Msrc Windows Server 2008 vulnerabilities

CVE-2025-33064 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could send a specially crafted protocol message to a Routing an

CVE-2025-47955 [HIGH] CWE-269 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Description: Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could g

CVE-2025-33056 [HIGH] CWE-284 Windows Local Security Authority (LSA) Denial of Service Vulnerability Windows Local Security Authority (LSA) Denial of Service Vulnerability Description: Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. Microsoft Local Security Authority Server (lsasrv): Microsoft Local Security Authority Server (lsasrv) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial

CVE-2025-32716 [HIGH] CWE-125 Windows Media Elevation of Privilege Vulnerability Windows Media Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Media: Windows Media Microsoft: Microsoft Customer Action

CVE-2025-32724 [HIGH] CWE-400 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security Authority Subsystem Service (L

CVE-2025-33053 [HIGH] CWE-73 Internet Shortcut Files Remote Code Execution Vulnerability Internet Shortcut Files Remote Code Execution Vulnerability Description: External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Wi

CVE-2025-33075 [HIGH] CWE-59 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Insta

CVE-2025-33057 [MEDIUM] CWE-476 Windows Local Security Authority (LSA) Denial of Service Vulnerability Windows Local Security Authority (LSA) Denial of Service Vulnerability Description: Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network. Windows Local Security Authority (LSA): Windows Local Security Authority (LSA) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Public

CVE-2025-29962 [HIGH] CWE-122 Windows Media Remote Code Execution Vulnerability Windows Media Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could exe

CVE-2025-24063 [HIGH] CWE-122 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the C

CVE-2025-32701 [HIGH] CWE-416 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-32706 [HIGH] CWE-20 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM pri

CVE-2025-30385 [HIGH] CWE-416 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the abili

CVE-2025-32709 [HIGH] CWE-416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerabilit

CVE-2025-30397 [HIGH] CWE-843 Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Description: Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to first prepare

CVE-2025-30388 [HIGH] CWE-122 Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type o

CVE-2025-29969 [HIGH] CWE-367 MS-EVEN RPC Remote Code Execution Vulnerability MS-EVEN RPC Remote Code Execution Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: Accordin

CVE-2025-29974 [MEDIUM] CWE-191 Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. FAQ: According to the CVSS metric, user intera

CVE-2025-29960 [MEDIUM] CWE-125 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could po

CVE-2025-29837 [MEDIUM] CWE-59 Windows Installer Information Disclosure Vulnerability Windows Installer Information Disclosure Vulnerability Description: Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of K