Msrc Windows 10 vulnerabilities

CVE-2025-47955 [HIGH] CWE-269 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Description: Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could g

CVE-2025-33056 [HIGH] CWE-284 Windows Local Security Authority (LSA) Denial of Service Vulnerability Windows Local Security Authority (LSA) Denial of Service Vulnerability Description: Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. Microsoft Local Security Authority Server (lsasrv): Microsoft Local Security Authority Server (lsasrv) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial

CVE-2025-32716 [HIGH] CWE-125 Windows Media Elevation of Privilege Vulnerability Windows Media Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Media: Windows Media Microsoft: Microsoft Customer Action

CVE-2025-32724 [HIGH] CWE-400 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security Authority Subsystem Service (L

CVE-2025-33053 [HIGH] CWE-73 Internet Shortcut Files Remote Code Execution Vulnerability Internet Shortcut Files Remote Code Execution Vulnerability Description: External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Wi

CVE-2025-32721 [HIGH] CWE-59 Windows Recovery Driver Elevation of Privilege Vulnerability Windows Recovery Driver Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator pr

CVE-2025-33075 [HIGH] CWE-59 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Insta

CVE-2025-24069 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-33060 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-32719 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-24068 [MEDIUM] CWE-126 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Win

CVE-2025-33055 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-24065 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an out

CVE-2025-32722 [MEDIUM] CWE-284 Windows Storage Port Driver Information Disclosure Vulnerability Windows Storage Port Driver Information Disclosure Vulnerability Description: Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of

CVE-2025-33058 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-33057 [MEDIUM] CWE-476 Windows Local Security Authority (LSA) Denial of Service Vulnerability Windows Local Security Authority (LSA) Denial of Service Vulnerability Description: Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network. Windows Local Security Authority (LSA): Windows Local Security Authority (LSA) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Public

CVE-2025-3052 [HIGH] CWE-822 Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass Description: Untrusted pointer dereference in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Why is this CERT/CC CVE included in the S

CVE-2025-32720 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-33065 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-33059 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W