Msrc Windows Server 2012 vulnerabilities

CVE-2025-47986 [HIGH] CWE-416 Universal Print Management Service Elevation of Privilege Vulnerability Universal Print Management Service Elevation of Privilege Vulnerability Description: Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a contained execution e

CVE-2025-49730 [HIGH] CWE-367 Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability

CVE-2025-49732 [HIGH] CWE-122 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to t

CVE-2025-49659 [HIGH] CWE-126 Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability Description: Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could g

CVE-2025-48808 [MEDIUM] CWE-200 Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of ker

CVE-2025-49670 [MEDIUM] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are non

CVE-2025-49671 [MEDIUM] CWE-200 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successful

CVE-2025-49681 [MEDIUM] CWE-125 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are n

CVE-2025-49658 [MEDIUM] CWE-125 Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability Description: Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small

CVE-2025-48001 [MEDIUM] CWE-367 Windows BitLocker Security Feature Bypass Vulnerability Windows BitLocker Security Feature Bypass Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the sys

CVE-2025-49664 [MEDIUM] CWE-200 Windows User-Mode Driver Framework Host Information Disclosure Vulnerability Windows User-Mode Driver Framework Host Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of ce

CVE-2025-48804 [MEDIUM] CWE-349 Windows BitLocker Security Feature Bypass Vulnerability Windows BitLocker Security Feature Bypass Vulnerability Description: Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on

CVE-2025-49722 [MEDIUM] CWE-400 Windows Print Spooler Denial of Service Vulnerability Windows Print Spooler Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network. FAQ: According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker

CVE-2025-47980 [MEDIUM] CWE-200 Windows Imaging Component Information Disclosure Vulnerability Windows Imaging Component Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of hea

CVE-2025-32714 [HIGH] CWE-284 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Installer: Windows Installer Microsoft: Mi

CVE-2025-32718 [HIGH] CWE-190 Windows SMB Client Elevation of Privilege Vulnerability Windows SMB Client Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows SMB: Windows SMB Microsoft: Microsoft

CVE-2025-33071 [HIGH] CWE-416 Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability Description: Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Kerberos Key Dist

CVE-2025-33066 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context

CVE-2025-32713 [HIGH] CWE-122 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM p

CVE-2025-33070 [HIGH] CWE-908 Windows Netlogon Elevation of Privilege Vulnerability Windows Netlogon Elevation of Privilege Vulnerability Description: Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploit