Msrc Windows Server 2008 R2 vulnerabilities

CVE-2025-53808 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-53799 [MEDIUM] CWE-908 Windows Imaging Component Information Disclosure Vulnerability Windows Imaging Component Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to

CVE-2025-54107 [MEDIUM] CWE-41 MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability Description: Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. FAQ: The Securi

CVE-2025-54915 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-54104 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-53810 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-54109 [MEDIUM] CWE-843 Windows Defender Firewall Service Elevation of Privilege Vulnerability Windows Defender Firewall Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate p

CVE-2025-54917 [MEDIUM] CWE-693 MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. FAQ: According to the CVS

CVE-2025-55226 [MEDIUM] CWE-362 Graphics Kernel Remote Code Execution Vulnerability Graphics Kernel Remote Code Execution Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does

CVE-2025-53766 [CRITICAL] CWE-122 GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the privilege required is none (PR:N) and user interaction is none (UI:N). What does that mean for this vulnerability? An attacker doesn't require any privileges on the systems hosting the web services. Successful exploitation

CVE-2025-50173 [HIGH] CWE-1390 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Installer: Windows Installer Microsoft: Micro

CVE-2025-53722 [HIGH] CWE-400 Windows Remote Desktop Services Denial of Service Vulnerability Windows Remote Desktop Services Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. Windows Remote Desktop Services: Windows Remote Desktop Services Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:

CVE-2025-50153 [HIGH] CWE-416 Desktop Window Manager Elevation of Privilege Vulnerability Desktop Window Manager Elevation of Privilege Vulnerability Description: Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. FAQ: What privileges could an attacker gain with successful exploitation? An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions wit

CVE-2025-50161 [HIGH] CWE-122 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.

CVE-2025-53718 [HIGH] CWE-416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability r

CVE-2025-53140 [HIGH] CWE-416 Windows Kernel Transaction Manager Elevation of Privilege Vulnerability Windows Kernel Transaction Manager Elevation of Privilege Vulnerability Description: Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race conditi

CVE-2025-53145 [HIGH] CWE-843 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an authenticated attacker would need to send a specially crafted MSMQ packet to a

CVE-2025-53778 [HIGH] CWE-287 Windows NTLM Elevation of Privilege Vulnerability Windows NTLM Elevation of Privilege Vulnerability Description: Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows NTLM: Windows NTLM Microsoft: Microsoft Customer

CVE-2025-55230 [HIGH] CWE-822 Windows MBT Transport Driver Elevation of Privilege Vulnerability Windows MBT Transport Driver Elevation of Privilege Vulnerability Description: Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows MBT

CVE-2025-53134 [HIGH] CWE-367 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that