Msrc Windows Server 2012 R2 vulnerabilities

CVE-2025-49660 [HIGH] CWE-416 Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Description: Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Event Tracing: Windows Event Tracing Mi

CVE-2025-49716 [HIGH] CWE-400 Windows Netlogon Denial of Service Vulnerability Windows Netlogon Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts throug

CVE-2025-49729 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request

CVE-2025-47971 [HIGH] CWE-126 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Description: Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability? An attacker can trick a local user on a vulnerable system int

CVE-2025-48815 [HIGH] CWE-843 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who

CVE-2025-49683 [HIGH] CWE-190 Microsoft Virtual Hard Disk Remote Code Execution Vulnerability Microsoft Virtual Hard Disk Remote Code Execution Vulnerability Description: Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability? An attacker can trick a local user on a vulnerable syst

CVE-2025-47976 [HIGH] CWE-416 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Description: Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability coul

CVE-2025-49676 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-49673 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-49663 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-47985 [HIGH] CWE-822 Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Description: Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Event Tracing: Windows Ev

CVE-2025-49657 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-49727 [HIGH] CWE-122 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K - GRFX: Windows Win32K - GRFX Microsoft: Microsoft

CVE-2025-49675 [HIGH] CWE-416 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Description: Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM p

CVE-2025-47986 [HIGH] CWE-416 Universal Print Management Service Elevation of Privilege Vulnerability Universal Print Management Service Elevation of Privilege Vulnerability Description: Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a contained execution e

CVE-2025-49730 [HIGH] CWE-367 Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability

CVE-2025-49732 [HIGH] CWE-122 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to t

CVE-2025-49688 [HIGH] CWE-415 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What do

CVE-2025-49659 [HIGH] CWE-126 Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability Description: Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could g

CVE-2025-48808 [MEDIUM] CWE-200 Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of ker