Msrc Windows 10 Version 22H2 vulnerabilities

CVE-2025-58738 [HIGH] CWE-416 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Description: Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ: According to the

CVE-2025-50152 [HIGH] CWE-125 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Ac

CVE-2025-59207 [HIGH] CWE-822 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft

CVE-2025-59277 [HIGH] CWE-1287 Windows Authentication Elevation of Privilege Vulnerability Windows Authentication Elevation of Privilege Vulnerability Description: Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted appli

CVE-2025-58733 [HIGH] CWE-416 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Description: Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ: According to the

CVE-2025-59195 [HIGH] CWE-362 Windows Graphics Component Denial of Service Vulnerability Windows Graphics Component Denial of Service Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerabi

CVE-2025-59191 [HIGH] CWE-122 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability cou

CVE-2025-59254 [HIGH] CWE-122 Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Librar

CVE-2025-59202 [HIGH] CWE-416 Windows Remote Desktop Services Elevation of Privilege Vulnerability Windows Remote Desktop Services Elevation of Privilege Vulnerability Description: Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. FAQ: Accordi

CVE-2025-54957 [CRITICAL] CWE-502 MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder Description: Deserialization of untrusted data in Microsoft Windows Codecs Library allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and c

CVE-2025-55696 [HIGH] CWE-367 NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability Description: Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploit

CVE-2025-59275 [HIGH] CWE-1287 Windows Authentication Elevation of Privilege Vulnerability Windows Authentication Elevation of Privilege Vulnerability Description: Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges.

CVE-2025-55678 [HIGH] CWE-416 DirectX Graphics Kernel Elevation of Privilege Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability Description: Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack comp

CVE-2025-59502 [HIGH] CWE-400 Remote Procedure Call Denial of Service Vulnerability Remote Procedure Call Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release

CVE-2025-59208 [HIGH] CWE-125 Windows MapUrlToZone Information Disclosure Vulnerability Windows MapUrlToZone Information Disclosure Vulnerability Description: Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean fo

CVE-2025-58715 [HIGH] CWE-190 Windows Speech Runtime Elevation of Privilege Vulnerability Windows Speech Runtime Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS

CVE-2025-53150 [HIGH] CWE-416 Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability Description: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level. Windo

CVE-2025-58735 [HIGH] CWE-416 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Description: Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ: According to the

CVE-2025-59230 [HIGH] CWE-284 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Description: Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SY

CVE-2025-59200 [HIGH] CWE-362 Data Sharing Service Spoofing Vulnerability Data Sharing Service Spoofing Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click a specially crafted button for the att