync to CBL-Mariner 2.0 Added rsync to Azure Linux 3.0</p> 2.3 2025-06-22T00:00:00 <p>Added rsync to CBL-Mariner 2.0 Added rsync to Azure Linux 3.0</p> Rsync: path traversal vulnerability in rsync <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-12087 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 17120-16823 17490-17084 19944-17086 19946-17084 17120-16823 17490-17084 19944-17086 19946-17084 Moderate 17120-16823 Moderate 17490-17084 Moderate 19944-17086 Moderate 19946-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 17120-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 17490-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 19944-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 19946-17084 CBL-Mariner Releases 17120-16823 17490-17084 19944-17086 19946-17084 No Security Update 3.4.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17120-16823 17490-17084 19944-17086 19946-17084 CBL-Mariner Releases 2.0 2025-01-23T00:00:00 <p>Information published.</p> 2.2 2025-06-21T00:00:00 <p>Added rsync to CBL-Mariner 2.0 Added rsync to Azure Linux 3.0</p> 2.4 2026-02-21T02:49:25 <p>Information published.</p> 1.0 2025-01-19T00:00:00 <p>Information published.</p> 2.1 2025-06-20T00:00:00 <p>Added rsync to CBL-Mariner 2.0 Added rsync to Azure Linux 3.0</p> 2.3 2025-06-22T00:00:00 <p>Added rsync to CBL-Mariner 2.0 Added rsync to Azure Linux 3.0</p> Rsync: race condition in rsync handling symbolic links <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-12747 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 17120-16823 17490-17084 19946-17084 19944-17086 17120-16823 17490-17084 19946-17084 19944-17086 Moderate 17120-16823 Moderate 17490-17084 Moderate 19946-17084 Moderate 19944-17086 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 17120-16823 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 17490-17084 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 19946-17084 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 19944-17086 CBL-Mariner Releases 17120-16823 17490-17084 19946-17084 19944-17086 No Security Update 3.4.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17120-16823 17490-17084 19946-17084 19944-17086 CBL-Mariner Releases 1.0 2025-01-19T00:00:00 <p>Information published.</p> 2.0 2025-01-23T00:00:00 <p>Information published.</p> 2.1 2026-02-21T02:52:39 <p>Information published.</p> Timing side-channel in ECDSA signature computation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2024-13176 Covert Timing Channel 17488-17084 17477-17084 19805-17086 19824-17084 19813-17086 19816-17086 19800-17086 17627-17084 19819-17084 17459-17084 17013-17084 17012-17084 20435-17084 17488-17084 17477-17084 19805-17086 19824-17084 19813-17086 19816-17086 19800-17086 17627-17084 19819-17084 17459-17084 17013-17084 17012-17084 20435-17084 Moderate 17488-17084 Moderate 17477-17084 Moderate 19805-17086 Moderate 19824-17084 Moderate 19813-17086 Moderate 19816-17086 Moderate 19800-17086 Moderate 17627-17084 Moderate 19819-17084 Moderate 17459-17084 Moderate 17013-17084 Moderate 17012-17084 Moderate 20435-17084 4.1 4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 17488-17084 4.1 4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 17477-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 19805-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 19824-17084 4.1 4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 19813-17086 4.1 4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 19816-17086 4.1 4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 19800-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 17627-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 19819-17084 4.1 4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 17459-17084 4.1 4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 17013-17084 4.1 4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 17012-17084 4.1 4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 20435-17084 CBL-Mariner Releases 17488-17084 17627-17084 No Security Update 20240524git3e722403cd16-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17488-17084 17627-17084 CBL-Mariner Releases CBL-Mariner Releases 17477-17084 19824-17084 No Security Update 3.3.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17477-17084 19824-17084 CBL-Mariner Releases CBL-Mariner Releases 19813-17086 No Security Update 1.1.1k-36 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19813-17086 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> 3.0 2025-04-18T00:00:00 <p>Information published.</p> 3.1 2026-02-18T02:30:48 <p>Information published.</p> 2.0 2025-03-31T00:00:00 <p>Information published.</p> RDMA/rtrs: Ensure 'ib_sge list' is accessible <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-36476 NULL Pointer Dereference 17110-16823 17476-17084 19675-17086 17501-17084 17110-16823 17476-17084 19675-17086 17501-17084 Moderate 17110-16823 Moderate 17476-17084 19675-17086 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> pinmux: Use sequential access to access desc->pinmux data <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-47141 Improper Locking 17476-17084 17087-17086 20925-17086 21093-17086 17501-17084 17476-17084 17087-17086 20925-17086 21093-17086 17501-17084 Moderate 17476-17084 17087-17086 20925-17086 21093-17086 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2026-03-03T15:00:15 <p>Information published.</p> 3.0 2026-03-31T14:38:52 <p>Information published.</p> dma-debug: fix a possible deadlock on radix_lock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-47143 Improper Locking 17110-16823 17476-17084 17501-17084 19675-17086 17110-16823 17476-17084 17501-17084 19675-17086 Moderate 17110-16823 Moderate 17476-17084 17501-17084 19675-17086 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 2.0 2025-03-13T00:00:00 <p>Information published.</p> 1.0 2025-03-08T00:00:00 <p>Information published.</p> dlm: fix possible lkb_resource null dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-47809 NULL Pointer Dereference 17476-17084 17501-17084 17087-17086 20925-17086 21093-17086 17476-17084 17501-17084 17087-17086 20925-17086 21093-17086 Moderate 17476-17084 17501-17084 17087-17086 20925-17086 21093-17086 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 2.0 2026-03-03T14:59:43 <p>Information published.</p> 3.0 2026-03-31T14:37:57 <p>Information published.</p> 1.0 2025-03-13T00:00:00 <p>Information published.</p> wifi: rtw89: check return value of ieee80211_probereq_get() for RNR <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-48873 NULL Pointer Dereference 17476-17084 17501-17084 17476-17084 17501-17084 Moderate 17476-17084 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> btrfs: don't take dev_replace rwsem on task already holding it <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-48875 Improper Locking 17476-17084 20925-17086 21093-17086 17087-17086 17501-17084 17476-17084 20925-17086 21093-17086 17087-17086 17501-17084 Moderate 17476-17084 20925-17086 21093-17086 17087-17086 Moderate 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:57:54 <p>Information published.</p> 2.0 2026-03-03T15:01:28 <p>Information published.</p> 3.0 2026-03-31T14:40:27 <p>Information published.</p> Git does not sanitize URLs when asking for credentials interactively <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-50349 Improper Encoding or Escaping of Output 17121-16823 17491-17084 16899-17084 17333-17086 19933-17086 17121-16823 17491-17084 16899-17084 17333-17086 19933-17086 Low 17121-16823 Low 17491-17084 Low 16899-17084 Low 17333-17086 19933-17086 CBL-Mariner Releases 17121-16823 17333-17086 19933-17086 No Security Update 2.40.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17121-16823 17333-17086 19933-17086 CBL-Mariner Releases CBL-Mariner Releases 17491-17084 16899-17084 No Security Update 2.45.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17491-17084 16899-17084 CBL-Mariner Releases 1.0 2025-01-22T00:00:00 <p>Information published.</p> 2.0 2025-01-23T00:00:00 <p>Information published.</p> 3.0 2025-01-24T00:00:00 <p>Information published.</p> 6.0 2025-01-28T00:00:00 <p>Information published.</p> 8.0 2025-01-30T00:00:00 <p>Information published.</p> 9.0 2025-02-01T00:00:00 <p>Information published.</p> 1.1 2025-02-03T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.2 2025-02-04T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.3 2025-02-05T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.4 2025-02-07T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.5 2025-02-08T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.8 2025-02-11T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.9 2025-02-12T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.0 2025-02-13T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.3 2025-02-16T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.4 2025-02-17T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.5 2025-02-18T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.6 2025-02-19T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.8 2025-02-21T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.1 2025-02-24T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.3 2025-02-26T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.4 2025-02-27T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.5 2025-02-28T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.6 2025-03-01T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.8 2025-03-03T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.1 2025-03-06T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.5 2025-03-11T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.6 2025-03-12T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.7 2025-03-13T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.8 2025-03-14T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.3 2025-03-19T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.5 2025-03-21T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.7 2025-03-23T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.2 2025-03-28T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.4 2025-03-30T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.6 2025-04-01T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.8 2025-04-04T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.3 2025-04-09T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.7 2025-04-14T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.8 2025-04-15T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.0 2025-04-17T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.3 2025-04-20T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.4 2025-04-21T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.7 2025-04-24T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.9 2025-04-26T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.0 2025-04-28T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.2 2025-04-30T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.5 2025-05-03T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.6 2025-05-04T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.8 2025-05-06T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.9 2025-05-07T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.0 2025-05-08T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.3 2025-05-11T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.4 2025-05-12T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.6 2025-05-14T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.9 2025-05-17T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.1 2025-05-19T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.3 2025-05-21T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.7 2025-05-25T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.8 2025-05-26T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.0 2025-01-25T00:00:00 <p>Information published.</p> 5.0 2025-01-27T00:00:00 <p>Information published.</p> 7.0 2025-01-29T00:00:00 <p>Information published.</p> 1.0 2025-02-02T00:00:00 <p>Information published.</p> 1.6 2025-02-09T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.7 2025-02-10T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.1 2025-02-14T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.2 2025-02-15T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.7 2025-02-20T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.9 2025-02-22T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.0 2025-02-23T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.2 2025-02-25T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.7 2025-03-02T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.9 2025-03-04T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.0 2025-03-05T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.2 2025-03-08T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.3 2025-03-09T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.4 2025-03-10T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.9 2025-03-15T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.0 2025-03-16T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.1 2025-03-17T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.2 2025-03-18T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.4 2025-03-20T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.6 2025-03-22T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.8 2025-03-24T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.9 2025-03-25T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.0 2025-03-26T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.1 2025-03-27T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.3 2025-03-29T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.5 2025-03-31T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.7 2025-04-03T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.9 2025-04-05T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.0 2025-04-06T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.1 2025-04-07T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.2 2025-04-08T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.4 2025-04-11T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.5 2025-04-12T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.6 2025-04-13T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.9 2025-04-16T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.1 2025-04-18T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.2 2025-04-19T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.5 2025-04-22T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.6 2025-04-23T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.8 2025-04-25T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.1 2025-04-29T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.3 2025-05-01T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.4 2025-05-02T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.7 2025-05-05T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.1 2025-05-09T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.2 2025-05-10T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.5 2025-05-13T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.7 2025-05-15T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.8 2025-05-16T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.0 2025-05-18T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.2 2025-05-20T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.4 2025-05-22T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.5 2025-05-23T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.6 2025-05-24T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.9 2025-05-27T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 12.0 2026-02-21T02:43:08 <p>Information published.</p> Newline confusion in credential helpers can lead to credential exfiltration in git <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-52006 Improper Encoding or Escaping of Output 17121-16823 17491-17084 19933-17086 16899-17084 17333-17086 17121-16823 17491-17084 19933-17086 16899-17084 17333-17086 Low 17121-16823 Low 17491-17084 19933-17086 Low 16899-17084 Low 17333-17086 CBL-Mariner Releases 17121-16823 19933-17086 17333-17086 No Security Update 2.40.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17121-16823 19933-17086 17333-17086 CBL-Mariner Releases CBL-Mariner Releases 17491-17084 16899-17084 No Security Update 2.45.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17491-17084 16899-17084 CBL-Mariner Releases 1.0 2025-01-22T00:00:00 <p>Information published.</p> 2.0 2025-01-23T00:00:00 <p>Information published.</p> 3.0 2025-01-24T00:00:00 <p>Information published.</p> 5.0 2025-01-27T00:00:00 <p>Information published.</p> 6.0 2025-01-28T00:00:00 <p>Information published.</p> 8.0 2025-01-30T00:00:00 <p>Information published.</p> 9.0 2025-02-01T00:00:00 <p>Information published.</p> 1.1 2025-02-03T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.2 2025-02-04T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.3 2025-02-05T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.5 2025-02-08T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.8 2025-02-11T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.9 2025-02-12T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.2 2025-02-15T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.3 2025-02-16T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.4 2025-02-17T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.5 2025-02-18T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.6 2025-02-19T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.0 2025-02-23T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.1 2025-02-24T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.6 2025-03-01T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.7 2025-03-02T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.8 2025-03-03T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.0 2025-03-05T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.1 2025-03-06T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.2 2025-03-08T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.6 2025-03-12T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.7 2025-03-13T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.5 2025-03-21T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.6 2025-03-22T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.7 2025-03-23T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.1 2025-03-27T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.2 2025-03-28T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.3 2025-03-29T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.4 2025-03-30T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.5 2025-03-31T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.6 2025-04-01T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.8 2025-04-04T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.9 2025-04-05T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.3 2025-04-09T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.6 2025-04-13T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.8 2025-04-15T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.1 2025-04-18T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.3 2025-04-20T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.4 2025-04-21T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.5 2025-04-22T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.7 2025-04-24T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.9 2025-04-26T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.0 2025-04-28T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.3 2025-05-01T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.5 2025-05-03T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.8 2025-05-06T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.9 2025-05-07T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.2 2025-05-10T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.3 2025-05-11T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.4 2025-05-12T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.6 2025-05-14T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.9 2025-05-17T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.0 2025-05-18T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.3 2025-05-21T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.4 2025-05-22T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.6 2025-05-24T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.8 2025-05-26T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 12.0 2026-02-21T02:48:03 <p>Information published.</p> 4.0 2025-01-25T00:00:00 <p>Information published.</p> 7.0 2025-01-29T00:00:00 <p>Information published.</p> 1.0 2025-02-02T00:00:00 <p>Information published.</p> 1.4 2025-02-07T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.6 2025-02-09T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 1.7 2025-02-10T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.0 2025-02-13T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.1 2025-02-14T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.7 2025-02-20T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.8 2025-02-21T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 2.9 2025-02-22T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.2 2025-02-25T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.3 2025-02-26T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.4 2025-02-27T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.5 2025-02-28T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 3.9 2025-03-04T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.3 2025-03-09T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.4 2025-03-10T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.5 2025-03-11T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.8 2025-03-14T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 4.9 2025-03-15T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.0 2025-03-16T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.1 2025-03-17T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.2 2025-03-18T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.3 2025-03-19T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.4 2025-03-20T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.8 2025-03-24T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 5.9 2025-03-25T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.0 2025-03-26T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 6.7 2025-04-03T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.0 2025-04-06T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.1 2025-04-07T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.2 2025-04-08T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.4 2025-04-11T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.5 2025-04-12T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.7 2025-04-14T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 7.9 2025-04-16T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.0 2025-04-17T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.2 2025-04-19T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.6 2025-04-23T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 8.8 2025-04-25T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.1 2025-04-29T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.2 2025-04-30T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.4 2025-05-02T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.6 2025-05-04T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 9.7 2025-05-05T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.0 2025-05-08T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.1 2025-05-09T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.5 2025-05-13T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.7 2025-05-15T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 10.8 2025-05-16T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.1 2025-05-19T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.2 2025-05-20T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.5 2025-05-23T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.7 2025-05-25T00:00:00 <p>Added git to CBL-Mariner 2.0</p> 11.9 2025-05-27T00:00:00 <p>Added git to CBL-Mariner 2.0</p> Git LFS permits exfiltration of credentials via crafted HTTP URLs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-53263 Improper Neutralization of Special Elements in Output Used by a Downstream Component (&#39;Injection&#39;) 17122-16823 17492-17084 19940-17084 19936-17086 17122-16823 17492-17084 19940-17084 19936-17086 Important 17122-16823 Important 17492-17084 Important 19940-17084 Important 19936-17086 CBL-Mariner Releases 17122-16823 19936-17086 No Security Update 3.5.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17122-16823 19936-17086 CBL-Mariner Releases CBL-Mariner Releases 17492-17084 19940-17084 No Security Update 3.6.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17492-17084 19940-17084 CBL-Mariner Releases 1.0 2025-02-01T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:44:38 <p>Information published.</p> netfilter: IDLETIMER: Fix for possible ABBA deadlock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-54683 Improper Locking 17476-17084 17087-17086 20925-17086 21093-17086 17501-17084 17476-17084 17087-17086 20925-17086 21093-17086 17501-17084 Moderate 17476-17084 17087-17086 20925-17086 21093-17086 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 2.0 2026-03-03T14:55:13 <p>Information published.</p> 3.0 2026-03-31T15:16:39 <p>Information published.</p> 1.0 2025-03-13T00:00:00 <p>Information published.</p> drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56369 Divide By Zero 17110-16823 17476-17084 19675-17086 17501-17084 17110-16823 17476-17084 19675-17086 17501-17084 Moderate 17110-16823 Moderate 17476-17084 19675-17086 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> PCI/MSI: Handle lack of irqdomain gracefully <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56760 17476-17084 17501-17084 17476-17084 17501-17084 Moderate 17476-17084 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56767 NULL Pointer Dereference 17110-16823 17476-17084 18490-17086 17501-17084 19682-17086 17110-16823 17476-17084 18490-17086 17501-17084 19682-17086 Moderate 17110-16823 Moderate 17476-17084 18490-17086 17501-17084 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:21:12 <p>Information published.</p> media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56769 17110-16823 17476-17084 19682-17086 17501-17084 18490-17086 17110-16823 17476-17084 19682-17086 17501-17084 18490-17086 Moderate 17110-16823 Moderate 17476-17084 19682-17086 Moderate 17501-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:22:55 <p>Information published.</p> btrfs: add a sanity check for btrfs root in btrfs_search_slot() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56774 NULL Pointer Dereference 17110-16823 17489-17084 17088-17084 19675-17086 17110-16823 17489-17084 17088-17084 19675-17086 Moderate 17110-16823 Moderate 17489-17084 17088-17084 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17489-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17088-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17489-17084 17088-17084 No Security Update 6.6.64.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17489-17084 17088-17084 CBL-Mariner Releases 1.0 2025-01-29T00:00:00 <p>Information published.</p> 2.0 2025-03-08T00:00:00 <p>Information published.</p> drm/sti: avoid potential dereference of error pointers <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56776 17110-16823 17489-17084 19675-17086 17088-17084 17110-16823 17489-17084 19675-17086 17088-17084 Moderate 17110-16823 Moderate 17489-17084 19675-17086 17088-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17489-17084 17088-17084 No Security Update 6.6.64.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17489-17084 17088-17084 CBL-Mariner Releases 1.0 2025-01-29T00:00:00 <p>Information published.</p> 2.0 2025-03-08T00:00:00 <p>Information published.</p> nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56779 Missing Release of Memory after Effective Lifetime 17110-16823 17489-17084 19675-17086 17088-17084 17110-16823 17489-17084 19675-17086 17088-17084 Moderate 17110-16823 Moderate 17489-17084 19675-17086 17088-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17489-17084 17088-17084 No Security Update 6.6.64.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17489-17084 17088-17084 CBL-Mariner Releases 1.0 2025-01-29T00:00:00 <p>Information published.</p> 2.0 2025-03-08T00:00:00 <p>Information published.</p> quota: flush quota_release_work upon quota writeback <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56780 17110-16823 17489-17084 17088-17084 19675-17086 17110-16823 17489-17084 17088-17084 19675-17086 Moderate 17110-16823 Moderate 17489-17084 17088-17084 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17489-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17088-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17489-17084 17088-17084 No Security Update 6.6.64.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17489-17084 17088-17084 CBL-Mariner Releases 2.0 2025-03-08T00:00:00 <p>Information published.</p> 1.0 2025-01-29T00:00:00 <p>Information published.</p> MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56785 17110-16823 17476-17084 19675-17086 17501-17084 17110-16823 17476-17084 19675-17086 17501-17084 Moderate 17110-16823 Moderate 17476-17084 19675-17086 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57798 Use After Free 17476-17084 17087-17086 20925-17086 21093-17086 17501-17084 17476-17084 17087-17086 20925-17086 21093-17086 17501-17084 Important 17476-17084 Important 17087-17086 Important 20925-17086 Important 21093-17086 Important 17501-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17476-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.1 2026-02-18T02:59:03 <p>Information published.</p> 2.0 2026-03-03T15:01:43 <p>Information published.</p> 3.0 2026-03-31T14:40:49 <p>Information published.</p> 1.0 2025-03-13T00:00:00 <p>Information published.</p> net/mlx5e: Skip restore TC rules for vport rep without loaded flag <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57801 Use After Free 17476-17084 17501-17084 17476-17084 17501-17084 Moderate 17476-17084 Moderate 17501-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17476-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:18:39 <p>Information published.</p> net: fix memory leak in tcp_conn_request() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57841 17110-16823 17476-17084 19675-17086 17501-17084 17110-16823 17476-17084 19675-17086 17501-17084 Moderate 17110-16823 Moderate 17476-17084 19675-17086 17501-17084 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> drm: adv7511: Fix use-after-free in adv7533_attach_dsi() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57887 17476-17084 17501-17084 19682-17086 18490-17086 17476-17084 17501-17084 19682-17086 18490-17086 Important 17476-17084 Important 17501-17084 19682-17086 Important 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17476-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17501-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:17:42 <p>Information published.</p> RDMA/uverbs: Prevent integer overflow issue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57890 Integer Overflow or Wraparound 17110-16823 17476-17084 17501-17084 19675-17086 17110-16823 17476-17084 17501-17084 19675-17086 Moderate 17110-16823 Moderate 17476-17084 17501-17084 19675-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19675-17086 CBL-Mariner Releases 17110-16823 19675-17086 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57901 17099-16823 17471-17084 17501-17084 19675-17086 17099-16823 17471-17084 17501-17084 19675-17086 Moderate 17099-16823 Moderate 17471-17084 17501-17084 19675-17086 CBL-Mariner Releases 17099-16823 19675-17086 No Security Update 5.15.176.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-16823 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17471-17084 17501-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17471-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.0 2025-03-13T00:00:00 <p>Information published.</p> drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57926 Use After Free 17476-17084 17501-17084 17476-17084 17501-17084 Moderate 17476-17084 Moderate 17501-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17476-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17476-17084 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17476-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:53:05 <p>Information published.</p> riscv: Fix sleeping in invalid context in die() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57939 17095-16823 17471-17084 17099-17086 19705-17086 17501-17084 17095-16823 17471-17084 17099-17086 19705-17086 17501-17084 Moderate 17095-16823 Moderate 17471-17084 17099-17086 19705-17086 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17471-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17095-16823 17099-17086 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 17099-17086 19705-17086 CBL-Mariner Releases CBL-Mariner Releases 17471-17084 17501-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17471-17084 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2026-02-21T04:21:08 <p>Information published.</p> nvme-rdma: unquiesce admin_q before destroy it <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-49569 19529-17084 17087-17086 20925-17086 21093-17086 19734-17084 19529-17084 17087-17086 20925-17086 21093-17086 19734-17084 Moderate 19529-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 19734-17084 5.7 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.7 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.7 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.7 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 2.0 2026-03-03T15:03:34 <p>Information published.</p> 3.0 2026-03-31T14:41:44 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:06:43 <p>Information published.</p> In FRRouting (FRR) all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-55553 Improper Resource Shutdown or Release 19541-16823 19585-17084 19931-17086 19541-16823 19585-17084 19931-17086 Important 19541-16823 Important 19585-17084 Important 19931-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19541-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19585-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19931-17086 CBL-Mariner Releases 19541-16823 19931-17086 No Security Update 8.5.5-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19541-16823 19931-17086 CBL-Mariner Releases CBL-Mariner Releases 19585-17084 No Security Update 9.1.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19585-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:26:18 <p>Information published.</p> powerpc/pseries/vas: Add close() callback in vas_vm_ops struct <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56765 17501-17084 17501-17084 Important 17501-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17501-17084 CBL-Mariner Releases 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:14:00 <p>Information published.</p> jffs2: Prevent rtime decompress memory corruption <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57850 19675-17086 17501-17084 19675-17086 17501-17084 Important 19675-17086 Important 17501-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19675-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17501-17084 CBL-Mariner Releases 19675-17086 No Security Update 5.15.176.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19675-17086 CBL-Mariner Releases CBL-Mariner Releases 17501-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases 2.0 2025-03-13T00:00:00 <p>Information published.</p> 1.0 2025-03-08T00:00:00 <p>Information published.</p> 2.1 2026-02-18T01:03:01 <p>Information published.</p> iio: adc: ti-ads8688: fix information leak in triggered buffer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57906 Use of Uninitialized Resource 17501-17084 18490-17086 19682-17086 17501-17084 18490-17086 19682-17086 Important 17501-17084 Important 18490-17086 19682-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17501-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18490-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19682-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:50:56 <p>Information published.</p> iio: adc: rockchip_saradc: fix information leak in triggered buffer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57907 17501-17084 18490-17086 19682-17086 17501-17084 18490-17086 19682-17086 Important 17501-17084 Important 18490-17086 19682-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17501-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18490-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19682-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:24:00 <p>Information published.</p> iio: light: vcnl4035: fix information leak in triggered buffer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57910 17501-17084 17099-17086 19705-17086 17501-17084 17099-17086 19705-17086 Important 17501-17084 Important 17099-17086 19705-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17501-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17099-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19705-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 17099-17086 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-17086 19705-17086 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 3.0 2026-02-19T01:03:35 <p>Information published.</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57916 17501-17084 17501-17084 Moderate 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 CBL-Mariner Releases 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:46:26 <p>Information published.</p> ksmbd: fix a missing return value check bug <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57925 19682-17086 17501-17084 18490-17086 19682-17086 17501-17084 18490-17086 19682-17086 Important 17501-17084 Important 18490-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 19682-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 17501-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 18490-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.78.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases 1.0 2025-03-13T00:00:00 <p>Information published.</p> 2.0 2026-02-21T03:26:19 <p>Information published.</p> The sideband payload is passed unfiltered to the terminal in git <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-52005 Improper Encoding or Escaping of Output 20045-17084 20048-17086 20045-17084 20048-17086 Important 20045-17084 Important 20048-17086 1.0 2025-09-03T21:13:58 <p>Information published.</p> eth: bnxt: always recalculate features after XDP clearing, fix null-deref <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21682 NULL Pointer Dereference 19683-17084 17087-17086 20613-17084 20725-17084 20823-17084 20860-17084 20925-17086 21093-17086 20412-17084 20553-17084 20788-17084 20956-17084 19683-17084 17087-17086 20613-17084 20725-17084 20823-17084 20860-17084 20925-17086 21093-17086 20412-17084 20553-17084 20788-17084 20956-17084 19683-17084 17087-17086 20613-17084 20725-17084 20823-17084 20860-17084 20925-17086 21093-17086 20412-17084 20553-17084 20788-17084 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 1.0 2025-09-03T21:21:53 <p>Information published.</p> 2.0 2025-12-07T01:37:55 <p>Information published.</p> 3.0 2026-01-08T14:36:10 <p>Information published.</p> 4.0 2026-01-20T14:51:43 <p>Information published.</p> 5.0 2026-02-19T01:04:52 <p>Information published.</p> 9.0 2026-03-31T14:47:21 <p>Information published.</p> 6.0 2026-03-03T14:36:38 <p>Information published.</p> 7.0 2026-03-04T14:35:30 <p>Information published.</p> 8.0 2026-03-28T14:35:54 <p>Information published.</p> PCI: imx6: Fix suspend/resume support on i.MX6QDL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57809 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 21094-17084 21332-17084 19683-17084 17087-17086 20553-17084 20788-17084 20956-17084 21248-17084 21308-17084 21344-17084 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 21094-17084 21332-17084 19683-17084 17087-17086 20553-17084 20788-17084 20956-17084 21248-17084 21308-17084 21344-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 21332-17084 19683-17084 Moderate 17087-17086 Moderate 20553-17084 Moderate 20788-17084 Moderate 20956-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T22:29:01 <p>Information published.</p> 2.0 2025-12-07T01:47:41 <p>Information published.</p> 4.0 2026-01-20T14:42:20 <p>Information published.</p> 6.0 2026-03-04T14:41:12 <p>Information published.</p> 7.0 2026-03-31T15:00:09 <p>Information published.</p> 8.0 2026-04-29T14:48:41 <p>Information published.</p> 10.0 2026-05-11T01:42:01 <p>Information published.</p> 3.0 2026-01-08T14:46:38 <p>Information published.</p> 5.0 2026-02-19T01:45:05 <p>Information published.</p> 9.0 2026-05-06T14:43:08 <p>Information published.</p> 11.0 2026-05-17T14:43:14 <p>Information published.</p> ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56782 NULL Pointer Dereference 17087-17086 20412-17084 20725-17084 20788-17084 20956-17084 21093-17086 21094-17084 21248-17084 21332-17084 19683-17084 20553-17084 20613-17084 20823-17084 20860-17084 20925-17086 21308-17084 21344-17084 17087-17086 20412-17084 20725-17084 20788-17084 20956-17084 21093-17086 21094-17084 21248-17084 21332-17084 19683-17084 20553-17084 20613-17084 20823-17084 20860-17084 20925-17086 21308-17084 21344-17084 17087-17086 20412-17084 20725-17084 20788-17084 20956-17084 21093-17086 21094-17084 21248-17084 21332-17084 19683-17084 20553-17084 20613-17084 20823-17084 20860-17084 20925-17086 21308-17084 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:36:04 <p>Information published.</p> 5.0 2026-02-19T01:45:44 <p>Information published.</p> 6.0 2026-03-03T14:51:53 <p>Information published.</p> 7.0 2026-03-04T14:46:49 <p>Information published.</p> 8.0 2026-03-31T15:11:52 <p>Information published.</p> 9.0 2026-04-29T14:58:29 <p>Information published.</p> 1.0 2025-09-03T22:32:19 <p>Information published.</p> 3.0 2026-01-08T14:50:16 <p>Information published.</p> 4.0 2026-01-20T14:50:27 <p>Information published.</p> 10.0 2026-05-06T14:52:19 <p>Information published.</p> 11.0 2026-05-11T01:50:59 <p>Information published.</p> 12.0 2026-05-17T14:51:48 <p>Information published.</p> bpf: Prevent tailcall infinite loop caused by freplace <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-47794 19683-17084 20412-17084 17087-17086 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 17087-17086 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 17087-17086 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 20412-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 20613-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 20788-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 20823-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 20860-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 20956-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 21094-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 21248-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 21308-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 21332-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 21344-17084 1.0 2025-09-04T00:54:29 <p>Information published.</p> 2.0 2025-12-07T01:37:55 <p>Information published.</p> 3.0 2026-01-08T14:51:00 <p>Information published.</p> 6.0 2026-03-03T14:47:41 <p>Information published.</p> 7.0 2026-03-04T14:43:45 <p>Information published.</p> 8.0 2026-03-31T15:14:28 <p>Information published.</p> 9.0 2026-04-29T14:53:24 <p>Information published.</p> 11.0 2026-05-11T01:46:10 <p>Information published.</p> 4.0 2026-01-20T14:47:58 <p>Information published.</p> 5.0 2026-02-19T01:49:24 <p>Information published.</p> 10.0 2026-05-06T14:47:49 <p>Information published.</p> 12.0 2026-05-17T14:47:14 <p>Information published.</p> net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21650 Out-of-bounds Write 19529-17084 19529-17084 Important 19529-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19529-17084 1.0 2025-09-04T02:55:33 <p>Information published.</p> 1.1 2026-02-21T03:32:00 <p>Information published.</p> RDMA/siw: Remove direct link to net_device <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57857 Use After Free 17087-17086 19683-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21093-17086 21094-17084 21308-17084 21332-17084 20412-17084 20553-17084 20860-17084 20925-17086 21248-17084 21344-17084 17087-17086 19683-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21093-17086 21094-17084 21308-17084 21332-17084 20412-17084 20553-17084 20860-17084 20925-17086 21248-17084 21344-17084 Moderate 17087-17086 19683-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21093-17086 Moderate 21094-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21248-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-04T03:42:28 <p>Information published.</p> 2.0 2025-12-07T01:40:47 <p>Information published.</p> 3.0 2026-01-08T14:40:23 <p>Information published.</p> 4.0 2026-01-20T14:37:46 <p>Information published.</p> 5.0 2026-02-18T15:10:23 <p>Information published.</p> 6.0 2026-03-03T14:51:35 <p>Information published.</p> 9.0 2026-04-29T14:42:47 <p>Information published.</p> 11.0 2026-05-11T01:39:14 <p>Information published.</p> 12.1 2026-05-22T01:40:18 <p>Information published.</p> 7.0 2026-03-04T14:37:34 <p>Information published.</p> 8.0 2026-03-31T15:08:39 <p>Information published.</p> 10.0 2026-05-06T14:38:57 <p>Information published.</p> 12.0 2026-05-17T14:40:06 <p>Information published.</p> Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-54680 17501-17084 17501-17084 Moderate 17501-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17501-17084 CBL-Mariner Releases 17501-17084 No Security Update 6.6.76.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases 1.0 2025-10-01T23:11:35 <p>Information published.</p> 2.0 2026-02-18T02:11:01 <p>Information published.</p> virtio-net: fix overflow inside virtnet_rq_alloc <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57843 Integer Underflow (Wrap or Wraparound) 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2026-03-03T14:51:35 <p>Information published.</p> 3.0 2026-03-31T15:12:45 <p>Information published.</p> 1.0 2025-09-27T01:02:44 <p>Information published.</p> net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-49568 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2026-03-03T15:03:16 <p>Information published.</p> 1.0 2025-10-17T01:01:27 <p>Information published.</p> 3.0 2026-03-31T14:41:20 <p>Information published.</p> riscv: Fix IPIs usage in kfence_protect_page() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-53687 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-17T01:01:36 <p>Information published.</p> net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21629 20925-17086 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 Moderate 20925-17086 Moderate 17087-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 2.0 2026-03-03T15:04:09 <p>Information published.</p> 1.0 2025-10-18T01:01:13 <p>Information published.</p> 3.0 2026-03-31T14:42:40 <p>Information published.</p> platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21645 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-18T01:01:18 <p>Information published.</p> wifi: mac80211: fix mbss changed flags corruption on 32 bit systems <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-57899 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 20925-17086 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 21093-17086 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U 17087-17086 1.0 2025-10-19T01:01:38 <p>Information published.</p> 2.0 2026-03-03T15:04:37 <p>Information published.</p> 3.0 2026-03-31T14:43:05 <p>Information published.</p> A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2025-23084 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 19608-17084 19873-17086 19608-17084 19873-17086 Moderate 19608-17084 Moderate 19873-17086 5.6 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N 19608-17084 5.6 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N 19873-17086 1.0 2025-09-04T00:12:01 <p>Information published.</p> 1.1 2026-02-18T02:45:59 <p>Information published.</p> afs: Fix merge preference rule failure condition <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21672 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21093-17086 21248-17084 21332-17084 17087-17086 19683-17084 20412-17084 20553-17084 20788-17084 20925-17086 21094-17084 21308-17084 21344-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21093-17086 21248-17084 21332-17084 17087-17086 19683-17084 20412-17084 20553-17084 20788-17084 20925-17086 21094-17084 21308-17084 21344-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21093-17086 21248-17084 21332-17084 17087-17086 19683-17084 20412-17084 20553-17084 20788-17084 20925-17086 21094-17084 21308-17084 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:37:44 <p>Information published.</p> 4.0 2026-01-20T14:51:35 <p>Information published.</p> 5.0 2026-02-18T03:06:44 <p>Information published.</p> 6.0 2026-03-03T15:03:52 <p>Information published.</p> 7.0 2026-03-04T14:35:22 <p>Information published.</p> 8.0 2026-03-31T14:44:09 <p>Information published.</p> 9.0 2026-04-29T14:39:09 <p>Information published.</p> 11.0 2026-05-11T01:52:12 <p>Information published.</p> 1.0 2025-09-03T20:47:41 <p>Information published.</p> 3.0 2026-01-08T14:35:59 <p>Information published.</p> 10.0 2026-05-06T14:53:16 <p>Information published.</p> 12.0 2026-05-17T14:52:59 <p>Information published.</p> btrfs: fix use-after-free when COWing tree bock and tracing is enabled <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-56759 Use After Free 19529-17084 19682-17086 18490-17086 19529-17084 19682-17086 18490-17086 Important 19529-17084 19682-17086 Important 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19529-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 1.0 2025-09-03T20:12:31 <p>Information published.</p> 2.0 2026-02-18T01:20:20 <p>Information published.</p> The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2024-37372 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 19608-17084 19608-17084 Low 19608-17084 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N 19608-17084 1.0 2025-09-03T20:30:12 <p>Information published.</p> 1.1 2026-02-18T01:27:35 <p>Information published.</p> GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application.</p> Visual Studio GitHub Yes CVE-2024-50338 Improper Input Validation 11600 11935 12187 12271 12322 12459 Information Disclosure 11600 Information Disclosure 11935 Information Disclosure 12187 Information Disclosure 12271 Information Disclosure 12322 Information Disclosure 12459 Important 11600 Important 11935 Important 12187 Important 12271 Important 12322 Important 12459 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.4 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11600 7.4 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11935 7.4 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12187 7.4 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12271 7.4 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12322 7.4 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12459 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.69 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.43 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.22 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21411 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21413 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> .NET Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p> .NET Microsoft Yes CVE-2025-21171 Heap-based Buffer Overflow 12476 12477 12478 12432 12433 12434 12459 12187 12271 12322 Remote Code Execution 12476 Remote Code Execution 12477 Remote Code Execution 12478 Remote Code Execution 12432 Remote Code Execution 12433 Remote Code Execution 12434 Remote Code Execution 12459 Remote Code Execution 12187 Remote Code Execution 12271 Remote Code Execution 12322 Important 12476 Important 12477 Important 12478 Important 12432 Important 12433 Important 12434 Important 12459 Important 12187 Important 12271 Important 12322 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12476 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12477 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12478 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12432 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12433 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12434 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12459 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12322 Release Notes https://github.com/PowerShell/Announcements/issues/72 12476 12477 12478 Maybe Security Update 7.5.0 https://github.com/PowerShell/Announcements/issues/72 12476 12477 12478 Release Notes 5050526 https://dotnet.microsoft.com/en-us/download/dotnet/9.0 12432 12433 12434 Maybe Security Update 9.0.1 https://support.microsoft.com/help/5050526 12432 12433 12434 5050526 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.22 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes 1.0 2025-01-14T00:00:00 <p>Information published.</p> 2.0 2025-01-29T00:00:00 <p>Revised the Security Updates table to include PowerShell 7.5 installed on Windows, PowerShell 7.5 installed on Linux, and PowerShell 7.5 installed on MacOC because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/72">https://github.com/PowerShell/Announcements/issues/72</a> for more information.</p> Windows BitLocker Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of unencrypted hibernation images in cleartext.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> <p><strong>According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker needs repeated physical access to the victim machine's hard disk.</p> Windows Virtual Trusted Platform Module Microsoft Yes CVE-2025-21210 Not Failing Securely ('Failing Open') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://dfir.ru/">Maxim Suhanov</a> with CICADA8 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows BitLocker Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Bitlocker Key.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts by swapping virtual hard disks.</p> Windows BitLocker Microsoft Yes CVE-2025-21214 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/errno_fail">Maxim Suhanov</a> with CICADA8 1.0 2025-01-14T00:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit the vulnerability and save an invalid state to a database or trigger other unintended actions.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Boot Manager Microsoft Yes CVE-2025-21215 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://dfir.ru/">Maxim Suhanov</a> with <a href="https://cicada8.ru/">CICADA8</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-29T00:00:00 <p>In the Security Updates table, corrected the Impact to Security Feature Bypass. This is an informational change only.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21233 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level.</p> <p>Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p> Windows PrintWorkflowUserSvc Microsoft Yes CVE-2025-21234 Improper Input Validation 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 <a href="https://x.com/nevul37">Jongseong Kim (nevul37)</a> with <a href="https://www.enki.co.kr/en/">Ajou University &amp; ENKI WhiteHat</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level.</p> <p>Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p> Windows PrintWorkflowUserSvc Microsoft Yes CVE-2025-21235 Improper Input Validation 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 <a href="https://www.linkedin.com/in/종성-김-0243b81bb/">Jongseong Kim (nevul37)</a> with <a href="https://www.enki.co.kr/en/">Ajou University &amp; ENKI WhiteHat</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21236 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21237 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-29T00:00:00 <p>Updated information to include CVSS scores. This is an informational change only.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21239 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21241 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Kerberos Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> Windows Kerberos Microsoft Yes CVE-2025-21242 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Asna Farooqui 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21243 Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21244 Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21248 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21249 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zhihua Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p> Windows Message Queuing Microsoft Yes CVE-2025-21251 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21252 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21255 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zhihua Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows WLAN AutoConfig Service Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows WLAN Auto Config Service Microsoft Yes CVE-2025-21257 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21258 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zhihua Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21260 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zhihua Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21263 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zhihua Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB device.</p> Windows Digital Media Microsoft Yes CVE-2025-21265 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zhihua Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21266 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> MapUrlToZone Security Feature Bypass Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows MapUrlToZone Microsoft Yes CVE-2025-21268 Improper Resolution of Path Equivalence 12437 12436 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 12437 Security Feature Bypass 12436 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 12437 Important 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12437 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12436 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11568 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11569 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11571 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11572 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11923 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11924 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11929 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11930 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11931 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12085 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12086 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12097 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12098 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12099 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12242 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12243 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12244 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12389 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12390 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10729 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10735 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10852 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10853 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10816 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10855 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 9312 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10287 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 9318 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 9344 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10051 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10049 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10378 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10379 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10483 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10543 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12436 12389 12390 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12436 12389 12390 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12436 12389 12390 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 9312 10287 9318 9344 Yes IE Cumulative 1.007 https://support.microsoft.com/help/5049994 9312 10287 9318 9344 5049994 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10051 10049 10378 10379 Yes IE Cumulative 1.003 https://support.microsoft.com/help/5049994 10051 10049 10378 10379 5049994 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10483 10543 Yes IE Cumulative 1.002 https://support.microsoft.com/help/5049994 10483 10543 5049994 <a href="https://twitter.com/ecthr0s">George Hughey</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows HTML Platforms Security Feature Bypass Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A security feature bypass vulnerability exists when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.</p> <p>To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted URL to a victim and convince them to click on it.</p> <p>The security update addresses the vulnerability by correcting security feature behavior to properly map affected URLs to the correct Security Zone.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows MapUrlToZone Microsoft Yes CVE-2025-21269 Improper Resolution of Path Equivalence 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12436 12437 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Security Feature Bypass 12436 Security Feature Bypass 12437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12436 Important 12437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12242 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12243 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12244 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12389 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12390 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9312 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10287 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9318 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9344 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10051 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10049 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10378 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10379 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12436 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12437 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12389 12390 12436 12437 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12389 12390 12436 12437 5050009 5050009 https://support.microsoft.com/help/5050009 12389 12390 12436 12437 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 9312 10287 9318 9344 Yes IE Cumulative 1.007 https://support.microsoft.com/help/5049994 9312 10287 9318 9344 5049994 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10051 10049 10378 10379 Yes IE Cumulative 1.003 https://support.microsoft.com/help/5049994 10051 10049 10378 10379 5049994 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10483 10543 Yes IE Cumulative 1.002 https://support.microsoft.com/help/5049994 10483 10543 5049994 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p> Windows Message Queuing Microsoft Yes CVE-2025-21270 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2025-21271 Buffer Over-read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 <a href="https://twitter.com/ranchoice">RanchoIce</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows COM Server Information Disclosure Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could get unauthorized access to sensitive user data outside of the AppContainer execution environment.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows COM Microsoft Yes CVE-2025-21272 Use of Uninitialized Resource 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p> Windows Message Queuing Microsoft Yes CVE-2025-21277 Buffer Over-read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Virtual Trusted Platform Module Denial of Service Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A successful exploitation of this vulnerability via a medium integrity level exploit could allow an attacker to gain unauthorized access to system-level resources, potentially modify kernel memory, and execute arbitrary code with kernel-level privileges. This could lead to a full compromise of the system’s integrity, confidentiality, and availability.</p> <p><strong>Are there any additional steps that I need to follow to be protected from this vulnerability?</strong></p> <p>The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in <a href="https://support.microsoft.com/help/5042562">Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates</a> has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.</p> Windows Virtual Trusted Platform Module Microsoft Yes CVE-2025-21280 Improper Input Validation 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 <a href="https://twitter.com/rthhh17">HongZhenhao</a> with <a href="https://twitter.com/tiangonglab">TianGong Team of Legendsec at Qi&#39;anxin Group</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft COM for Windows Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows COM Microsoft Yes CVE-2025-21281 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com.cn/">Hillstone Network Security Research Institute</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21282 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Virtual Trusted Platform Module Denial of Service Vulnerability <p><strong>Are there any additional steps that I need to follow to be protected from this vulnerability?</strong></p> <p>The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in <a href="https://support.microsoft.com/help/5042562">Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates</a> has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p> <p>If an attacker was able to successfully exploit the vulnerability the attack might result in a total loss of availability.</p> Windows Virtual Trusted Platform Module Microsoft Yes CVE-2025-21284 Improper Input Validation 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 <a href="https://twitter.com/rthhh17">HongZhenhao</a> with <a href="https://twitter.com/tiangonglab">TianGong Team of Legendsec at Qi&#39;anxin Group</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p> Windows Message Queuing Microsoft Yes CVE-2025-21285 NULL Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows COM Server Information Disclosure Vulnerability <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows COM Microsoft Yes CVE-2025-21288 Use of Uninitialized Resource 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p> Windows Message Queuing Microsoft Yes CVE-2025-21289 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p> Windows Message Queuing Microsoft Yes CVE-2025-21290 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Direct Show Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires an authenticated client to click a link so that an unauthenticated attacker can initiate remote code execution.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by controlling subsequent memory allocation after a double free error occurs. This could potentially allow the attacker to execute arbitrary code, leading to remote code execution.</p> Windows Direct Show Microsoft Yes CVE-2025-21291 Double Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 Mozilla 1.0 2025-01-14T00:00:00 <p>Information published.</p> Active Directory Domain Services Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system.</p> Active Directory Domain Services Microsoft Yes CVE-2025-21293 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://www.linkedin.com/in/sebastian-b-a5177999/">Sebastian Sadeq Birke</a> with <a href="https://retest.dk/">ReTest Security ApS</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 2.0 2025-09-09T00:00:00 <p>To comprehensively address CVE-2025-21293, Microsoft has released September 2025 security update KB5065426 for Windows Server 2025, Windows Server 2025 (Server Core installation), Windows 11 Version 24H2 for x64-based Systems, and Windows 11 Version 24H2 for ARM64-based Systems. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> <p>For customers running these versions of Windows and who install the HotPatch updates, Microsoft has released Hotpatch KB5065474. Customers who install the HotPatch updates should install KB5065474 to be protected from this vulnerability.</p> Microsoft Digest Authentication Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could successfully exploit this vulnerability by connecting to a system which requires digest authentication, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.</p> Microsoft Digest Authentication Microsoft Yes CVE-2025-21294 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/guhe120">Yuki Chen</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to manipulate system operations in a specific manner.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.</p> Windows SPNEGO Extended Negotiation Microsoft Yes CVE-2025-21295 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/guhe120">Yuki Chen</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> BranchCache Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> BranchCache Microsoft Yes CVE-2025-21296 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Remote Desktop Services Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.</p> Windows Remote Desktop Services Microsoft Yes CVE-2025-21297 Use After Free 11571 11572 11923 11924 12437 12244 12436 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 12437 Critical 12244 Critical 12436 Critical 10816 Critical 10855 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12436 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10816 10855 5049993 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/vv474172261">VictorV(Tang tianwen)</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows OLE Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim's Outlook application displaying a preview of a specially crafted email . This could result in the attacker executing remote code on the victim's machine.</p> <p><strong>What is OLE?</strong></p> <p>Object Linking and Embedding (OLE) is a technology that allows embedding and linking to documents and other objects. For more information please visit: <a href="https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-oleds/85583d21-c1cf-4afe-a35f-d6701c5fbb6f">Object Linking and Embedding (OLE) Data Structures</a>.</p> Windows OLE Microsoft Yes CVE-2025-21298 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <p><strong>Use Microsoft Outlook to reduce the risk of users opening RTF Files from unknown or untrusted sources</strong></p> <p>To help protect against this vulnerability, we recommend users read email messages in plain text format.</p> <p>For guidance on how to configure Microsoft Outlook to read all standard mail in plain text, please refer to <a href="https://support.microsoft.com/en-us/office/read-email-messages-in-plain-text-16dfe54a-fadc-4261-b2ce-19ad072ed7e3">Read email messages in plain text</a>.</p> <p><strong>Impact of workaround:</strong> Email messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. In addition, the following behavior may be experienced:</p> <ul> <li>The changes are applied to the preview pane and to open messages.</li> <li>Pictures become attachments so that they are not lost.</li> <li>Because the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly.</li> </ul> <a href="https://twitter.com/thezdi">Jmini, Rotiple, D4m0n</a> with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-22T00:00:00 <p>Corrected one or more links in the FAQ. This is an informational change only.</p> Windows Kerberos Security Feature Bypass Vulnerability <p><strong>Are there any additional steps that I need to follow to be protected from this vulnerability?</strong></p> <p>The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in <a href="https://support.microsoft.com/help/5042562">Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates</a> has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Windows Defender Credential Guard Feature to leak Kerberos credentials.</p> Windows Kerberos Microsoft Yes CVE-2025-21299 Insecure Storage of Sensitive Information 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12244 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 <a href="https://x.com/_ethicalchaos_">Ceri Coburn</a> with <a href="https://www.netspi.com/">NetSPI</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Geolocation Service Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> Windows Geolocation Service Microsoft Yes CVE-2025-21301 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 Andr&#233; Schoorl and Bruno Pereira Vidal Bruno Pereira Vidal 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21302 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21303 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft DWM Core Library Elevation of Privilege Vulnerability <p><strong>What privileges could an attacker gain with successful exploitation?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process.</p> <p>This could lead to further system compromise and unauthorized actions within the network.</p> Windows DWM Core Library Microsoft Yes CVE-2025-21304 Use After Free 11568 11569 11571 11572 11929 11930 11931 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 Varun Goel 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21306 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Remote Desktop Services Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.</p> Windows Remote Desktop Services Microsoft Yes CVE-2025-21309 Sensitive Data Storage in Improperly Locked Memory 11571 11572 11923 11924 12437 12244 12436 10816 10855 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 12437 Critical 12244 Critical 12436 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12436 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/vv474172261">VictorV(Tang tianwen)</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows SmartScreen Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker would have to send the victim a malicious file that the victim would have to execute.</p> Windows SmartScreen Microsoft Yes CVE-2025-21314 User Interface (UI) Misrepresentation of Critical Information 12437 12436 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10852 10853 10816 10855 Spoofing 12437 Spoofing 12436 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 12389 Spoofing 12390 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Important 12437 Important 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10855 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12436 12389 12390 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12436 12389 12390 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12436 12389 12390 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 Haifei Li with <a href="https://research.checkpoint.com/">Check Point Research</a> Eric Lawrence with Microsoft 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Brokering File System Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code at a higher integrity level than that of the AppContainer execution environment.</p> Microsoft Brokering File System Microsoft Yes CVE-2025-21315 Use After Free 12437 12244 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 hazard 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Kernel Memory Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> <p>**Are there any further steps I need to take to be protected from this vulnerability?</p> <p>Customers running Windows Server 2016 or older, or Windows 10 version 1607 or older MUST install both the Servicing Stack Update (SSU) and the Security Update for that version to be fully protected from this vulnerability. See <a href="https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001">ADV990001 | Latest Servicing Stack Updates</a> for the applicable Servicing Stack Update for your operating system version.</p> <p>Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> <p><strong>Do I need to install the Servicing Stack Update and the January 2025 Security Update in any particular order?</strong></p> <p>SSUs should always be installed before any new update for Windows, including the latest cumulative update (LCU), Monthly Rollup, or Security Update.</p> Windows Kernel Memory Microsoft Yes CVE-2025-21316 Insertion of Sensitive Information into Log File 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://x.com/yarden_shafir">Yarden Shafir</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Kernel Memory Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows Kernel Memory Microsoft Yes CVE-2025-21318 Insertion of Sensitive Information into Log File 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://x.com/yarden_shafir">Yarden Shafir</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Kernel Memory Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> <p>**Are there any further steps I need to take to be protected from this vulnerability?</p> <p>Customers running Windows Server 2016 or older, or Windows 10 version 1607 or older MUST install both the Servicing Stack Update (SSU) and the Security Update for that version to be fully protected from this vulnerability. See <a href="https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001">ADV990001 | Latest Servicing Stack Updates</a> for the applicable Servicing Stack Update for your operating system version.</p> <p>Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> <p><strong>Do I need to install the Servicing Stack Update and the January 2025 Security Update in any particular order?</strong></p> <p>SSUs should always be installed before any new update for Windows, including the latest cumulative update (LCU), Monthly Rollup, or Security Update.</p> Windows Kernel Memory Microsoft Yes CVE-2025-21319 Insertion of Sensitive Information into Log File 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://x.com/yarden_shafir">Yarden Shafir</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Kernel Memory Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> <p>**Are there any further steps I need to take to be protected from this vulnerability?</p> <p>Customers running Windows Server 2016 or older, or Windows 10 version 1607 or older MUST install both the Servicing Stack Update (SSU) and the Security Update for that version to be fully protected from this vulnerability. See <a href="https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001">ADV990001 | Latest Servicing Stack Updates</a> for the applicable Servicing Stack Update for your operating system version.</p> <p>Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> <p><strong>Do I need to install the Servicing Stack Update and the January 2025 Security Update in any particular order?</strong></p> <p>SSUs should always be installed before any new update for Windows, including the latest cumulative update (LCU), Monthly Rollup, or Security Update.</p> Windows Kernel Memory Microsoft Yes CVE-2025-21320 Insertion of Sensitive Information into Log File 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://x.com/yarden_shafir">Yarden Shafir</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Kernel Memory Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> <p><strong>Are there any additional steps that I need to follow to be protected from this vulnerability?</strong></p> <p>The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in <a href="https://support.microsoft.com/help/5042562">Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates</a> has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.</p> Windows Kernel Memory Microsoft Yes CVE-2025-21321 Insertion of Sensitive Information into Log File 12436 12437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 12436 Information Disclosure 12437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 12436 Important 12437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12436 12437 12389 12390 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12436 12437 12389 12390 5050009 5050009 https://support.microsoft.com/help/5050009 12436 12437 12389 12390 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://x.com/yarden_shafir">Yarden Shafir</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21327 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Adel and Benjamin Rodes 1.0 2025-01-14T00:00:00 <p>Information published.</p> .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio.</p> .NET, .NET Framework, Visual Studio Microsoft Yes CVE-2025-21176 Buffer Over-read 11600 11935 12187 12271 12322 10577 12459 12414 12415 12416 12432 12433 12434 12079-12389 12079-12390 11650-10852 11650-10853 11650-10816 11650-10855 11650-10051 11650-10049 11650-10378 11650-10379 11650-10483 11650-10543 11676-11568 11676-11569 11676-11571 11676-11572 11676-11923 11676-11924 11676-11929 11676-11930 11676-11931 11676-12097 11676-12098 11676-12099 11677-11568 11677-11569 11677-11571 11677-11572 11677-10816 11677-10855 11723-10852 11723-10853 11863-10051 11863-10049 11863-10378 11863-10379 11863-10483 11863-10543 12079-11923 12079-11924 12079-11929 12079-11930 12079-11931 12079-12085 12079-12086 12079-12097 12079-12098 12079-12099 12079-12242 12079-12243 12079-12244 12115-9312 12115-10287 12115-9318 12115-9344 12136-10729 12136-10735 Remote Code Execution 11600 Remote Code Execution 11935 Remote Code Execution 12187 Remote Code Execution 12271 Remote Code Execution 12322 Remote Code Execution 10577 Remote Code Execution 12459 Remote Code Execution 12414 Remote Code Execution 12415 Remote Code Execution 12416 Remote Code Execution 12432 Remote Code Execution 12433 Remote Code Execution 12434 Remote Code Execution 12079-12389 Remote Code Execution 12079-12390 Remote Code Execution 11650-10852 Remote Code Execution 11650-10853 Remote Code Execution 11650-10816 Remote Code Execution 11650-10855 Remote Code Execution 11650-10051 Remote Code Execution 11650-10049 Remote Code Execution 11650-10378 Remote Code Execution 11650-10379 Remote Code Execution 11650-10483 Remote Code Execution 11650-10543 Remote Code Execution 11676-11568 Remote Code Execution 11676-11569 Remote Code Execution 11676-11571 Remote Code Execution 11676-11572 Remote Code Execution 11676-11923 Remote Code Execution 11676-11924 Remote Code Execution 11676-11929 Remote Code Execution 11676-11930 Remote Code Execution 11676-11931 Remote Code Execution 11676-12097 Remote Code Execution 11676-12098 Remote Code Execution 11676-12099 Remote Code Execution 11677-11568 Remote Code Execution 11677-11569 Remote Code Execution 11677-11571 Remote Code Execution 11677-11572 Remote Code Execution 11677-10816 Remote Code Execution 11677-10855 Remote Code Execution 11723-10852 Remote Code Execution 11723-10853 Remote Code Execution 11863-10051 Remote Code Execution 11863-10049 Remote Code Execution 11863-10378 Remote Code Execution 11863-10379 Remote Code Execution 11863-10483 Remote Code Execution 11863-10543 Remote Code Execution 12079-11923 Remote Code Execution 12079-11924 Remote Code Execution 12079-11929 Remote Code Execution 12079-11930 Remote Code Execution 12079-11931 Remote Code Execution 12079-12085 Remote Code Execution 12079-12086 Remote Code Execution 12079-12097 Remote Code Execution 12079-12098 Remote Code Execution 12079-12099 Remote Code Execution 12079-12242 Remote Code Execution 12079-12243 Remote Code Execution 12079-12244 Remote Code Execution 12115-9312 Remote Code Execution 12115-10287 Remote Code Execution 12115-9318 Remote Code Execution 12115-9344 Remote Code Execution 12136-10729 Remote Code Execution 12136-10735 Important 11600 Important 11935 Important 12187 Important 12271 Important 12322 Important 10577 Important 12459 Important 12414 Important 12415 Important 12416 Important 12432 Important 12433 Important 12434 Important 12079-12389 Important 12079-12390 Important 11650-10852 Important 11650-10853 Important 11650-10816 Important 11650-10855 Important 11650-10051 Important 11650-10049 Important 11650-10378 Important 11650-10379 Important 11650-10483 Important 11650-10543 Important 11676-11568 Important 11676-11569 Important 11676-11571 Important 11676-11572 Important 11676-11923 Important 11676-11924 Important 11676-11929 Important 11676-11930 Important 11676-11931 Important 11676-12097 Important 11676-12098 Important 11676-12099 Important 11677-11568 Important 11677-11569 Important 11677-11571 Important 11677-11572 Important 11677-10816 Important 11677-10855 Important 11723-10852 Important 11723-10853 Important 11863-10051 Important 11863-10049 Important 11863-10378 Important 11863-10379 Important 11863-10483 Important 11863-10543 Important 12079-11923 Important 12079-11924 Important 12079-11929 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 12079-12242 Important 12079-12243 Important 12079-12244 Important 12115-9312 Important 12115-10287 Important 12115-9318 Important 12115-9344 Important 12136-10729 Important 12136-10735 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12322 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10577 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12459 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12414 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12415 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12416 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12432 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12433 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12434 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10543 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11723-10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10543 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12136-10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12136-10735 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.69 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.43 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.22 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes 5049688 https://aka.ms/vs/14/release/5049688 5029366 10577 Maybe Security Update 14.0.24252.2 https://support.microsoft.com/help/5049688 10577 5049688 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes 5050525 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12414 12415 12416 Maybe Security Update 8.0.12 https://support.microsoft.com/help/5050525 12414 12415 12416 5050525 5050526 https://dotnet.microsoft.com/en-us/download/dotnet/9.0 12432 12433 12434 Maybe Security Update 9.0.1 https://support.microsoft.com/help/5050526 12432 12433 12434 5050526 5049622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049622 12079-12389 12079-12390 Maybe Security Update 4.8.1.09294.01 https://support.microsoft.com/help/5049622 12079-12389 12079-12390 5049622 5049614 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049614 11650-10852 11650-10853 11650-10816 11650-10855 Maybe Security Update 4.8.04775.01 https://support.microsoft.com/help/5049614 11650-10852 11650-10853 11650-10816 11650-10855 5049614 5050183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049619 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.04775.01 https://support.microsoft.com/help/5050183 11650-10051 11650-10049 5050183 5050180 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049628 11650-10051 11650-10049 Maybe Security Only 4.8.04775.02 https://support.microsoft.com/help/5050180 11650-10051 11650-10049 5050180 5050184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049616 11650-10378 11650-10379 Maybe Monthly Rollup 4.8.04775.01 https://support.microsoft.com/help/5050184 11650-10378 11650-10379 5050184 5050185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049618 11650-10483 11650-10543 Maybe Monthly Rollup 4.8.04775.01 https://support.microsoft.com/help/5050185 11650-10483 11650-10543 5050185 5050182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049615 11676-11568 11676-11569 11676-11571 11676-11572 Maybe Security Update 4.8.04775.01 https://support.microsoft.com/help/5050182 11676-11568 11676-11569 11676-11571 11676-11572 5050182 5050187 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049617 11676-11923 11676-11924 Maybe Security Update 4.8.04775.01 https://support.microsoft.com/help/5050187 11676-11923 11676-11924 5050187 5050416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049617 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.04775.01 https://support.microsoft.com/help/5050416 11676-11929 11676-11930 11676-11931 5050416 5050188 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049613 11676-12097 11676-12098 11676-12099 Maybe Security Update 4.8.04775.01 https://support.microsoft.com/help/5050188 11676-12097 11676-12098 11676-12099 5050188 5050182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049608 11677-11568 11677-11569 11677-11571 11677-11572 Maybe Security Update 4.7.04126.01 https://support.microsoft.com/help/5050182 11677-11568 11677-11569 11677-11571 11677-11572 5050182 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 11677-10816 11677-10855 11723-10852 11723-10853 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 11677-10816 11677-10855 11723-10852 11723-10853 5049993 5050183 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049611 11863-10051 11863-10049 Maybe Monthly Rollup 4.7.04126.01 https://support.microsoft.com/help/5050183 11863-10051 11863-10049 5050183 5050180 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049627 11863-10051 11863-10049 Maybe Security Only 4.7.04126.02 https://support.microsoft.com/help/5050180 11863-10051 11863-10049 5050180 5050184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049609 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.04126.01 https://support.microsoft.com/help/5050184 11863-10378 11863-10379 5050184 5050185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049610 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.04126.01 https://support.microsoft.com/help/5050185 11863-10483 11863-10543 5050185 5050187 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049625 12079-11923 12079-11924 Maybe Security Update 4.8.1.09294.01 https://support.microsoft.com/help/5050187 12079-11923 12079-11924 5050187 5050416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049625 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.1.09294.01 https://support.microsoft.com/help/5050416 12079-11929 12079-11930 12079-11931 5050416 5049624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049624 12079-12085 12079-12086 12079-12242 12079-12243 Maybe Security Update 4.8.1.09294.01 https://support.microsoft.com/help/5049624 12079-12085 12079-12086 12079-12242 12079-12243 5049624 5050188 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049621 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.1.09294.01 https://support.microsoft.com/help/5050188 12079-12097 12079-12098 12079-12099 5050188 5049620 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049620 12079-12244 Maybe Security Update 4.8.1.09294.01 https://support.microsoft.com/help/5049620 12079-12244 5049620 5050186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049611 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Monthly Rollup 4.7.04126.01 https://support.microsoft.com/help/5050186 12115-9312 12115-10287 12115-9318 12115-9344 5050186 5050181 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049627 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Security Only 4.7.04126.02 https://support.microsoft.com/help/5050181 12115-9312 12115-10287 12115-9318 12115-9344 5050181 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 12136-10729 12136-10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 12136-10729 12136-10735 5050013 <a href="https://infosec.exchange/@ynwarcs">goodbyeselene</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 2.0 2025-02-11T00:00:00 <p>In the Security Updates table, added Visual Studio 2015 Update 3, as this version of Visual Studio is also affected by this vulnerability.</p> <p>Microsoft recommends that customers running Visual Studio 2015 Update 3 install the update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio.</p> Visual Studio Microsoft Yes CVE-2025-21178 Heap-based Buffer Overflow Out-of-bounds Read 11600 11935 12187 12271 12322 10577 12459 Remote Code Execution 11600 Remote Code Execution 11935 Remote Code Execution 12187 Remote Code Execution 12271 Remote Code Execution 12322 Remote Code Execution 10577 Remote Code Execution 12459 Important 11600 Important 11935 Important 12187 Important 12271 Important 12322 Important 10577 Important 12459 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12322 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10577 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12459 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.69 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.43 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.22 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes 5049688 https://aka.ms/vs/14/release/5049688 5029366 10577 Maybe Security Update 14.0.24252.2 https://support.microsoft.com/help/5049688 10577 5049688 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes <a href="https://infosec.exchange/@ynwarcs">goodbyeselene</a> 2.0 2025-02-11T00:00:00 <p>In the Security Updates table, added Visual Studio 2015 Update 3, as this version of Visual Studio is also affected by this vulnerability.</p> <p>Microsoft recommends that customers running Visual Studio 2015 Update 3 install the update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 3.0 2025-02-14T00:00:00 <p>In the Security Updates table, added Visual Studio 2015 Update 3 as it is affected by this vulnerability, and removed Visual Studio 2013 Update 5 as it is not affected by this vulnerability.</p> <p>Microsoft recommends that customers install the update for Visual Studio 2015 Update 3 to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> .NET Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required  is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with standard user privileges could place a malicious file and then wait for the privileged victim to run the calling command.</p> .NET Microsoft Yes CVE-2025-21173 Creation of Temporary File in Directory with Insecure Permissions 12415 12432 12459 12187 12271 12322 Elevation of Privilege 12415 Elevation of Privilege 12432 Elevation of Privilege 12459 Elevation of Privilege 12187 Elevation of Privilege 12271 Elevation of Privilege 12322 Important 12415 Important 12432 Important 12459 Important 12187 Important 12271 Important 12322 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12415 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12432 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12459 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12322 5050525 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12415 Maybe Security Update 8.0.12 https://support.microsoft.com/help/5050525 12415 5050525 5050526 https://dotnet.microsoft.com/en-us/download/dotnet/9.0 12432 Maybe Security Update 9.0.1 https://support.microsoft.com/help/5050526 12432 5050526 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.22 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Noah Gilson with Microsoft Daniel Plaisted with Microsoft 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21341 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Adel and Benjamin Rodes 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-21344 Improper Input Validation 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 10950 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 11585 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 11961 5002672 https://www.microsoft.com/download/details.aspx?familyid=ddc04340-e2a1-4e0a-b4ed-e7a9e7e3ebf3 5002659 10950 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002672 10950 5002672 5002671 https://www.microsoft.com/download/details.aspx?familyid=292e9c48-9637-4a22-b026-e6ff0f79ba45 5002544 10950 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002671 10950 5002671 5002666 https://www.microsoft.com/download/details.aspx?familyid=614ab065-68ec-4a23-a44e-7a776d7a8b46 5002657 11585 Maybe Security Update 16.0.10416.20041 https://support.microsoft.com/help/5002666 11585 5002666 5002667 https://www.microsoft.com/download/details.aspx?familyid=5c60bcb4-ce16-464f-9e01-10ca73cab72a 5002664 11585 Maybe Security Update 16.0.10416.20041 https://support.microsoft.com/help/5002667 11585 5002667 5002676 https://www.microsoft.com/download/details.aspx?familyid=0c1d50f3-2ae4-40be-9179-c69dfa0b5af5 5002658 11961 Maybe Security Update 16.0.17928.20356 https://support.microsoft.com/help/5002676 11961 5002676 <a href="https://github.com/zcgonvh">zcgonvh</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> Microsoft Office Visio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Visio Microsoft Yes CVE-2025-21345 Use After Free 11573 11574 11762 11763 11952 11953 12420 12421 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run <a href="https://x.com/c0d3nh4ck">c0d3nh4ck</a> with <a href="https://zscaler.com/">Zscaler&#39;s ThreatLabz</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> Microsoft Office Security Feature Bypass Vulnerability <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could bypass Windows Defender Application Control (WDAC) enforcement. This could lead to the ability to run unauthorized applications on target systems.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Microsoft Yes CVE-2025-21346 Protection Mechanism Failure 11573 11574 11762 11763 11952 11953 12420 12421 10753 10754 Security Feature Bypass 11573 Security Feature Bypass 11574 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 11952 Security Feature Bypass 11953 Security Feature Bypass 12420 Security Feature Bypass 12421 Security Feature Bypass 10753 Security Feature Bypass 10754 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Important 10753 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11573 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11574 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11762 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11763 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11952 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11953 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12420 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12421 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10753 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002675 https://www.microsoft.com/download/details.aspx?familyid=ba80cb95-e43e-43ab-8960-399401f4f58e 5002661 10753 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002675 10753 5002675 5002595 https://www.microsoft.com/download/details.aspx?familyid=d7d70a8b-a77d-4a0c-b416-21fb4680f3ad 5002197 10753 Maybe Security Update 16.0.5483.1000 https://support.microsoft.com/help/5002595 10753 5002595 5002675 https://www.microsoft.com/download/details.aspx?familyid=e054e875-ef5b-47ea-b113-f53cd55fedd4 5002661 10754 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002675 10754 5002675 5002595 https://www.microsoft.com/download/details.aspx?familyid=34197e38-4243-4837-9d5b-0aa5b09add4b 5002197 10754 Maybe Security Update 16.0.5483.1000 https://support.microsoft.com/help/5002595 10754 5002595 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-21348 Improper Authorization 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002672 https://www.microsoft.com/download/details.aspx?familyid=ddc04340-e2a1-4e0a-b4ed-e7a9e7e3ebf3 5002659 10950 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002672 10950 5002672 5002671 https://www.microsoft.com/download/details.aspx?familyid=292e9c48-9637-4a22-b026-e6ff0f79ba45 5002544 10950 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002671 10950 5002671 5002666 https://www.microsoft.com/download/details.aspx?familyid=614ab065-68ec-4a23-a44e-7a776d7a8b46 5002657 11585 Maybe Security Update 16.0.10416.20041 https://support.microsoft.com/help/5002666 11585 5002666 5002667 https://www.microsoft.com/download/details.aspx?familyid=5c60bcb4-ce16-464f-9e01-10ca73cab72a 5002664 11585 Maybe Security Update 16.0.10416.20041 https://support.microsoft.com/help/5002667 11585 5002667 5002676 https://www.microsoft.com/download/details.aspx?familyid=0c1d50f3-2ae4-40be-9179-c69dfa0b5af5 5002658 11961 Maybe Security Update 16.0.17928.20356 https://support.microsoft.com/help/5002676 11961 5002676 <a href="https://github.com/zcgonvh">zcgonvh</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Office Excel Microsoft Yes CVE-2025-21354 Untrusted Pointer Dereference 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Critical 10836 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 5002677 https://www.microsoft.com/download/details.aspx?familyid=861661d1-b9e1-4ea3-aa23-0d1554e9afd5 5002648 10836 Maybe Security Update 16.0.10416.20047 https://support.microsoft.com/help/5002677 10836 5002677 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Yes Security Update 16.93.25011212 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes boolgombear Jmini 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-14T00:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Microsoft Office Visio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Visio Microsoft Yes CVE-2025-21356 Access of Resource Using Incompatible Type ('Type Confusion') Heap-based Buffer Overflow 11573 11574 11762 11763 11952 11953 12420 12421 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Li Shuang and willJ with Vulnerability Research Institute 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> Microsoft Outlook Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H) and privileges required are low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An attacker must gain access to the victim user's Microsoft Outlook account by compromising or stealing their login credential and then install a malicious form prior to exploiting the vulnerability successfully.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into opening malicious files.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Outlook Microsoft Yes CVE-2025-21357 Use of Uninitialized Resource 11573 11574 11762 11763 11952 11953 12420 12421 10765 10766 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 10765 Remote Code Execution 10766 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Important 10765 Important 10766 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10765 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10766 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002656 https://www.microsoft.com/download/details.aspx?familyid=fae7c402-d328-46e0-86a6-ea8fd299a929 5002626 10765 Maybe Security Update 16.0.5483.1000 https://support.microsoft.com/help/5002656 10765 5002656 5002656 https://www.microsoft.com/download/details.aspx?familyid=9876465d-eee5-4687-8444-bfb5733f4bc0 5002626 10766 Maybe Security Update 16.0.5483.1000 https://support.microsoft.com/help/5002656 10766 5002656 <a href="https://www.linkedin.com/in/arnoldosipov/">Arnold Osipov</a> with <a href="https://www.morphisec.com/">Morphisec</a> <a href="https://www.linkedin.com/in/smgoreli/">Michael Gorelik</a> with <a href="https://www.morphisec.com/">Morphisec</a> <a href="https://x.com/seungyun_le2">SeungYun LEE</a> with <a href="https://www.kitribob.kr/">bObffice (BOB13th)</a> <a href="https://x.com/zeroboo1227">JunHyuk Im</a> with <a href="https://www.kitribob.kr/">bObffice (BOB13th)</a> <a href="https://www.linkedin.com/in/기연-정-48635a335/">Kiyeon Jeong</a> with <a href="https://www.kitribob.kr/">bObffice (BOB13th)</a> <a href="https://x.com/kimjor22">JongGeon KIM</a> with <a href="https://www.kitribob.kr/">bObffice (BOB13th)</a> <a href="https://x.com/lmksecurity">Jeongmin Choi</a> with <a href="https://www.kitribob.kr/">bObffice (BOB13th)</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Office Excel Microsoft Yes CVE-2025-21362 Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Critical 10836 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10739 Critical 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C 10836 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C 11573 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C 11574 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C 11762 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C 11763 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C 11951 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C 11952 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C 11953 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C 12420 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C 12421 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C 12440 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C 10739 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C 10740 5002677 https://www.microsoft.com/download/details.aspx?familyid=861661d1-b9e1-4ea3-aa23-0d1554e9afd5 5002648 10836 Maybe Security Update 16.0.10416.20047 https://support.microsoft.com/help/5002677 10836 5002677 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Yes Security Update 16.93.25011212 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002673 https://www.microsoft.com/download/details.aspx?familyid=0a38538f-0acd-426d-9ca0-10c60a4ae315 5002660 10739 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002673 10739 5002673 5002673 https://www.microsoft.com/download/details.aspx?familyid=58d84736-d1da-47ed-927e-0d6eb55c35af 5002660 10740 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002673 10740 5002673 0x140ce(Peace &amp; Love) 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-14T00:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Microsoft Word Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Word Microsoft Yes CVE-2025-21363 Untrusted Pointer Dereference 11762 11763 11951 12420 12421 12440 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Important 11762 Important 11763 Important 11951 Important 12420 Important 12421 Important 12440 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 11762 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 11763 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 11951 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 12420 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 12421 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 12440 Click to Run 11762 11763 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Yes Security Update 16.93.25011212 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes <a href="https://twitter.com/thezdi">Jmini, Rotiple, D4m0n</a> with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> Microsoft Excel Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Office macro policies used to block untrusted or malicious files.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-21364 Deserialization of Untrusted Data 11762 11763 12420 12421 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 12420 Security Feature Bypass 12421 Important 11762 Important 11763 Important 12420 Important 12421 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 Click to Run 11762 11763 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 12420 12421 Click to Run Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> Microsoft Office Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Microsoft Yes CVE-2025-21365 Untrusted Search Path 11762 11763 12420 12421 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 12420 Remote Code Execution 12421 Important 11762 Important 11763 Important 12420 Important 12421 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 Click to Run 11762 11763 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 12420 12421 Click to Run <a href="https://x.com/seungyun_le2">Seungyun LEE</a> with <a href="https://www.kitribob.kr/">bObffice(BOB 13th)</a> <a href="https://x.com/lmksecurity">Jeongmin Choi</a> with <a href="https://www.kitribob.kr/">bObffice(BOB 13th)</a> <a href="https://x.com/zeroboo1227">Junhyuk IM</a> with <a href="https://www.kitribob.kr/">bObffice(BOB 13th)</a> <a href="https://x.com/kimjor22">JongGeon KIM</a> with <a href="https://www.kitribob.kr/">bObffice(BOB 13th)</a> <a href="https://www.linkedin.com/in/기연-정-48635a335/">Kiyeon Jeong</a> with <a href="https://www.kitribob.kr/">bObffice(BOB 13th)</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> Microsoft Access Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How does the update protect against this vulnerability?</strong></p> <p>The update blocks potentially malicious extensions from being sent in an email.</p> <p><strong>Which types of extensions are blocked?</strong></p> <p>The following extensions which will be blocked:</p> <ul> <li>accdb</li> <li>accde</li> <li>accdw</li> <li>accdt</li> <li>accda</li> <li>accdr</li> <li>accdu</li> </ul> <p><strong>Is there any notification indicating an email contained a blocked extension?</strong></p> <p>The email recipient will get a notification that there was an attachment but it cannot be accessed.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Access Microsoft Yes CVE-2025-21366 Use After Free 11573 11574 11762 11763 11952 11953 12420 12421 10751 10752 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 10751 Remote Code Execution 10752 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Important 10751 Important 10752 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10751 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10752 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002670 https://www.microsoft.com/download/details.aspx?familyid=5b24a72a-849c-4f01-a253-f1e4bd08708f 5002641 10751 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002670 10751 5002670 5002670 https://www.microsoft.com/download/details.aspx?familyid=c55f8fbd-419a-4d50-b4f1-b9cbcc901746 5002641 10752 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002670 10752 5002670 <a href="https://www.unpatched.ai">Unpatched.ai</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-21382 Integer Overflow or Wraparound Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 1.0 2025-01-14T00:00:00 <p>Information published.</p> MapUrlToZone Security Feature Bypass Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Windows MapUrlToZone Microsoft Yes CVE-2025-21219 Improper Resolution of Path Equivalence 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 12436 12437 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 12436 Security Feature Bypass 12437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 12436 Important 12437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12242 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12243 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12244 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12389 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12390 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12436 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12437 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12389 12390 12436 12437 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12389 12390 12436 12437 5050009 5050009 https://support.microsoft.com/help/5050009 12389 12390 12436 12437 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2025-01-14T00:00:00 <p>Information published.</p> Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass <p>This CVE was assigned by CERT CC. The purpose of this document is to attest to the fact that the products listed in the Security Updates table have been updated to protect against this vulnerability.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot CERT CC Yes CVE-2024-7344 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Martin Smolar, ESET 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-29T00:00:00 <p>In the CVE header, added the overall Severity and Impact information. This is an informational change only.</p> Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network.</p> Windows Universal Plug and Play (UPnP) Device Host Microsoft Yes CVE-2025-21389 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-04-01T00:00:00 <p>Updated CVE title. This is an informational change only.</p> Microsoft SharePoint Server Spoofing Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to the target site as at least a Site Member.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-21393 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10950 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11585 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11961 5002672 https://www.microsoft.com/download/details.aspx?familyid=ddc04340-e2a1-4e0a-b4ed-e7a9e7e3ebf3 5002659 10950 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002672 10950 5002672 5002671 https://www.microsoft.com/download/details.aspx?familyid=292e9c48-9637-4a22-b026-e6ff0f79ba45 5002544 10950 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002671 10950 5002671 5002666 https://www.microsoft.com/download/details.aspx?familyid=614ab065-68ec-4a23-a44e-7a776d7a8b46 5002657 11585 Maybe Security Update 16.0.10416.20041 https://support.microsoft.com/help/5002666 11585 5002666 5002667 https://www.microsoft.com/download/details.aspx?familyid=5c60bcb4-ce16-464f-9e01-10ca73cab72a 5002664 11585 Maybe Security Update 16.0.10416.20041 https://support.microsoft.com/help/5002667 11585 5002667 5002676 https://www.microsoft.com/download/details.aspx?familyid=0c1d50f3-2ae4-40be-9179-c69dfa0b5af5 5002658 11961 Maybe Security Update 16.0.17928.20356 https://support.microsoft.com/help/5002676 11961 5002676 Felix Boulet 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> Microsoft Access Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How does the update protect against this vulnerability?</strong></p> <p>The update blocks potentially malicious extensions from being sent in an email.</p> <p><strong>Which types of extensions are blocked?</strong></p> <p>The following extensions which will be blocked:</p> <ul> <li>accdb</li> <li>accde</li> <li>accdw</li> <li>accdt</li> <li>accda</li> <li>accdr</li> <li>accdu</li> </ul> <p><strong>Is there any notification indicating an email contained a blocked extension?</strong></p> <p>The email recipient will get a notification that there was an attachment but it cannot be accessed.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Access Microsoft Yes CVE-2025-21395 Heap-based Buffer Overflow 11573 11574 11762 11763 11952 11953 12420 12421 10751 10752 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 10751 Remote Code Execution 10752 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Important 10751 Important 10752 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10751 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10752 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002688 https://www.microsoft.com/download/details.aspx?familyid=bbab3e07-7009-4da0-a061-df2571134a1f 10751 Maybe Security Update 16.0.5487.1000 https://support.microsoft.com/kb/5002688 10751 5002688 5002688 https://www.microsoft.com/download/details.aspx?familyid=94cf4bc4-a939-45e2-ab93-aa5b4ca19c18 10752 Maybe Security Update 16.0.5487.1000 https://support.microsoft.com/kb/5002688 10752 5002688 <a href="https://www.unpatched.ai">Unpatched.ai</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> 2.0 2025-02-11T00:00:00 <p>To comprehensively address CVE-2025-21395 Microsoft has released secuirty update 5002688 for supported editions of Microsoft Access 2016. Microsoft recommends that customers install the update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> On-Premises Data Gateway Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the data contained in the targeted PowerBI dashboard. The scope of PowerBI data which could be accessed is dependent on the privileges of compromised user.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Successful exploitation of this vulnerability requires the victim user to login or authenticate to the target environment.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to be able to exploit this vulnerability.</p> <p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p> <p>Only customers who have configured a SAP HANA data source to use single sign-on (SSO) are affected and must update their On-Premises Data Gateway to protect against this vulnerability. More information regarding SSO for On-Premises Data Gateways can be found here: <a href="https://learn.microsoft.com/en-us/power-bi/connect-data/service-gateway-sso-overview">Overview of single sign-on for on-premises data gateways in Power BI</a></p> Microsoft Azure Gateway Manager Microsoft Yes CVE-2025-21403 Incorrect Authorization 12464 Information Disclosure 12464 Important 12464 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.4 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RC:C 12464 Release Notes https://download.microsoft.com/download/D/A/1/DA1FDDB8-6DA8-4F50-B4D0-18019591E182/GatewayInstall.exe 12464 Maybe Security Update 3000.246 https://learn.microsoft.com/en-us/data-integration/gateway/service-gateway-monthly-updates 12464 Release Notes Kian Gorgichuk Kian Gorgichuk 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows NTLM Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Windows NTLM Microsoft Yes CVE-2025-21217 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 12389 Spoofing 12390 Spoofing 12436 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 9312 Spoofing 10287 Spoofing 9318 Spoofing 9344 Spoofing 10051 Spoofing 10049 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2025-01-14T00:00:00 <p>Information published.</p> Visual Studio Elevation of Privilege Vulnerability Visual Studio Microsoft Yes CVE-2025-21405 Improper Access Control 12459 Elevation of Privilege 12459 Important 12459 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12459 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Polar Penguin <a href="https://github.com/ycdxsb">ycdxsb</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Windows Remote Desktop Services Microsoft Yes CVE-2025-21278 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous <a href="https://www.facebook.com/skorikjr">SkorikARI</a> <a href="https://twitter.com/vv474172261">VictorV(Tang tianwen)</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> MapUrlToZone Security Feature Bypass Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows MapUrlToZone Microsoft Yes CVE-2025-21329 Improper Resolution of Path Equivalence 12436 12437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 12436 Security Feature Bypass 12437 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 12436 Important 12437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12436 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12437 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12242 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12243 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12244 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12389 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12390 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9312 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10287 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9318 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9344 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10051 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10049 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10378 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10379 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12436 12437 12389 12390 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12436 12437 12389 12390 5050009 5050009 https://support.microsoft.com/help/5050009 12436 12437 12389 12390 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 9312 10287 9318 9344 Yes IE Cumulative 1.007 https://support.microsoft.com/help/5049994 9312 10287 9318 9344 5049994 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10051 10049 10378 10379 Yes IE Cumulative 1.003 https://support.microsoft.com/help/5049994 10051 10049 10378 10379 5049994 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10483 10543 Yes IE Cumulative 1.002 https://support.microsoft.com/help/5049994 10483 10543 5049994 <a href="https://x.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations <a href="https://x.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2025-01-14T00:00:00 <p>Information published.</p> MapUrlToZone Security Feature Bypass Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows MapUrlToZone Microsoft Yes CVE-2025-21328 Improper Resolution of Path Equivalence 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12436 12437 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Security Feature Bypass 12436 Security Feature Bypass 12437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12436 Important 12437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12242 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12243 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12244 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12389 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12390 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9312 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10287 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9318 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9344 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10051 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10049 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10378 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10379 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12436 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12437 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12389 12390 12436 12437 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12389 12390 12436 12437 5050009 5050009 https://support.microsoft.com/help/5050009 12389 12390 12436 12437 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 9312 10287 9318 9344 Yes IE Cumulative 1.007 https://support.microsoft.com/help/5049994 9312 10287 9318 9344 5049994 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10051 10049 10378 10379 Yes IE Cumulative 1.003 https://support.microsoft.com/help/5049994 10051 10049 10378 10379 5049994 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10483 10543 Yes IE Cumulative 1.002 https://support.microsoft.com/help/5049994 10483 10543 5049994 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Remote Desktop Services Denial of Service Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p> Windows Remote Desktop Services Microsoft Yes CVE-2025-21330 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 <p>ʌ!ↄ⊥ojv with Kunlun Lab</p> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Message Queuing Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Message Queuing Microsoft Yes CVE-2025-21220 Use of Uninitialized Resource 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://x.com/_bka_">Bastian Kanbach</a> with <a href="https://www.securesystems.de/">SSE - Secure Systems Engineering GmbH</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Does this vulnerability exist in the Hyper-V server?</strong></p> <p>No, the Hyper-V NT Kernel Integration Virtual Service Provider (VSP) is a component used for communications between the host OS and container-type VMs, such as Windows Sandbox and Microsoft Defender Application Guard (MDAG). It is not in a traditional Hyper-V VM environment. Whereas traditional Hyper-V VMs have a strong boundary between the host and the guest for isolation purposes, container-type VMs like MDAG simulate that they are running on the host. The Hyper-V NT Kernel Integration VSP driver has functionality that enables this simulation.</p> <p>Microsoft strongly recommends updating to the latest version of Windows to be protected against this vulnerability.</p> <p><strong>Is this a guest to host type of vulnerability?</strong></p> <p>No, this is a local elevation of privilege, not any type of guest to host escape.</p> Windows Hyper-V NT Kernel Integration VSP Microsoft Yes CVE-2025-21335 Use After Free 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11931 Important 12085 Important 12086 Important 12097 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11931 12097 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-15T00:00:00 <p>Added FAQ information. This is an informational change only.</p> Chromium: CVE-2025-0291 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>131.0.2903.147</td> <td>1/14/2025</td> <td>131.0.6778.264/.265</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0291 11655 11655 11655 Release Notes 11655 No Security Update 131.0.2903.147 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-14T12:11:35 <p>Information published.</p> Chromium: CVE-2025-0442 Inappropriate implementation in Payments <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0442 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-16T00:00:16 <p>Information published.</p> Chromium: CVE-2025-0440 Inappropriate implementation in Fullscreen <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0440 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-16T00:00:12 <p>Information published.</p> Chromium: CVE-2025-0437 Out of bounds read in Metrics <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0437 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-16T00:00:06 <p>Information published.</p> Chromium: CVE-2025-0435 Inappropriate implementation in Navigation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0435 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-16T00:00:01 <p>Information published.</p> Chromium: CVE-2025-0434 Out of bounds memory access in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0434 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-16T00:00:57 <p>Information published.</p> Microsoft Account Elevation of Privilege Vulnerability <p>Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Account Microsoft No CVE-2025-21396 Missing Authorization 12474 Elevation of Privilege 12474 Important 12474 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C 12474 <a href="https://github.com/sugobet">M1n9K1n9</a> with APT250 1.0 2025-01-29T00:00:00 <p>Information published.</p> 1.1 2025-02-06T00:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Azure AI Face Service Elevation of Privilege Vulnerability <p>Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure AI Face Service Microsoft No CVE-2025-21415 Authentication Bypass by Spoofing 12475 Elevation of Privilege 12475 Critical 12475 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 9.9 8.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 12475 Anonymous 1.0 2025-01-29T00:00:00 <p>Information published.</p> Active Directory Federation Server Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> Active Directory Federation Services Microsoft Yes CVE-2025-21193 Cross-Site Request Forgery (CSRF) 11571 11572 11923 11924 12437 12244 12436 10816 10855 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 12437 Spoofing 12244 Spoofing 12436 Spoofing 10816 Spoofing 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12436 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10816 10855 5049993 Adrien Scholler with <a href="https://www.holiseum.com/">Holiseum</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p> Windows Connected Devices Platform Service Microsoft Yes CVE-2025-21207 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 CSIRT MON <a href="https://x.com/seqode">Eduardo Berlanga (seqode)</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Recovery Environment Agent Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker needs physical access to the victim's machine.</p> Windows Recovery Environment Agent Microsoft Yes CVE-2025-21202 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12244 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 <a href="https://x.com/errno_fail">Maxim Suhanov</a> with CICADA8 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Power Automate Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How do I get the updated app?</strong></p> <p>Users of version 2.51 will be notified about the availability of updated version 2.51.349.24355 or version 2.52, which will include the fix to address this vulnerability. Users running versions between 2.46 and 2.50 who do not wish to update to a higher version please refer to the following FAQ for update information and download links.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>Refer to the following table for the fixed build version that addresses this vulnerability.</p> <table> <thead> <tr> <th>If your current version is</th> <th>Fixed build version</th> <th>Download link</th> </tr> </thead> <tbody> <tr> <td>2.46</td> <td>2.46.184.25013</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2300767">Download</a></td> </tr> <tr> <td>2.47</td> <td>2.47.126.25010</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2300573">Download</a></td> </tr> <tr> <td>2.48</td> <td>2.48.164.25010</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2300574">Download</a></td> </tr> <tr> <td>2.49</td> <td>2.49.182.25010</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2300662">Download</a></td> </tr> <tr> <td>2.50</td> <td>2.50.139.25010</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2300768">Download</a></td> </tr> <tr> <td>2.51</td> <td>2.51.349.24355</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2102613">Download</a></td> </tr> </tbody> </table> Power Automate Microsoft Yes CVE-2025-21187 Improper Control of Generation of Code ('Code Injection') 12410 Remote Code Execution 12410 Important 12410 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12410 Release Notes https://apps.microsoft.com/detail/9nftch6j7fhv?launch=true&mode=full&hl=en-us&gl=us&ocid=bingwebsearch 12410 Maybe Security Update 2.52.62.25009 https://apps.microsoft.com/detail/9nftch6j7fhv?launch=true&mode=full&hl=en-us&gl=us&ocid=bingwebsearch 12410 Release Notes <a href="https://www.linkedin.com/in/tobias-diehl-19ba901b5/">Tobias Diehl</a> with <a href="https://umpquabank.com/">Umpqua Bank</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Access Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How does the update protect against this vulnerability?</strong></p> <p>The update blocks potentially malicious extensions from being sent in an email.</p> <p><strong>Which types of extensions are blocked?</strong></p> <p>The following extensions which will be blocked:</p> <ul> <li>accdb</li> <li>accde</li> <li>accdw</li> <li>accdt</li> <li>accda</li> <li>accdr</li> <li>accdu</li> </ul> <p><strong>Is there any notification indicating an email contained a blocked extension?</strong></p> <p>The email recipient will get a notification that there was an attachment but it cannot be accessed.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Access Microsoft Yes CVE-2025-21186 Heap-based Buffer Overflow 11573 11574 11762 11763 11952 11953 12420 12421 10751 10752 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 10751 Remote Code Execution 10752 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Important 10751 Important 10752 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10751 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10752 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002670 https://www.microsoft.com/download/details.aspx?familyid=5b24a72a-849c-4f01-a253-f1e4bd08708f 5002641 10751 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002670 10751 5002670 5002670 https://www.microsoft.com/download/details.aspx?familyid=c55f8fbd-419a-4d50-b4f1-b9cbcc901746 5002641 10752 Maybe Security Update 16.0.5483.1001 https://support.microsoft.com/help/5002670 10752 5002670 <a href="https://www.unpatched.ai">Unpatched.ai</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Boot Loader Microsoft Yes CVE-2025-21211 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zammis Clark 1.0 2025-01-14T00:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows BitLocker Microsoft Yes CVE-2025-21213 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zammis Clark 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted print task to a shared vulnerable Windows Line Printer Daemon (LPD) service across a network. Successful exploitation could result in remote code execution on the server.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Line Printer Daemon Service (LPD) Microsoft Yes CVE-2025-21224 Sensitive Data Storage in Improperly Locked Memory Use After Free 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> might be helpful in your situation:</strong></p> <ul> <li>Users are advised against installing or enabling the Line Printer Daemon (LPD) service.</li> <li>The LPD is not installed or enabled on the systems by default.</li> <li>The LPD has been announced as deprecated since Windows Server 2012. Please refer to: <a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831568(v=ws.11)#printing">Features Removed or Deprecated in Windows Server 2012</a>.</li> </ul> <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Remote Desktop Services Microsoft Yes CVE-2025-21225 Access of Resource Using Incompatible Type ('Type Confusion') 11571 11572 11923 11924 12437 12244 12436 10816 10855 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12437 Denial of Service 12244 Denial of Service 12436 Denial of Service 10816 Denial of Service 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12436 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10816 10855 5049993 <p>ʌ!ↄ⊥ojv with Kunlun Lab</p> 1.1 2025-01-14T00:00:00 <p>Updated acknowledgment. This is an informational change only.</p> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21226 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zhihua Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB device.</p> Windows Digital Media Microsoft Yes CVE-2025-21227 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zhihua Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB device.</p> Windows Digital Media Microsoft Yes CVE-2025-21228 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zhihua Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21229 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zhihua Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p> Windows Message Queuing Microsoft Yes CVE-2025-21230 Improper Input Validation Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> IP Helper Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit this vulnerability?</strong></p> <p>As an authenticated user, the attacker could send a specially crafted string of data over the network, causing the application to crash.</p> IP Helper Microsoft Yes CVE-2025-21231 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21232 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zhihua Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21256 Out-of-bounds Read Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zhihua Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21261 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Zhihua Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> MapUrlToZone Security Feature Bypass Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows MapUrlToZone Microsoft Yes CVE-2025-21189 Improper Resolution of Path Equivalence 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12436 12437 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Security Feature Bypass 12436 Security Feature Bypass 12437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12436 Important 12437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11568 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11569 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11571 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11572 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11923 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11924 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11929 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11930 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11931 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12085 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12086 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12097 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12098 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12099 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12242 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12243 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12244 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12389 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12390 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10729 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10735 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10852 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10853 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10816 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10855 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 9312 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10287 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 9318 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 9344 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10051 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10049 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10378 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10379 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10483 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10543 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12436 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12437 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12389 12390 12436 12437 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12389 12390 12436 12437 5050009 5050009 https://support.microsoft.com/help/5050009 12389 12390 12436 12437 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 9312 10287 9318 9344 Yes IE Cumulative 1.007 https://support.microsoft.com/help/5049994 9312 10287 9318 9344 5049994 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10051 10049 10378 10379 Yes IE Cumulative 1.003 https://support.microsoft.com/help/5049994 10051 10049 10378 10379 5049994 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10483 10543 Yes IE Cumulative 1.002 https://support.microsoft.com/help/5049994 10483 10543 5049994 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21273 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Event Tracing Denial of Service Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Event Tracing Microsoft Yes CVE-2025-21274 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows App Package Installer Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Installer Microsoft Yes CVE-2025-21275 Improper Authorization 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows MapUrlToZone Denial of Service Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows MapUrlToZone Microsoft Yes CVE-2025-21276 Integer Underflow (Wrap or Wraparound) Protection Mechanism Failure 12437 12436 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 12437 Denial of Service 12436 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 12437 Important 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12436 12389 12390 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12436 12389 12390 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12436 12389 12390 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 9312 10287 9318 9344 Yes IE Cumulative 1.007 https://support.microsoft.com/help/5049994 9312 10287 9318 9344 5049994 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10051 10049 10378 10379 Yes IE Cumulative 1.003 https://support.microsoft.com/help/5049994 10051 10049 10378 10379 5049994 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10483 10543 Yes IE Cumulative 1.002 https://support.microsoft.com/help/5049994 10483 10543 5049994 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21286 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Installer Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Installer Microsoft Yes CVE-2025-21287 Improper Privilege Management 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12437 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12242 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12243 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12244 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12389 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12390 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12436 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9312 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10287 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9318 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9344 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10051 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10049 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://infosec.exchange/@jagotu">JaGoTu</a> with <a href="https://www.dcit.cz/">DCIT, a.s.</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Search Service Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> Microsoft Windows Search Component Microsoft Yes CVE-2025-21292 Improper Control of Generation of Code ('Code Injection') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 Microsoft Offensive Research &amp; Security Engineering 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability Windows Universal Plug and Play (UPnP) Device Host Microsoft Yes CVE-2025-21300 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21305 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user.</p> Reliable Multicast Transport Driver (RMCAST) Microsoft Yes CVE-2025-21307 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> might be helpful in your situation:</strong></p> <p>This vulnerability is only exploitable only if there is a program listening on a Pragmatic General Multicast (PGM) port. If PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable.</p> <p>PGM does not authenticate requests so it is recommended to protect access to any open ports at the network level (e.g. with a firewall). It is not recommended to expose a PGM receiver to the public internet.</p> Kyle Westhaus with Microsoft Offensive Research &amp; Security Engineering (MORSE) 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Themes Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file.</p> Windows Themes Microsoft Yes CVE-2025-21308 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 12242 Spoofing 12243 Spoofing 12389 Spoofing 12390 Spoofing 12436 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation:</p> <ul> <li><p>Systems that have disabled NTLM are not affected.</p> </li> <li><p>Apply the existing group policy to block NTLM hash. With this policy enabled, this issue for a remote SMB location client or server can be mitigated. To enable the policy: Select <strong>Computer Configuration</strong> &gt; <strong>Windows Settings</strong> &gt; ** Security Settings** &gt; <strong>Local Policies</strong> &gt; <strong>Security Options</strong>. On the right pane, double-click the Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers policy per the options listed below in the Network security: <strong>Restrict NTLM: Outgoing NTLM traffic to remote servers</strong> documentation.</p> </li> </ul> <p><strong>References</strong>:</p> <ul> <li>For customers running Windows Server 2008 or 2008 R2: <a href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd560653(v=ws.10)">Introducing the Restriction of NTLM Authentication</a></li> <li>For customers running Windows 7 or 2008 R2: <a href="https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/ntlm-blocking-and-you-application-analysis-and-auditing/ba-p/397191">NTLM Blocking and You</a></li> <li>For customers running Windows 10 or 11: Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers">Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication</a></li> </ul> Blaz Satler with <a href="https://0patch.com/">0patch by ACROS Security</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21310 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Adel and Benjamin Rodes 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Smart Card Reader Information Disclosure Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> Windows Smart Card Microsoft Yes CVE-2025-21312 Use of Uninitialized Resource 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12242 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12243 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12244 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10378 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10379 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 2.4 2.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Kernel Memory Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows Kernel Memory Microsoft Yes CVE-2025-21317 Insertion of Sensitive Information into Log File 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 <a href="https://x.com/yarden_shafir">Yarden Shafir</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Kernel Memory Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows Kernel Memory Microsoft Yes CVE-2025-21323 Insertion of Sensitive Information into Log File 11923 11924 11568 11930 11929 11931 12085 12086 12097 12098 12099 12437 12243 12389 12242 12244 12390 12436 10853 10852 10735 10816 11569 11571 10729 10855 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11568 Information Disclosure 11930 Information Disclosure 11929 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12242 Information Disclosure 12244 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10853 Information Disclosure 10852 Information Disclosure 10735 Information Disclosure 10816 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 10729 Information Disclosure 10855 Information Disclosure 11572 Important 11923 Important 11924 Important 11568 Important 11930 Important 11929 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12243 Important 12389 Important 12242 Important 12244 Important 12390 Important 12436 Important 10853 Important 10852 Important 10735 Important 10816 Important 11569 Important 11571 Important 10729 Important 10855 Important 11572 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11930 11929 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11930 11929 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11930 11929 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12243 12242 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12243 12242 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12243 12242 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10853 10852 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10853 10852 10816 10855 5049993 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10735 10729 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10735 10729 5050013 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> .NET and Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> .NET and Visual Studio Microsoft Yes CVE-2025-21172 Integer Overflow or Wraparound Heap-based Buffer Overflow 11600 11935 12187 12271 12322 10577 12459 12414 12415 12416 12433 12432 12434 Remote Code Execution 11600 Remote Code Execution 11935 Remote Code Execution 12187 Remote Code Execution 12271 Remote Code Execution 12322 Remote Code Execution 10577 Remote Code Execution 12459 Remote Code Execution 12414 Remote Code Execution 12415 Remote Code Execution 12416 Remote Code Execution 12433 Remote Code Execution 12432 Remote Code Execution 12434 Important 11600 Important 11935 Important 12187 Important 12271 Important 12322 Important 10577 Important 12459 Important 12414 Important 12415 Important 12416 Important 12433 Important 12432 Important 12434 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12322 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10577 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12459 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12414 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12415 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12416 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12433 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12432 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12434 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.69 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.43 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.22 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.10 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes 5049688 https://aka.ms/vs/14/release/5049688 5029366 10577 Maybe Security Update 14.0.24252.2 https://support.microsoft.com/help/5049688 10577 5049688 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes 5050525 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12414 12415 12416 Maybe Security Update 8.0.12 https://support.microsoft.com/help/5050525 12414 12415 12416 5050525 5050526 https://dotnet.microsoft.com/en-us/download/dotnet/9.0 12433 12432 12434 Maybe Security Update 9.0.1 https://support.microsoft.com/help/5050526 12433 12432 12434 5050526 <a href="https://infosec.exchange/@ynwarcs">goodbyeselene</a> 2.0 2025-02-11T00:00:00 <p>In the Security Updates table, added Visual Studio 2015 Update 3, as this version of Visual Studio is also affected by this vulnerability.</p> <p>Microsoft recommends that customers running Visual Studio 2015 Update 3 install the update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-21324 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Adel from MSRC V&M 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Installer Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Successful exploitation of this vulnerability by an attacker requires a user to first reboot their machine.</p> <p><strong>Are there any additional steps that I need to follow to be protected from this vulnerability?</strong></p> <p>The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in <a href="https://support.microsoft.com/help/5042562">Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates</a> has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.</p> Windows Installer Microsoft Yes CVE-2025-21331 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/thezdi">Simon Zuckerbraun of Trend Micro Zero Day Initiative</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Cryptographic Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to carefully time their actions to exploit the timing differences in the execution of specific operations. They must accurately measure these timing variations to infer sensitive information or gain unauthorized access. This often involves sophisticated techniques to manipulate and observe the timing behavior of the target system.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially execute a cross-VM attack, thereby compromising multiple virtual machines and expanding the impact of the attack beyond the initially targeted VM.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of encrypted PKCS1 information. An attacker could read the contents of encrypted PKCS1 information from a user mode process.</p> <p><strong>Are there any additional steps that I need to follow to be protected from this vulnerability?</strong></p> <p>The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in <a href="https://support.microsoft.com/help/5042562">Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates</a> has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.</p> Windows Cryptographic Services Microsoft Yes CVE-2025-21336 Observable Discrepancy 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.6 4.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-04-02T00:00:00 <p>Updated CWE value. This is an informational change only.</p> GDI+ Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Windows Win32K - GRFX Microsoft Yes CVE-2025-21338 Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12469 11951 12163 12155 12156 12440 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12469 Remote Code Execution 11951 Remote Code Execution 12163 Remote Code Execution 12155 Remote Code Execution 12156 Remote Code Execution 12440 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12469 Important 11951 Important 12163 Important 12155 Important 12156 Important 12440 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12469 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12163 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12156 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 12469 11951 12440 Yes Security Update 16.93.25011212 https://go.microsoft.com/fwlink/p/?linkid=831049 12469 11951 12440 Release Notes Release Notes https://apps.apple.com/us/app/microsoft-365-office/id541164041 12163 Maybe Security Update 2.93.24123014 https://apps.apple.com/us/app/microsoft-365-office/id541164041 12163 Release Notes Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.18429.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes Release Notes https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12156 Maybe Security Update 16.0.14326.22175 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12156 Release Notes Li Shuang and willJ with vulnerability research institute 1.1 2025-01-27T00:00:00 <p>Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.</p> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21339 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability <p><strong>Are there any additional steps that I need to follow to be protected from this vulnerability?</strong></p> <p>The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in <a href="https://support.microsoft.com/help/5042562">Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates</a> has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.</p> Windows Hello Microsoft Yes CVE-2025-21340 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 Microsoft Offensive Research &amp; Security Engineering 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Web Threat Defense User Service Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could capture screenshots of another user’s session, crossing the user-session boundary.</p> Windows Web Threat Defense User Service Microsoft Yes CVE-2025-21343 Improper Privilege Management 12085 12086 12242 12243 12389 12390 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Important 12085 Important 12086 Important 12242 Important 12243 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12389 12390 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12389 12390 5050009 5050009 https://support.microsoft.com/help/5050009 12389 12390 <a href="https://www.cyber.gov.au/">Australian Signals Directorate</a> <a href="https://www.cyber.gov.au/">Australian Signals Directorate</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could elevate their privileges to perform commands as Root in the target environment.</p> Microsoft AutoUpdate (MAU) Microsoft Yes CVE-2025-21360 Improper Privilege Management 10949 Elevation of Privilege 10949 Important 10949 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10949 Release Notes https://officecdnmac.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/Microsoft_AutoUpdate_4.77.24121924_Updater.pkg 10949 Yes Security Update 4.76 https://learn.microsoft.com/en-us/officeupdates/release-history-microsoft-autoupdate 10949 Release Notes Anonymous 1.1 2025-01-30T00:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Outlook Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>The attacker would be able to bypass the protection in Outlook that prevents a potentially dangerous file extension from being attached enabling a remote code execution.</p> <p><strong>Which version of Outlook for Mac does this affect?</strong></p> <p>This vulnerability only affects the Legacy version of Outlook for Mac which is described in this documentation: <a href="https://support.microsoft.com/en-us/office/outlook-for-mac-6283be54-e74d-434e-babb-b70cefc77439">Outlook for Mac</a>. Customers who have enabled the new Outlook experience are not affected.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Attachment Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes. The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not.</p> Microsoft Office Outlook for Mac Microsoft Yes CVE-2025-21361 Improper Restriction of Names for Files and Other Resources 11951 12466 12440 Remote Code Execution 11951 Remote Code Execution 12466 Remote Code Execution 12440 Important 11951 Important 12466 Important 12440 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 11951 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 12466 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 12440 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Yes Security Update 16.93.25011212 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 12466 Maybe Security Update 16.93 https://go.microsoft.com/fwlink/p/?linkid=831049 12466 Release Notes <a href="https://hackerone.com/someonealt-86">Shubh Sidhu</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Brokering File System Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p> Microsoft Brokering File System Microsoft Yes CVE-2025-21372 Use After Free 12437 12244 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 hazard 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows CSC Service Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an out of bounds read in the caller's address space memory.</p> Windows Client-Side Caching (CSC) Service Microsoft Yes CVE-2025-21374 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Mukyoung Kwak, Seongheun Hong, Jaeseok Bae, Inkyu Yang, Jiwon Jang, Seoyun Cho with Best of the Best 13th Team MSRC Gasan 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows CSC Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Client-Side Caching (CSC) Service Microsoft Yes CVE-2025-21378 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 1.0 2025-01-14T00:00:00 <p>Information published.</p> Microsoft Office OneNote Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Office OneNote Microsoft Yes CVE-2025-21402 Improper Restriction of Names for Files and Other Resources 11951 12440 12468 Remote Code Execution 11951 Remote Code Execution 12440 Remote Code Execution 12468 Important 11951 Important 12440 Important 12468 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 11951 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 12440 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C 12468 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Yes Security Update 16.93.25011212 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 12468 Yes Security Update 16.92.24120731 https://go.microsoft.com/fwlink/p/?linkid=831049 12468 Release Notes <a href="https://hackerone.com/someonealt-86">Shubh Sidhu</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Kerberos Denial of Service Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could use a specially crafted application to leverage a protocol vulnerability in the Kerberos Key Distribution Center (KDC) Proxy Service to perform denial of service against the target.</p> Windows Kerberos Microsoft Yes CVE-2025-21218 Uncontrolled Resource Consumption 11571 11572 11923 11924 12437 12244 12436 10816 10855 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12437 Denial of Service 12244 Denial of Service 12436 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12436 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10816 10855 5049993 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.1 2025-01-16T00:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Azure Marketplace SaaS Resources Information Disclosure Vulnerability <p>Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Marketplace SaaS Resources Microsoft No CVE-2025-21380 Improper Access Control 12465 Information Disclosure 12465 Critical 12465 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12465 Anonymous 1.0 2025-01-09T00:00:00 <p>Information published.</p> Microsoft Purview Information Disclosure Vulnerability <p>A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Purview Microsoft No CVE-2025-21385 Server-Side Request Forgery (SSRF) 12352 Information Disclosure 12352 Critical 12352 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12352 <a href="https://twitter.com/tzahpahima">Tzah Pahima</a> 1.0 2025-01-09T00:00:00 <p>Information published.</p> Windows Security Account Manager (SAM) Denial of Service Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An authenticated attacker could make specially crafted API calls that lead to a Denial of Service.</p> Windows Security Account Manager Microsoft Yes CVE-2025-21313 Deadlock 12437 12244 12389 12390 12436 Denial of Service 12437 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Important 12437 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 Internal with Microsoft 1.0 2025-01-14T00:00:00 <p>Information published.</p> MapUrlToZone Security Feature Bypass Vulnerability <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows MapUrlToZone Microsoft Yes CVE-2025-21332 Improper Resolution of Path Equivalence 12436 12437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 12436 Security Feature Bypass 12437 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 12436 Important 12437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12436 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12437 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12242 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12243 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12244 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12389 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12390 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9312 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10287 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9318 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9344 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10051 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10049 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10378 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10379 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12436 12437 12389 12390 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12436 12437 12389 12390 5050009 5050009 https://support.microsoft.com/help/5050009 12436 12437 12389 12390 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 9312 10287 9318 9344 Yes IE Cumulative 1.007 https://support.microsoft.com/help/5049994 9312 10287 9318 9344 5049994 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10051 10049 10378 10379 Yes IE Cumulative 1.003 https://support.microsoft.com/help/5049994 10051 10049 10378 10379 5049994 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 5049994 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049994 10483 10543 Yes IE Cumulative 1.002 https://support.microsoft.com/help/5049994 10483 10543 5049994 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2025-01-14T00:00:00 <p>Information published.</p> Internet Explorer Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> Internet Explorer Microsoft Yes CVE-2025-21326 Access of Resource Using Incompatible Type ('Type Confusion') 12436 12437 12244 Remote Code Execution 12436 Remote Code Execution 12437 Remote Code Execution 12244 Important 12436 Important 12437 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12436 12437 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12436 12437 5050009 5050009 https://support.microsoft.com/help/5050009 12436 12437 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 <a href="https://twitter.com/jq0904">Quan Jin</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity WeBin Lab</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows NTLM V1 Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p> <p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p> Windows NTLM Microsoft Yes CVE-2025-21311 Incorrect Implementation of Authentication Algorithm 12437 12244 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Critical 12437 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation:</p> <p>Set the <strong>LmCompatabilityLvl</strong> to its maximum value (5) for all machines. This will prevent the usage of the older NTLMv1 protocol, while still allowing NTLMv2. Please see<a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level"> Network security: LAN Manager authentication level</a> for more information.</p> Dylan Bickerstaff with <a href="https://belowaverage.org/">below average</a> 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Does this vulnerability exist in the Hyper-V server?</strong></p> <p>No, the Hyper-V NT Kernel Integration Virtual Service Provider (VSP) is a component used for communications between the host OS and container-type VMs, such as Windows Sandbox and Microsoft Defender Application Guard (MDAG). It is not in a traditional Hyper-V VM environment. Whereas traditional Hyper-V VMs have a strong boundary between the host and the guest for isolation purposes, container-type VMs like MDAG simulate that they are running on the host. The Hyper-V NT Kernel Integration VSP driver has functionality that enables this simulation.</p> <p>Microsoft strongly recommends updating to the latest version of Windows to be protected against this vulnerability.</p> <p><strong>Is this a guest to host type of vulnerability?</strong></p> <p>No, this is a local elevation of privilege, not any type of guest to host escape.</p> Windows Hyper-V NT Kernel Integration VSP Microsoft Yes CVE-2025-21333 Heap-based Buffer Overflow 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11931 Important 12085 Important 12086 Important 12097 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11931 12097 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-15T00:00:00 <p>Added FAQ information. This is an informational change only.</p> Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Does this vulnerability exist in the Hyper-V server?</strong></p> <p>No, the Hyper-V NT Kernel Integration Virtual Service Provider (VSP) is a component used for communications between the host OS and container-type VMs, such as Windows Sandbox and Microsoft Defender Application Guard (MDAG). It is not in a traditional Hyper-V VM environment. Whereas traditional Hyper-V VMs have a strong boundary between the host and the guest for isolation purposes, container-type VMs like MDAG simulate that they are running on the host. The Hyper-V NT Kernel Integration VSP driver has functionality that enables this simulation.</p> <p>Microsoft strongly recommends updating to the latest version of Windows to be protected against this vulnerability.</p> <p><strong>Is this a guest to host type of vulnerability?</strong></p> <p>No, this is a local elevation of privilege, not any type of guest to host escape.</p> Windows Hyper-V NT Kernel Integration VSP Microsoft Yes CVE-2025-21334 Use After Free 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11931 Important 12085 Important 12086 Important 12097 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11931 12097 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 1.0 2025-01-14T00:00:00 <p>Information published.</p> 1.1 2025-01-15T00:00:00 <p>Added FAQ information. This is an informational change only.</p> Windows Secure Kernel Mode Elevation of Privilege Vulnerability <p><strong>What architecture(s) are impacted by this vulnerability?</strong></p> <p>This vulnerability impacts ARM64 only.</p> <p><strong>How could an attacker exploit this vulnerability and what privileges could an attacker gain?</strong></p> <p>An authenticated attacker could escalate privileges to Secure Kernel by overwriting the page table data meant for the kernel.</p> Windows Secure Kernel Mode Microsoft Yes CVE-2025-21325 Incorrect Permission Assignment for Critical Resource 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12389 12390 12436 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 Maxime Villard, of M.O.R.S.E. 1.0 2025-01-16T00:00:00 <p>Information published.</p> 2.0 2025-02-21T00:00:00 <p>In the Security Updates table, added Download and Article links for Windows Server 2025 (Server Core installation).</p> <p>Microsoft recommends that customers install the update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Chromium: CVE-2025-0448 Inappropriate implementation in Compositing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0448 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-16T00:00:24 <p>Information published.</p> Chromium: CVE-2025-0447 Inappropriate implementation in Navigation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0447 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-16T00:00:22 <p>Information published.</p> Chromium: CVE-2025-0446 Inappropriate implementation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0446 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-16T00:00:20 <p>Information published.</p> Chromium: CVE-2025-0443 Insufficient data validation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0443 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-16T00:00:18 <p>Information published.</p> Chromium: CVE-2025-0441 Inappropriate implementation in Fenced Frames <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0441 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-16T00:00:14 <p>Information published.</p> Chromium: CVE-2025-0439 Race in Frames <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0439 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-16T00:00:10 <p>Information published.</p> Chromium: CVE-2025-0438 Stack buffer overflow in Tracing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0438 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-16T00:00:08 <p>Information published.</p> Chromium: CVE-2025-0436 Integer overflow in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0436 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-16T00:00:03 <p>Information published.</p> Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, Attack Vector is Local (AV:L). What does that mean for this vulnerability?</strong></p> <p>An attacker would have to have local presence on the device through malware or a malicious application to be able to exploit this vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2025-21399 Untrusted Search Path 12470 Elevation of Privilege 12470 Important 12470 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.4 6.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12470 Release Notes 12470 No Security Update 1.3.195.43 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12470 Release Notes <a href="https://twitter.com/sim0nsecurity">Simon (@sim0nsecurity)</a> 1.0 2025-01-16T00:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could achieve elevation of privilege and gain the ability to read the API component.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), but lead to no loss of integrity (I:N) or availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability cannot modify any sensitive user data or cause user data to become unavailable but can access sensitive user data.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.115</td> <td>1/17/2025</td> <td>132.0.6834.83/84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2025-21185 Improper Access Control 11655 Elevation of Privilege 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 132.0.2957.115 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes asnine 1.0 2025-01-16T00:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p>User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker is only able to compromise files that they were allowed access to as part of their initial privilege but cannot affect the availability of the browser.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.127</td> <td>1/24/2025</td> <td>132.0.6834.111</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2025-21262 User Interface (UI) Misrepresentation of Critical Information 11655 Spoofing 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 132.0.2957.127 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://www.linkedin.com/in/sazzad-mahmud-tomal-4422b0236">Sazzad Mahmud Tomal</a> 1.0 2025-01-24T00:00:00 <p>Information published.</p> Chromium: CVE-2025-0611 Object corruption in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.127</td> <td>1/24/2025</td> <td>132.0.6834.111</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0612 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.127 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-27T09:54:52 <p>Information published.</p> Chromium: CVE-2025-0612 Out of bounds memory access in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.127</td> <td>1/24/2025</td> <td>132.0.6834.111</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0611 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.127 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-27T09:54:47 <p>Information published.</p> Chromium: CVE-2025-0762 Use after free in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.140</td> <td>1/30/2025</td> <td>132.0.6834.159/160</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-0762 11655 11655 11655 Release Notes 11655 No Security Update 132.0.2957.140 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-01-30T00:00:13 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> Windows Telephony Service Microsoft Yes CVE-2025-21246 Heap-based Buffer Overflow Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21417 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21250 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21240 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21238 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21223 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21409 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-21245 Heap-based Buffer Overflow Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5050008 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008 5048661 11568 11569 11571 11572 Yes Security Update 10.0.17763.6775 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5050008 5050008 https://support.microsoft.com/help/5050008 11568 11569 11571 11572 5049983 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049983 5048654 11923 11924 Yes Security Update 10.0.20348.3091 https://support.microsoft.com/help/5049983 11923 11924 5049983 5049983 https://support.microsoft.com/help/5049983 11923 11924 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 11929 11930 11931 Yes Security Update 10.0.19044.5371 https://support.microsoft.com/help/5049981 11929 11930 11931 5049981 5049981 https://support.microsoft.com/help/5049981 11929 11930 11931 12097 12098 12099 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5049981 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981 5048652 12097 12098 12099 Yes Security Update 10.0.19045.5371 https://support.microsoft.com/help/5049981 12097 12098 12099 5049981 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12437 12389 12390 12436 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050009 5050009 https://support.microsoft.com/help/5050009 12437 12389 12390 12436 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5049984 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049984 5048653 12244 Yes Security Update 10.0.25398.1369 https://support.microsoft.com/help/5049984 12244 5049984 5049984 https://support.microsoft.com/help/5049984 12244 5050013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050013 5048703 10729 10735 Yes Security Update 10.0.10240.20890 https://support.microsoft.com/help/5050013 10729 10735 5050013 5049993 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049993 5048671 10852 10853 10816 10855 Yes Security Update 10.0.14393.7699 https://support.microsoft.com/help/5049993 10852 10853 10816 10855 5049993 5050063 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050063 5048710 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23070 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050063 5050063 https://support.microsoft.com/help/5050063 9312 10287 9318 9344 5050061 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050061 9312 10287 9318 9344 Yes Security Only 6.0.6003.23070 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050061 5050061 https://support.microsoft.com/help/5050061 9312 10287 9318 9344 5050049 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050049 5048695 10051 10049 Yes Monthly Rollup 6.1.7601.27520 https://support.microsoft.com/help/5050049 10051 10049 5050049 5050006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050006 10051 10049 Yes Security Only 6.1.7601.27520 https://support.microsoft.com/help/5050006 10051 10049 5050006 5050004 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050004 5048699 10378 10379 Yes Monthly Rollup 6.2.9200.25273 https://support.microsoft.com/help/5050004 10378 10379 5050004 5050048 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050048 5048735 10483 10543 Yes Monthly Rollup 6.3.9600.22371 https://support.microsoft.com/help/5050048 10483 10543 5050048 Anonymous 1.0 2025-01-14T00:00:00 <p>Information published.</p> Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability <p><strong>What privileges would an attacker gain by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially leak data from the target enclave or execute code within the context of the target enclave.</p> <p><strong>Are there any additional steps that I need to follow to be protected from this vulnerability?</strong></p> <p>The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in <a href="https://support.microsoft.com/help/5042562">Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates</a> has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.</p> Windows Virtualization-Based Security (VBS) Enclave Microsoft Yes CVE-2025-21370 Improper Input Validation 12085 12086 12242 12243 12389 12390 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 12085 Important 12086 Important 12242 Important 12243 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12085 12086 Yes Security Update 10.0.22621.4751 https://support.microsoft.com/help/5050021 12085 12086 5050021 5050021 https://support.microsoft.com/help/5050021 12085 12086 12242 12243 5050021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050021 5048685 12242 12243 Yes Security Update 10.0.22631.4751 https://support.microsoft.com/help/5050021 12242 12243 5050021 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12389 12390 Yes Security Update 10.0.26100.2894 https://support.microsoft.com/help/5050009 12389 12390 5050009 5050009 https://support.microsoft.com/help/5050009 12389 12390 Alex Ionescu, working for Winsider Seminars & Solutions, Inc. 1.0 2025-01-14T08:00:00 <p>Information published. This CVE was addressed by updates that were released in August 2024, but the CVE was inadvertently omitted from the August 2024 Security Updates. This is an informational change only. Customers who have already installed the August 2024 updates do not need to take any further action.</p> 1.1 2026-04-01T07:00:00 <p>Corrected Fixed Build Number and Download links in the Security Updates table. This is an informational change only.</p>