Msrc Windows Server 2019 vulnerabilities

CVE-2025-49674 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-49726 [HIGH] CWE-416 Windows Notification Elevation of Privilege Vulnerability Windows Notification Elevation of Privilege Vulnerability Description: Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-

CVE-2025-47975 [HIGH] CWE-415 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Description: Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability r

CVE-2025-49660 [HIGH] CWE-416 Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Description: Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Event Tracing: Windows Event Tracing Mi

CVE-2025-48822 [HIGH] CWE-125 Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability Description: Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources b

CVE-2025-49716 [HIGH] CWE-400 Windows Netlogon Denial of Service Vulnerability Windows Netlogon Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts throug

CVE-2025-49729 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request

CVE-2025-47971 [HIGH] CWE-126 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Description: Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability? An attacker can trick a local user on a vulnerable system int

CVE-2025-48815 [HIGH] CWE-843 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who

CVE-2025-49725 [HIGH] CWE-416 Windows Notification Elevation of Privilege Vulnerability Windows Notification Elevation of Privilege Vulnerability Description: Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-

CVE-2025-49683 [HIGH] CWE-190 Microsoft Virtual Hard Disk Remote Code Execution Vulnerability Microsoft Virtual Hard Disk Remote Code Execution Vulnerability Description: Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability? An attacker can trick a local user on a vulnerable syst

CVE-2025-47976 [HIGH] CWE-416 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Description: Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability coul

CVE-2025-49676 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-49673 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-49663 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-47991 [HIGH] CWE-416 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Description: Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race

CVE-2025-47985 [HIGH] CWE-822 Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Description: Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Event Tracing: Windows Ev

CVE-2025-49657 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-49727 [HIGH] CWE-122 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K - GRFX: Windows Win32K - GRFX Microsoft: Microsoft

CVE-2025-49685 [HIGH] CWE-416 Windows Search Service Elevation of Privilege Vulnerability Windows Search Service Elevation of Privilege Vulnerability Description: Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the