Msrc Windows Server 2012 R2 vulnerabilities

CVE-2025-26670 [HIGH] CWE-416 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability Description: Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of

CVE-2025-26688 [HIGH] CWE-121 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Description: Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Are the upd

CVE-2025-27469 [HIGH] CWE-400 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9

CVE-2025-21221 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and W

CVE-2025-26652 [HIGH] CWE-400 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Windows Standards-Based Storage Management Service: Windows Standards-Based Storage Management Service Microsoft: Microsoft Customer Ac

CVE-2025-27740 [HIGH] CWE-1390 Active Directory Certificate Services Elevation of Privilege Vulnerability Active Directory Certificate Services Elevation of Privilege Vulnerability Description: Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network. FAQ: How could an attacker exploit this vulnerability? An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certifi

CVE-2025-27473 [HIGH] CWE-400 HTTP.sys Denial of Service Vulnerability HTTP.sys Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available.

CVE-2025-26687 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows

CVE-2025-26686 [HIGH] CWE-591 Windows TCP/IP Remote Code Execution Vulnerability Windows TCP/IP Remote Code Execution Vulnerability Description: Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition and also to

CVE-2025-27483 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running

CVE-2025-27732 [HIGH] CWE-591 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FA

CVE-2025-21174 [HIGH] CWE-400 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Windows Standards-Based Storage Management Service: Windows Standards-Based Storage Management Service Microsoft: Microsoft Customer Ac

CVE-2025-21205 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to conne

CVE-2025-26669 [HIGH] CWE-125 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could pote

CVE-2025-26680 [HIGH] CWE-400 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Windows Standards-Based Storage Management Service: Windows Standards-Based Storage Management Service Microsoft: Microsoft Customer Ac

CVE-2025-27479 [HIGH] CWE-410 Kerberos Key Distribution Proxy Service Denial of Service Vulnerability Kerberos Key Distribution Proxy Service Denial of Service Vulnerability Description: Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network. Windows Kerberos: Windows Kerberos Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitat

CVE-2025-27741 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running

CVE-2025-27478 [HIGH] CWE-122 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires a

CVE-2025-21191 [HIGH] CWE-367 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the securit

CVE-2025-27484 [HIGH] CWE-591 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability Description: Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vuln