Msrc Windows Server 2012 R2 vulnerabilities

CVE-2025-58717 [MEDIUM] CWE-125 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could po

CVE-2025-59198 [MEDIUM] CWE-20 Windows Search Service Denial of Service Vulnerability Windows Search Service Denial of Service Vulnerability Description: Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? The vulnerability can be exploited by a regular user without admin righ

CVE-2025-59188 [MEDIUM] CWE-200 Microsoft Failover Cluster Information Disclosure Vulnerability Microsoft Failover Cluster Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space.

CVE-2025-59280 [LOW] CWE-287 Windows SMB Client Tampering Vulnerability Windows SMB Client Tampering Vulnerability Description: Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. FAQ: According to the CVSS

CVE-2025-54918 [HIGH] CWE-287 Windows NTLM Elevation of Privilege Vulnerability Windows NTLM Elevation of Privilege Vulnerability Description: Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack vector is net

CVE-2025-55234 [HIGH] CWE-287 Windows SMB Elevation of Privilege Vulnerability Windows SMB Elevation of Privilege Vulnerability Description: SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protec

CVE-2025-54916 [HIGH] CWE-121 Windows NTFS Remote Code Execution Vulnerability Windows NTFS Remote Code Execution Vulnerability Description: Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: According to the CVSS

CVE-2025-54093 [HIGH] CWE-367 Windows TCP/IP Driver Elevation of Privilege Vulnerability Windows TCP/IP Driver Elevation of Privilege Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to th

CVE-2025-54894 [HIGH] CWE-122 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Local Security Authority Subsystem Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security Authority Subsystem Service (LSASS) M

CVE-2025-54098 [HIGH] CWE-284 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft:

CVE-2025-54106 [HIGH] CWE-190 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are n

CVE-2025-54091 [HIGH] CWE-190 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Role: Windows Hyper-V: Role: Windows Hyper-V Micr

CVE-2025-54895 [HIGH] CWE-190 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited

CVE-2025-54911 [HIGH] CWE-416 Windows BitLocker Elevation of Privilege Vulnerability Windows BitLocker Elevation of Privilege Vulnerability Description: Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, user interaction is requi

CVE-2025-54099 [HIGH] CWE-121 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vu

CVE-2025-54110 [HIGH] CWE-190 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, a successful explo

CVE-2025-54912 [HIGH] CWE-416 Windows BitLocker Elevation of Privilege Vulnerability Windows BitLocker Elevation of Privilege Vulnerability Description: Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Windows BitLocker: Windows BitLocker Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catal

CVE-2025-54113 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-53798 [MEDIUM] CWE-126 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are non

CVE-2025-53803 [MEDIUM] CWE-209 Windows Kernel Memory Information Disclosure Vulnerability Windows Kernel Memory Information Disclosure Vulnerability Description: Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact