Msrc Windows Server 2008 vulnerabilities

CVE-2025-59280 [LOW] CWE-287 Windows SMB Client Tampering Vulnerability Windows SMB Client Tampering Vulnerability Description: Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. FAQ: According to the CVSS

CVE-2025-54918 [HIGH] CWE-287 Windows NTLM Elevation of Privilege Vulnerability Windows NTLM Elevation of Privilege Vulnerability Description: Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack vector is net

CVE-2025-55234 [HIGH] CWE-287 Windows SMB Elevation of Privilege Vulnerability Windows SMB Elevation of Privilege Vulnerability Description: SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protec

CVE-2025-54916 [HIGH] CWE-121 Windows NTFS Remote Code Execution Vulnerability Windows NTFS Remote Code Execution Vulnerability Description: Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: According to the CVSS

CVE-2025-54093 [HIGH] CWE-367 Windows TCP/IP Driver Elevation of Privilege Vulnerability Windows TCP/IP Driver Elevation of Privilege Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to th

CVE-2025-54894 [HIGH] CWE-122 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Local Security Authority Subsystem Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security Authority Subsystem Service (LSASS) M

CVE-2025-54099 [HIGH] CWE-121 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vu

CVE-2025-54110 [HIGH] CWE-190 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, a successful explo

CVE-2025-54094 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-53808 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-53799 [MEDIUM] CWE-908 Windows Imaging Component Information Disclosure Vulnerability Windows Imaging Component Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to

CVE-2025-54107 [MEDIUM] CWE-41 MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability Description: Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. FAQ: The Securi

CVE-2025-54915 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-54104 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-53810 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-54109 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-54917 [MEDIUM] CWE-693 MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. FAQ: According to the CVS

CVE-2025-55226 [MEDIUM] CWE-362 Graphics Kernel Remote Code Execution Vulnerability Graphics Kernel Remote Code Execution Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does

CVE-2025-53766 [CRITICAL] CWE-122 GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the privilege required is none (PR:N) and user interaction is none (UI:N). What does that mean for this vulnerability? An attacker doesn't require any privileges on the systems hosting the web services. Successful exploitation

CVE-2025-50173 [HIGH] CWE-1390 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Installer: Windows Installer Microsoft: Micro