CVE-2025-21284: Windows Virtual Trusted Platform Module Denial of Service Vulnerability

CVE-2025-21284 [MEDIUM] CWE-20 Windows Virtual Trusted Platform Module Denial of Service Vulnerability Windows Virtual Trusted Platform Module Denial of Service Vulnerability FAQ: Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability? If an attacker was able to successfully exploit the vulnerability the attack might result in a total loss of availab

CVE-2021-21284 [MEDIUM] CWE-22 privilege escalation in Moby privilege escalation in Moby FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this. Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/

CVE-2025-21284 [MEDIUM] CWE-20 GHSA-p2p3-g25h-5x84: Windows Virtual Trusted Platform Module Denial of Service Vulnerability Windows Virtual Trusted Platform Module Denial of Service Vulnerability

[HIGH] Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws ## Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws ## Lawrence Abrams 40 Elevation of Privilege Vulnerabilities 14 Security Feature Bypass Vulnerabilities 58 Remote Code Execution Vulnerabilities 24 Information Disclosure Vulnerabilities 20 Denial of Service Vulnerabilities 5 Spoofing Vulnerabilities To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5050009 & KB5050021 cumulative updates and the Windows 10 KB5048652 cumulative update. ## Three actively exploited zero-day disclosed This month's Patch Tuesday fixes three actively exploited and five publicly exposed zero-day vulnerabilities. Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no offi