Msrc Windows 10 Version 1607 vulnerabilities

CVE-2025-60724 [CRITICAL] CWE-122 GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit the vulnerability? An attacker

CVE-2025-59505 [HIGH] CWE-415 Windows Smart Card Reader Elevation of Privilege Vulnerability Windows Smart Card Reader Elevation of Privilege Vulnerability Description: Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Smart Card: Windows Smart Card Micros

CVE-2025-59514 [HIGH] CWE-269 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Description: Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mic

CVE-2025-62217 [HIGH] CWE-362 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that

CVE-2025-60709 [HIGH] CWE-125 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privilege

CVE-2025-59512 [HIGH] CWE-284 Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability Description: Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerabi

CVE-2025-60705 [HIGH] CWE-284 Windows Client-Side Caching Elevation of Privilege Vulnerability Windows Client-Side Caching Elevation of Privilege Vulnerability Description: Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. W

CVE-2025-62452 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (P

CVE-2025-60715 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are low (PR

CVE-2025-60704 [HIGH] CWE-325 Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability Description: Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. FAQ: How could an attacker exploit this vulnerability? When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk. In one such scenario for this vulnerability, the attacker could convinc

CVE-2025-60719 [HIGH] CWE-822 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this

CVE-2025-59506 [HIGH] CWE-362 DirectX Graphics Kernel Elevation of Privilege Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerabilit

CVE-2025-62213 [HIGH] CWE-416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability r

CVE-2025-60714 [HIGH] CWE-122 Windows OLE Remote Code Execution Vulnerability Windows OLE Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Ar

CVE-2025-60703 [HIGH] CWE-822 Windows Remote Desktop Services Elevation of Privilege Vulnerability Windows Remote Desktop Services Elevation of Privilege Vulnerability Description: Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Remo

CVE-2025-60720 [HIGH] CWE-126 Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability Description: Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could g

CVE-2025-59508 [HIGH] CWE-362 Windows Speech Recognition Elevation of Privilege Vulnerability Windows Speech Recognition Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability

CVE-2025-59507 [HIGH] CWE-362 Windows Speech Runtime Elevation of Privilege Vulnerability Windows Speech Runtime Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability r

CVE-2025-59510 [MEDIUM] CWE-59 Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability Description: Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. Windows Routing and Remote Access Service (RRAS): Windows Routing and Remote Access Service (RRAS) Microsoft: Microsoft

CVE-2025-59513 [MEDIUM] CWE-125 Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), no loss of integrity (I:N), and some loss