Msrc Windows 10 vulnerabilities

CVE-2025-21268 [MEDIUM] CWE-41 MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all res

CVE-2025-21213 [MEDIUM] CWE-284 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Windows BitLocker: Windows BitLocker Microsoft: Microsoft Customer Action Required: Yes Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No;Latest

CVE-2025-21214 [MEDIUM] CWE-200 Windows BitLocker Information Disclosure Vulnerability Windows BitLocker Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Bitlocker Key. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerabilit

CVE-2025-21280 [MEDIUM] CWE-20 Windows Virtual Trusted Platform Module Denial of Service Vulnerability Windows Virtual Trusted Platform Module Denial of Service Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? A successful exploitation of this vulnerability via a medium integrity level exploit could allow an attacker to gain unauthorized access to system-level resources, potentially modify

CVE-2025-21219 [MEDIUM] CWE-41 MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all res

CVE-2025-21321 [MEDIUM] CWE-532 Windows Kernel Memory Information Disclosure Vulnerability Windows Kernel Memory Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. FAQ: Are there any additional steps that I need to

CVE-2025-21227 [MEDIUM] CWE-125 Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the tar

CVE-2025-21324 [MEDIUM] CWE-125 Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited th

CVE-2025-21255 [MEDIUM] CWE-125 Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited th

CVE-2025-21232 [MEDIUM] CWE-125 Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited th

CVE-2025-21272 [MEDIUM] CWE-908 Windows COM Server Information Disclosure Vulnerability Windows COM Server Information Disclosure Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could get unauthorized access to sensitive user data outside of the AppContainer execution environment. FAQ: Wha

CVE-2025-21258 [MEDIUM] CWE-125 Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited th

CVE-2025-21263 [MEDIUM] CWE-125 Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited th

CVE-2025-21202 [MEDIUM] CWE-284 Windows Recovery Environment Agent Elevation of Privilege Vulnerability Windows Recovery Environment Agent Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an attacker needs physical access to the victim's machine. Windows Recovery Environment Agent: Windows Recovery Environment Agent Microsoft: Microsoft Customer Action Requi

CVE-2025-21284 [MEDIUM] CWE-20 Windows Virtual Trusted Platform Module Denial of Service Vulnerability Windows Virtual Trusted Platform Module Denial of Service Vulnerability FAQ: Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to acco

CVE-2025-21288 [MEDIUM] CWE-908 Windows COM Server Information Disclosure Vulnerability Windows COM Server Information Disclosure Vulnerability FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the Ap

CVE-2025-21329 [MEDIUM] CWE-41 MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all res

CVE-2025-21215 [MEDIUM] CWE-125 Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit the vulnerability and save an invalid state to a database or trigger other unintended actions. FAQ: What kind of security feature could be bypassed by successfully exp

CVE-2025-21261 [MEDIUM] CWE-125 Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited th

CVE-2024-7344 [HIGH] Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass Description: This CVE was assigned by CERT CC. The purpose of this document is to attest to the fact that the products listed in the Security Updates table have been updated to protect against this vulnerability. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerab