Msrc Windows Server 2012 vulnerabilities

CVE-2025-33073 [HIGH] CWE-284 Windows SMB Client Elevation of Privilege Vulnerability Windows SMB Client Elevation of Privilege Vulnerability Description: Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: How could an attacker exploit this vulnerab

CVE-2025-32712 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K - GRFX: Windows Win32K - GRFX Microsoft: Microsoft Customer A

CVE-2025-33064 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could send a specially crafted protocol message to a Routing an

CVE-2025-47955 [HIGH] CWE-269 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Description: Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could g

CVE-2025-33056 [HIGH] CWE-284 Windows Local Security Authority (LSA) Denial of Service Vulnerability Windows Local Security Authority (LSA) Denial of Service Vulnerability Description: Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. Microsoft Local Security Authority Server (lsasrv): Microsoft Local Security Authority Server (lsasrv) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial

CVE-2025-32716 [HIGH] CWE-125 Windows Media Elevation of Privilege Vulnerability Windows Media Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Media: Windows Media Microsoft: Microsoft Customer Action

CVE-2025-32724 [HIGH] CWE-400 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security Authority Subsystem Service (L

CVE-2025-32710 [HIGH] CWE-416 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability Description: Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race conditi

CVE-2025-33053 [HIGH] CWE-73 Internet Shortcut Files Remote Code Execution Vulnerability Internet Shortcut Files Remote Code Execution Vulnerability Description: External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Wi

CVE-2025-33075 [HIGH] CWE-59 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Insta

CVE-2025-32722 [MEDIUM] CWE-284 Windows Storage Port Driver Information Disclosure Vulnerability Windows Storage Port Driver Information Disclosure Vulnerability Description: Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of

CVE-2025-33057 [MEDIUM] CWE-476 Windows Local Security Authority (LSA) Denial of Service Vulnerability Windows Local Security Authority (LSA) Denial of Service Vulnerability Description: Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network. Windows Local Security Authority (LSA): Windows Local Security Authority (LSA) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Public

CVE-2025-3052 [HIGH] CWE-822 Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass Description: Untrusted pointer dereference in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Why is this CERT/CC CVE included in the S

CVE-2025-47160 [MEDIUM] CWE-693 Windows Shortcut Files Security Feature Bypass Vulnerability Windows Shortcut Files Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), but could lead to some loss of integrity (I:L) and availability (A:L). What do

CVE-2025-32715 [MEDIUM] CWE-125 Remote Desktop Protocol Client Information Disclosure Vulnerability Remote Desktop Protocol Client Information Disclosure Vulnerability Description: Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According t

CVE-2025-29833 [HIGH] CWE-367 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authorized a

CVE-2025-29962 [HIGH] CWE-122 Windows Media Remote Code Execution Vulnerability Windows Media Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could exe

CVE-2025-24063 [HIGH] CWE-122 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the C

CVE-2025-32701 [HIGH] CWE-416 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-32706 [HIGH] CWE-20 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM pri