Msrc Windows Server 2012 R2 vulnerabilities

CVE-2025-21318 [MEDIUM] CWE-532 Windows Kernel Memory Information Disclosure Vulnerability Windows Kernel Memory Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. Windows Kernel Memory: Windows Kernel Memory Micr

CVE-2025-21341 [MEDIUM] CWE-125 Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited th

CVE-2025-21312 [LOW] CWE-908 Windows Smart Card Reader Information Disclosure Vulnerability Windows Smart Card Reader Information Disclosure Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidenti

CVE-2024-49112 [CRITICAL] CWE-190 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability FAQ: What actions do customers need to perform to be protected against this vulnerability? This vulnerability affects both LDAP clients and servers running an affected version of Windows listed in the Security Updates table. Customers must apply the latest security update for their Wind

CVE-2024-49128 [HIGH] CWE-591 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability Description: Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Des

CVE-2024-49079 [HIGH] CWE-416 Input Method Editor (IME) Remote Code Execution Vulnerability Input Method Editor (IME) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an

CVE-2024-49118 [HIGH] CWE-416 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition during the execution of a specific operation that recurs in a low frequency on the target system. This might require an att

CVE-2024-49090 [HIGH] CWE-822 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Customer Action Required: Yes

CVE-2024-49086 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain c

CVE-2024-49096 [HIGH] CWE-400 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048661 Reference: https://

CVE-2024-49080 [HIGH] CWE-122 Windows IP Routing Management Snapin Remote Code Execution Vulnerability Windows IP Routing Management Snapin Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulne

CVE-2024-49122 [HIGH] CWE-416 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to send a spe

CVE-2024-49126 [HIGH] CWE-416 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: According to the CVSS metric, the attack vector is network (AV:N

CVE-2024-49102 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. FAQ: Accordi

CVE-2024-49088 [HIGH] CWE-126 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Customer Action Required: Yes

CVE-2024-49124 [HIGH] CWE-362 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker

CVE-2024-49121 [HIGH] CWE-476 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Windows LDAP - Lightweight Directory Access Protocol: Windows LDAP - Lightweight Directory Access Protocol Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Re

CVE-2024-49105 [HIGH] CWE-284 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could exploit the vulnerability by triggering remote code execution (RCE) on the server via a Remote Desktop connection. Alternatively, an authenticated attacker could trigger guest-to-host RCE via a malicious program by connecting to the host using MMC. FAQ: According t

CVE-2024-49072 [HIGH] CWE-122 Windows Task Scheduler Elevation of Privilege Vulnerability Windows Task Scheduler Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Task Scheduler: Windows Task Scheduler Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Dis

CVE-2024-49129 [HIGH] CWE-400 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability FAQ: How could an attacker exploit the vulnerability? An unauthenticated attacker could exploit the vulnerability by connecting to a Remote Desktop server and then sending a malicious http request to the server. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vu