Msrc Windows 11 Version 22H2 For X64-Based Systems vulnerabilities

CVE-2025-48004 [HIGH] CWE-416 Microsoft Brokering File System Elevation of Privilege Vulnerability Microsoft Brokering File System Elevation of Privilege Vulnerability Description: Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condit

CVE-2025-55339 [HIGH] CWE-125 Windows Network Driver Interface Specification (NDIS) Driver Elevation of Privilege Vulnerability Windows Network Driver Interface Specification (NDIS) Driver Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could

CVE-2025-53768 [HIGH] CWE-416 Xbox IStorageService Elevation of Privilege Vulnerability Xbox IStorageService Elevation of Privilege Vulnerability Description: Use after free in Xbox allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Xbox: Xbox Microsoft: Microsoft Customer Action Required: Yes Im

CVE-2025-53717 [HIGH] CWE-807 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Description: Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. FAQ: What privileges would an attacker gain by successfully exploiting this vulnerability? An attacker who su

CVE-2025-58731 [HIGH] CWE-416 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Description: Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: Accordi

CVE-2025-55340 [HIGH] CWE-287 Windows Remote Desktop Protocol Security Feature Bypass Windows Remote Desktop Protocol Security Feature Bypass Description: Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires multiple conditions to be met. The attacker

CVE-2025-55685 [HIGH] CWE-416 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Description: Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS

CVE-2025-58727 [HIGH] CWE-362 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for

CVE-2025-55331 [HIGH] CWE-416 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Description: Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ:

CVE-2025-59289 [HIGH] CWE-415 Windows Bluetooth Service Elevation of Privilege Vulnerability Windows Bluetooth Service Elevation of Privilege Vulnerability Description: Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privile

CVE-2025-55689 [HIGH] CWE-416 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Description: Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ:

CVE-2025-59290 [HIGH] CWE-416 Windows Bluetooth Service Elevation of Privilege Vulnerability Windows Bluetooth Service Elevation of Privilege Vulnerability Description: Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Bluetooth Service: Windows B

CVE-2025-59261 [HIGH] CWE-367 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker

CVE-2025-53139 [HIGH] CWE-319 Windows Hello Security Feature Bypass Vulnerability Windows Hello Security Feature Bypass Vulnerability Description: Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the Windows Hello Facial and Fingerprint Reco

CVE-2025-55686 [HIGH] CWE-416 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Description: Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS

CVE-2025-59194 [HIGH] CWE-908 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be ga

CVE-2025-2884 [MEDIUM] CWE-125 Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation Description: CVE-2025-2884 is regarding a vulnerability in TCG TPM2.0 Reference implementation's CryptHmacSign helper function that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. CERT/CC created this CV

CVE-2025-55330 [MEDIUM] CWE-841 Windows BitLocker Security Feature Bypass Vulnerability Windows BitLocker Security Feature Bypass Vulnerability Description: Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system st

CVE-2025-55334 [MEDIUM] CWE-312 Windows Kernel Security Feature Bypass Vulnerability Windows Kernel Security Feature Bypass Vulnerability Description: Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could decrypt the driver's settings. Windows Kernel: Wind

CVE-2025-59284 [LOW] CWE-200 Windows NTLM Spoofing Vulnerability Windows NTLM Spoofing Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally. Windows NTLM: Windows NTLM Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/