Msrc Windows 11 Version 24H2 vulnerabilities

CVE-2025-54913 [HIGH] CWE-362 Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An att

CVE-2025-54912 [HIGH] CWE-416 Windows BitLocker Elevation of Privilege Vulnerability Windows BitLocker Elevation of Privilege Vulnerability Description: Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Windows BitLocker: Windows BitLocker Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catal

CVE-2025-53800 [HIGH] CWE-1419 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Comp

CVE-2025-53803 [MEDIUM] CWE-209 Windows Kernel Memory Information Disclosure Vulnerability Windows Kernel Memory Information Disclosure Vulnerability Description: Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact

CVE-2025-54094 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-53808 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-53799 [MEDIUM] CWE-908 Windows Imaging Component Information Disclosure Vulnerability Windows Imaging Component Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to

CVE-2025-53804 [MEDIUM] CWE-200 Windows Kernel-Mode Driver Information Disclosure Vulnerability Windows Kernel-Mode Driver Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing t

CVE-2025-54107 [MEDIUM] CWE-41 MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability Description: Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. FAQ: The Securi

CVE-2025-54915 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-54104 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-53810 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-54109 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-54917 [MEDIUM] CWE-693 MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. FAQ: According to the CVS

CVE-2025-55226 [MEDIUM] CWE-362 Graphics Kernel Remote Code Execution Vulnerability Graphics Kernel Remote Code Execution Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does

CVE-2025-53766 [CRITICAL] CWE-122 GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the privilege required is none (PR:N) and user interaction is none (UI:N). What does that mean for this vulnerability? An attacker doesn't require any privileges on the systems hosting the web services. Successful exploitation

CVE-2025-50159 [HIGH] CWE-416 Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability Description: Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? An administrative user must be

CVE-2025-53723 [HIGH] CWE-197 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system. Ro

CVE-2025-50173 [HIGH] CWE-1390 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Installer: Windows Installer Microsoft: Micro

CVE-2025-53155 [HIGH] CWE-122 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could create a crafted vhdx file and can call the vhdmp api with vhdx as one of the arguments. FAQ: What privileges could be gained by an attacker who successfu