Msrc Windows Server 2008 R2 vulnerabilities

CVE-2025-33064 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could send a specially crafted protocol message to a Routing an

CVE-2025-47955 [HIGH] CWE-269 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Description: Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could g

CVE-2025-33056 [HIGH] CWE-284 Windows Local Security Authority (LSA) Denial of Service Vulnerability Windows Local Security Authority (LSA) Denial of Service Vulnerability Description: Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. Microsoft Local Security Authority Server (lsasrv): Microsoft Local Security Authority Server (lsasrv) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial

CVE-2025-32716 [HIGH] CWE-125 Windows Media Elevation of Privilege Vulnerability Windows Media Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Media: Windows Media Microsoft: Microsoft Customer Action

CVE-2025-32724 [HIGH] CWE-400 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security Authority Subsystem Service (L

CVE-2025-33053 [HIGH] CWE-73 Internet Shortcut Files Remote Code Execution Vulnerability Internet Shortcut Files Remote Code Execution Vulnerability Description: External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Wi

CVE-2025-33075 [HIGH] CWE-59 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Insta

CVE-2025-33057 [MEDIUM] CWE-476 Windows Local Security Authority (LSA) Denial of Service Vulnerability Windows Local Security Authority (LSA) Denial of Service Vulnerability Description: Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network. Windows Local Security Authority (LSA): Windows Local Security Authority (LSA) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Public

CVE-2025-32715 [MEDIUM] CWE-125 Remote Desktop Protocol Client Information Disclosure Vulnerability Remote Desktop Protocol Client Information Disclosure Vulnerability Description: Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According t

CVE-2025-29962 [HIGH] CWE-122 Windows Media Remote Code Execution Vulnerability Windows Media Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could exe

CVE-2025-24063 [HIGH] CWE-122 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the C

CVE-2025-32701 [HIGH] CWE-416 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-32706 [HIGH] CWE-20 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM pri

CVE-2025-30385 [HIGH] CWE-416 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the abili

CVE-2025-32709 [HIGH] CWE-416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerabilit

CVE-2025-30397 [HIGH] CWE-843 Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Description: Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to first prepare

CVE-2025-29966 [HIGH] CWE-122 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine w

CVE-2025-30388 [HIGH] CWE-122 Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type o

CVE-2025-29967 [HIGH] CWE-122 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client m

CVE-2025-29969 [HIGH] CWE-367 MS-EVEN RPC Remote Code Execution Vulnerability MS-EVEN RPC Remote Code Execution Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: Accordin