CVE-2025-29828
published 2025-06-10CVE-2025-29828: Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.
PriorityP350high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
1.11%
61.6th percentile
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_22h2 | < 10.0.22621.5472 | 10.0.22621.5472 |
| microsoft | windows_11_23h2 | < 10.0.22631.5472 | 10.0.22631.5472 |
| microsoft | windows_11_24h2 | < 10.0.26100.4270 | 10.0.26100.4270 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.5472 | 10.0.22621.5472 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5472 | 10.0.22631.5472 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5472 | 10.0.22631.5472 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.4349 | 10.0.26100.4349 |
| microsoft | windows_server_2022 | < 10.0.20348.3745 | 10.0.20348.3745 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.3807 | 10.0.20348.3807 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1665 | 10.0.25398.1665 |
| microsoft | windows_server_2025 | < 10.0.26100.4270 | 10.0.26100.4270 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.4349 | 10.0.26100.4349 |
| msrc | windows_11_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
| msrc | windows_server_2025 | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Schannel Remote Code Execution Vulnerability
vendor_msrc·2025-06-10·CVSS 8.1
CVE-2025-29828 [HIGH] CWE-401 Windows Schannel Remote Code Execution Vulnerability
Windows Schannel Remote Code Execution Vulnerability
Description: Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to send a large number of messages.
FAQ: How could an attacker exploit the vulnerability?
An attacker can exploit this vulnerability by sending malicious fragmented ClientHello messages to a target server that accepts Transport Layer Security (TLS) connections.
Windows Cryptographic Services: Windows Cryptographic Services
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Cod
GHSA
GHSA-vjfq-34vr-xpmm: Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network
ghsa_unreviewed·2025-06-10
CVE-2025-29828 [HIGH] CWE-401 GHSA-vjfq-34vr-xpmm: Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities
blogs_talos·2025-06-10·CVSS 8.1
CVE-2025-32717 [HIGH] Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities
Update 6/12/2025: Microsoft released an additional CVE ( CVE-2025-32717 ). Details and SIDs have been reflected to include this additional vulnerability.
Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.”
In this month's release, none of the included vulnerabilities have been observed by Microsoft being actively exploited in the wild. Out of eleven "critical" entries, nine are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including Microsoft Windows Remote Desktop Service, Windows Schannel (Secure Channel), KDC Proxy service, Micro
Talos
Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities
blogs_talos·2025-06-10·CVSS 8.1
CVE-2025-32717 [HIGH] Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities
Update 6/12/2025: Microsoft released an additional CVE (CVE-2025-32717). Details and SIDs have been reflected to include this additional vulnerability.
Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.”
In this month's release, none of the included vulnerabilities have been observed by Microsoft being actively exploited in the wild. Out of eleven "critical" entries, nine are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including Microsoft Windows Remote Desktop Service, Windows Schannel (Secure Channel), KDC Proxy service, Microsoft Office, Word and SharePoint server. There are two elevation of privilege vulnerabil
Qualys
Microsoft and Adobe Patch Tuesday, June 2025 Security Update Review
blogs_qualys·2025-06-10
Microsoft and Adobe Patch Tuesday, June 2025 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for June 2025
Adobe Patches for June 2025
Zero-day Vulnerabilities Patched in June Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in June Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response withPatch Management (PM)
Microsoft June 2025 Patch Tuesday Mitigations
Qualys Monthly Webinar Series
Microsoft’s June 2025 Patch Tuesday has landed, addressing a new batch of critical and important vulnerabilities across Windows and enterprise products. Here’s a quick breakdown of what you need to know.
## Microsoft Patch Tuesday for June 2025
In this month’s Patch Tuesday, June 2025
Qualys
Microsoft and Adobe Patch Tuesday, June 2025 Security Update Review | Qualys
blogs_qualys·2025-06-10
Microsoft and Adobe Patch Tuesday, June 2025 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for June 2025
- Adobe Patches for June 2025
- Zero-day Vulnerabilities Patched in June Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in June Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response withPatch Management (PM)
- Microsoft June 2025 Patch Tuesday Mitigations
- Qualys Monthly Webinar Series
Microsoft’s June 2025 Patch Tuesday has landed, addressing a new batch of critical and important vulnerabilities across Windows and enterprise products. Here’s a quick breakdown of what you need to know.
## Microsoft Patch Tuesday for June 2025
In this month’s Patch Tuesd
Bleepingcomputer
Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws
blogs_bleepingcomputer·2025-06-10·CVSS 8.8
[HIGH] Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws
## Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws
## Lawrence Abrams
13 Elevation of Privilege Vulnerabilities
3 Security Feature Bypass Vulnerabilities
25 Remote Code Execution Vulnerabilities
17 Information Disclosure Vulnerabilities
6 Denial of Service Vulnerabilities
2 Spoofing Vulnerabilities
This count does not include Mariner, Microsoft Edge, and Power Automate flaws fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5060842 and KB5060999 cumulative updates and the Windows 10 KB5060533 cumulative update .
## Two zero-days
This month's Patch Tuesday fixes one actively exploited zero-day and one publicly disclosed vulnerability. Microsoft classifies a zero-day
Crowdstrike
June 2025 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] June 2025 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
Crowdstrike
July 2025 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2025 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2025-06-10
Published