Msrc Windows Server 2012 R2 vulnerabilities

CVE-2025-27480 [HIGH] CWE-416 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability Description: Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the rac

CVE-2025-26648 [HIGH] CWE-591 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10

CVE-2025-27737 [HIGH] CWE-20 Windows Security Zone Mapping Security Feature Bypass Vulnerability Windows Security Zone Mapping Security Feature Bypass Vulnerability Description: Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally. FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed

CVE-2025-27727 [HIGH] CWE-59 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Sys

CVE-2025-27485 [HIGH] CWE-400 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Windows Standards-Based Storage Management Service: Windows Standards-Based Storage Management Service Microsoft: Microsoft Customer Ac

CVE-2025-27486 [HIGH] CWE-400 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Windows Standards-Based Storage Management Service: Windows Standards-Based Storage Management Service Microsoft: Microsoft Customer Ac

CVE-2025-27487 [HIGH] CWE-122 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires a user to remote into a server that is controlled by an attacker,

CVE-2025-27733 [HIGH] CWE-125 NTFS Elevation of Privilege Vulnerability NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running

CVE-2025-27738 [MEDIUM] CWE-284 Windows Resilient File System (ReFS) Information Disclosure Vulnerability Windows Resilient File System (ReFS) Information Disclosure Vulnerability Description: Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerab

CVE-2025-26667 [MEDIUM] CWE-200 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successful

CVE-2025-27471 [MEDIUM] CWE-591 Microsoft Streaming Service Denial of Service Vulnerability Microsoft Streaming Service Denial of Service Vulnerability Description: Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for

CVE-2025-26676 [MEDIUM] CWE-126 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could pote

CVE-2025-27472 [MEDIUM] CWE-693 Windows Mark of the Web Security Feature Bypass Vulnerability Windows Mark of the Web Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for thi

CVE-2025-26637 [MEDIUM] CWE-693 Windows BitLocker Security Feature Bypass Vulnerability Windows BitLocker Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems

CVE-2025-26672 [MEDIUM] CWE-126 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, t

CVE-2025-21197 [MEDIUM] CWE-284 Windows NTFS Information Disclosure Vulnerability Windows NTFS Information Disclosure Vulnerability Description: Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerabili

CVE-2025-27474 [MEDIUM] CWE-908 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerabili

CVE-2025-27742 [MEDIUM] CWE-125 NTFS Information Disclosure Vulnerability NTFS Information Disclosure Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. FAQ: Are the updates for Windows 10 for x64-based Systems and Win

CVE-2025-26664 [MEDIUM] CWE-126 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could pote

CVE-2025-21203 [MEDIUM] CWE-126 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This attack requires an