Msrc Windows 10 Version 1607 vulnerabilities

CVE-2025-47981 [CRITICAL] CWE-122 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit the vulnerability? An attacker could exploit this vulnerability by sending a malicious message to the

CVE-2025-6965 [HIGH] CWE-197 Integer Truncation on SQLite Integer Truncation on SQLite FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transp

CVE-2025-47982 [HIGH] CWE-20 Windows Storage VSP Driver Elevation of Privilege Vulnerability Windows Storage VSP Driver Elevation of Privilege Vulnerability Description: Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Storage VSP Dri

CVE-2025-47973 [HIGH] CWE-126 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Description: Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability? An attacker can trick a local user on a vulnerable system int

CVE-2025-49680 [HIGH] CWE-59 Windows Performance Recorder (WPR) Denial of Service Vulnerability Windows Performance Recorder (WPR) Denial of Service Vulnerability Description: Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? Exploitation of th

CVE-2025-49740 [HIGH] CWE-693 Windows SmartScreen Security Feature Bypass Vulnerability Windows SmartScreen Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could evade Mark of the Web (MOTW) defenses. FAQ: Ho

CVE-2025-49678 [HIGH] CWE-476 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who suc

CVE-2025-49687 [HIGH] CWE-125 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Description: Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a c

CVE-2025-48805 [HIGH] CWE-122 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the

CVE-2025-48806 [HIGH] CWE-416 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability Description: Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. Th

CVE-2025-48819 [HIGH] CWE-591 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability Description: Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for

CVE-2025-49686 [HIGH] CWE-476 Windows TCP/IP Driver Elevation of Privilege Vulnerability Windows TCP/IP Driver Elevation of Privilege Vulnerability Description: Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows TCP/IP: Windows TCP/IP Microsoft: Mi

CVE-2025-47987 [HIGH] CWE-122 Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vu

CVE-2025-49665 [HIGH] CWE-362 Workspace Broker Elevation of Privilege Vulnerability Workspace Broker Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially

CVE-2025-48816 [HIGH] CWE-190 HID Class Driver Elevation of Privilege Vulnerability HID Class Driver Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. HID class driver: HID class dri

CVE-2025-49679 [HIGH] CWE-197 Windows Shell Elevation of Privilege Vulnerability Windows Shell Elevation of Privilege Vulnerability Description: Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Shell: Windows Shell Microsoft: Microsoft Customer A

CVE-2025-49667 [HIGH] CWE-415 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Description: Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K - ICOMP: Windows

CVE-2025-47159 [HIGH] CWE-693 Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability Description: Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulne

CVE-2025-47984 [HIGH] CWE-693 Windows GDI Information Disclosure Vulnerability Windows GDI Information Disclosure Vulnerability Description: Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Windows GDI: Windows GDI Microsoft:

CVE-2025-49742 [HIGH] CWE-190 Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability Description: Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. Th