Msrc Windows 10 Version 1607 vulnerabilities

CVE-2025-26637 [MEDIUM] CWE-693 Windows BitLocker Security Feature Bypass Vulnerability Windows BitLocker Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems

CVE-2025-26672 [MEDIUM] CWE-126 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, t

CVE-2025-21197 [MEDIUM] CWE-284 Windows NTFS Information Disclosure Vulnerability Windows NTFS Information Disclosure Vulnerability Description: Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerabili

CVE-2025-27742 [MEDIUM] CWE-125 NTFS Information Disclosure Vulnerability NTFS Information Disclosure Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. FAQ: Are the updates for Windows 10 for x64-based Systems and Win

CVE-2025-27735 [MEDIUM] CWE-345 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability Description: Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who suc

CVE-2025-24056 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connec

CVE-2025-26634 [HIGH] CWE-122 Windows Core Messaging Elevation of Privileges Vulnerability Windows Core Messaging Elevation of Privileges Vulnerability Description: Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specif

CVE-2025-24985 [HIGH] CWE-190 Windows Fast FAT File System Driver Remote Code Execution Vulnerability Windows Fast FAT File System Driver Remote Code Execution Vulnerability Description: Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of t

CVE-2025-24067 [HIGH] CWE-122 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft

CVE-2025-24072 [HIGH] CWE-416 Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability Description: Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerabilit

CVE-2025-24035 [HIGH] CWE-591 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability Description: Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requir

CVE-2025-24059 [HIGH] CWE-681 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability cou

CVE-2025-24051 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context

CVE-2025-24066 [HIGH] CWE-122 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Ke

CVE-2025-24044 [HIGH] CWE-416 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Description: Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32 Kernel

CVE-2025-24061 [HIGH] CWE-693 Windows Mark of the Web Security Feature Bypass Vulnerability Windows Mark of the Web Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally. FAQ: How could an attacker exploit the vulnerability? In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. In an email

CVE-2025-21180 [HIGH] CWE-122 Windows exFAT File System Remote Code Execution Vulnerability Windows exFAT File System Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type

CVE-2025-24046 [HIGH] CWE-416 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability Description: Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Streaming Se

CVE-2025-24995 [HIGH] CWE-122 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could g

CVE-2025-24993 [HIGH] CWE-122 Windows NTFS Remote Code Execution Vulnerability Windows NTFS Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as