Msrc Windows 11 Version 22H2 vulnerabilities

CVE-2025-54894 [HIGH] CWE-122 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Local Security Authority Subsystem Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security Authority Subsystem Service (LSASS) M

CVE-2025-54111 [HIGH] CWE-416 Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability Description: Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ab

CVE-2025-54098 [HIGH] CWE-284 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft:

CVE-2025-54112 [HIGH] CWE-416 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Description: Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: Wh

CVE-2025-54091 [HIGH] CWE-190 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Role: Windows Hyper-V: Role: Windows Hyper-V Micr

CVE-2025-54895 [HIGH] CWE-190 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited

CVE-2025-53807 [HIGH] CWE-362 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this

CVE-2025-54102 [HIGH] CWE-416 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Description: Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTE

CVE-2025-54919 [HIGH] CWE-362 Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerab

CVE-2025-54114 [HIGH] CWE-362 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for

CVE-2025-54911 [HIGH] CWE-416 Windows BitLocker Elevation of Privilege Vulnerability Windows BitLocker Elevation of Privilege Vulnerability Description: Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, user interaction is requi

CVE-2025-54099 [HIGH] CWE-121 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vu

CVE-2025-54110 [HIGH] CWE-190 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, a successful explo

CVE-2025-54913 [HIGH] CWE-362 Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An att

CVE-2025-54912 [HIGH] CWE-416 Windows BitLocker Elevation of Privilege Vulnerability Windows BitLocker Elevation of Privilege Vulnerability Description: Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Windows BitLocker: Windows BitLocker Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catal

CVE-2025-53800 [HIGH] CWE-1419 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Comp

CVE-2025-53803 [MEDIUM] CWE-209 Windows Kernel Memory Information Disclosure Vulnerability Windows Kernel Memory Information Disclosure Vulnerability Description: Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact

CVE-2025-54094 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-53808 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-53799 [MEDIUM] CWE-908 Windows Imaging Component Information Disclosure Vulnerability Windows Imaging Component Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to