Msrc Windows Server 2019 vulnerabilities

CVE-2025-29832 [MEDIUM] CWE-125 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could po

CVE-2025-29956 [MEDIUM] CWE-126 Windows SMB Information Disclosure Vulnerability Windows SMB Information Disclosure Vulnerability Description: Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? The attack requires to trick a user to open an SMB share folder that is hosted on the attacker-cont

CVE-2025-29958 [MEDIUM] CWE-908 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerabili

CVE-2025-29957 [MEDIUM] CWE-400 Windows Deployment Services Denial of Service Vulnerability Windows Deployment Services Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. Windows Deployment Services: Windows Deployment Services Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Releas

CVE-2025-29835 [MEDIUM] CWE-125 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read p

CVE-2025-29954 [MEDIUM] CWE-400 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful e

CVE-2025-29968 [MEDIUM] CWE-20 Active Directory Certificate Services (AD CS) Denial of Service Vulnerability Active Directory Certificate Services (AD CS) Denial of Service Vulnerability Description: Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. Active Directory Certificate Services (AD CS): Active Directory Certificate Services (AD CS) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial

CVE-2025-29959 [MEDIUM] CWE-908 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerabili

CVE-2025-29839 [MEDIUM] CWE-125 Windows Multiple UNC Provider Driver Information Disclosure Vulnerability Windows Multiple UNC Provider Driver Information Disclosure Vulnerability Description: Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What

CVE-2025-27491 [HIGH] CWE-416 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Description: Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: Are the updates for Windows 10 for x64-b

CVE-2025-27482 [HIGH] CWE-591 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability Description: Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability require

CVE-2025-26663 [HIGH] CWE-416 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Description: Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation o

CVE-2025-27481 [HIGH] CWE-121 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability Description: Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to conn

CVE-2025-21222 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and W

CVE-2025-26679 [HIGH] CWE-416 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability RPC Endpoint Mapper Service Elevation of Privilege Vulnerability Description: Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could execute code in the security context of the “NT AUTHORIT

CVE-2025-27477 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning mali

CVE-2025-26665 [HIGH] CWE-591 Windows upnphost.dll Elevation of Privilege Vulnerability Windows upnphost.dll Elevation of Privilege Vulnerability Description: Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condi

CVE-2025-21204 [HIGH] CWE-59 Windows Process Activation Elevation of Privilege Vulnerability Windows Process Activation Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows

CVE-2025-27470 [HIGH] CWE-400 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Windows Standards-Based Storage Management Service: Windows Standards-Based Storage Management Service Microsoft: Microsoft Customer Ac

CVE-2025-26668 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context