Msrc Windows 11 Version 24H2 vulnerabilities

CVE-2025-48003 [MEDIUM] CWE-693 Windows BitLocker Security Feature Bypass Vulnerability Windows BitLocker Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. A

CVE-2025-49722 [MEDIUM] CWE-400 Windows Print Spooler Denial of Service Vulnerability Windows Print Spooler Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network. FAQ: According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker

CVE-2025-47980 [MEDIUM] CWE-200 Windows Imaging Component Information Disclosure Vulnerability Windows Imaging Component Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of hea

CVE-2025-48811 [MEDIUM] CWE-353 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Description: Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successf

CVE-2025-49760 [LOW] CWE-73 Windows Storage Spoofing Vulnerability Windows Storage Spoofing Vulnerability Description: External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authorized attacker with low privileges creates a scheduled task that is set to run when a user log

CVE-2025-32714 [HIGH] CWE-284 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Installer: Windows Installer Microsoft: Mi

CVE-2025-32718 [HIGH] CWE-190 Windows SMB Client Elevation of Privilege Vulnerability Windows SMB Client Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows SMB: Windows SMB Microsoft: Microsoft

CVE-2025-33067 [HIGH] CWE-269 Windows Task Scheduler Elevation of Privilege Vulnerability Windows Task Scheduler Elevation of Privilege Vulnerability Description: Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: How could an attacker exploit t

CVE-2025-33066 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context

CVE-2025-32713 [HIGH] CWE-122 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM p

CVE-2025-33070 [HIGH] CWE-908 Windows Netlogon Elevation of Privilege Vulnerability Windows Netlogon Elevation of Privilege Vulnerability Description: Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploit

CVE-2025-33073 [HIGH] CWE-284 Windows SMB Client Elevation of Privilege Vulnerability Windows SMB Client Elevation of Privilege Vulnerability Description: Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: How could an attacker exploit this vulnerab

CVE-2025-32712 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K - GRFX: Windows Win32K - GRFX Microsoft: Microsoft Customer A

CVE-2025-33064 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could send a specially crafted protocol message to a Routing an

CVE-2025-47955 [HIGH] CWE-269 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Description: Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could g

CVE-2025-33056 [HIGH] CWE-284 Windows Local Security Authority (LSA) Denial of Service Vulnerability Windows Local Security Authority (LSA) Denial of Service Vulnerability Description: Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. Microsoft Local Security Authority Server (lsasrv): Microsoft Local Security Authority Server (lsasrv) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial

CVE-2025-32724 [HIGH] CWE-400 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security Authority Subsystem Service (L

CVE-2025-33053 [HIGH] CWE-73 Internet Shortcut Files Remote Code Execution Vulnerability Internet Shortcut Files Remote Code Execution Vulnerability Description: External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Wi

CVE-2025-32721 [HIGH] CWE-59 Windows Recovery Driver Elevation of Privilege Vulnerability Windows Recovery Driver Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator pr

CVE-2025-33075 [HIGH] CWE-59 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Insta