Msrc Windows Server 2022 vulnerabilities

CVE-2025-58737 [HIGH] CWE-416 Remote Desktop Protocol Remote Code Execution Vulnerability Remote Desktop Protocol Remote Code Execution Vulnerability Description: Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ: According to the CVSS metric, th

CVE-2025-55696 [HIGH] CWE-367 NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability Description: Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploit

CVE-2025-59275 [HIGH] CWE-1287 Windows Authentication Elevation of Privilege Vulnerability Windows Authentication Elevation of Privilege Vulnerability Description: Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges.

CVE-2025-55678 [HIGH] CWE-416 DirectX Graphics Kernel Elevation of Privilege Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability Description: Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack comp

CVE-2025-59502 [HIGH] CWE-400 Remote Procedure Call Denial of Service Vulnerability Remote Procedure Call Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release

CVE-2025-55340 [HIGH] CWE-287 Windows Remote Desktop Protocol Security Feature Bypass Windows Remote Desktop Protocol Security Feature Bypass Description: Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires multiple conditions to be met. The attacker

CVE-2025-55685 [HIGH] CWE-416 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Description: Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS

CVE-2025-59208 [HIGH] CWE-125 Windows MapUrlToZone Information Disclosure Vulnerability Windows MapUrlToZone Information Disclosure Vulnerability Description: Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean fo

CVE-2025-58715 [HIGH] CWE-190 Windows Speech Runtime Elevation of Privilege Vulnerability Windows Speech Runtime Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS

CVE-2025-58735 [HIGH] CWE-416 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Description: Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ: According to the

CVE-2025-59230 [HIGH] CWE-284 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Description: Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SY

CVE-2025-55331 [HIGH] CWE-416 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Description: Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ:

CVE-2025-59200 [HIGH] CWE-362 Data Sharing Service Spoofing Vulnerability Data Sharing Service Spoofing Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click a specially crafted button for the att

CVE-2025-59289 [HIGH] CWE-415 Windows Bluetooth Service Elevation of Privilege Vulnerability Windows Bluetooth Service Elevation of Privilege Vulnerability Description: Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privile

CVE-2025-55689 [HIGH] CWE-416 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Description: Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ:

CVE-2025-50175 [HIGH] CWE-416 Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability Description: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level. Windo

CVE-2025-59290 [HIGH] CWE-416 Windows Bluetooth Service Elevation of Privilege Vulnerability Windows Bluetooth Service Elevation of Privilege Vulnerability Description: Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Bluetooth Service: Windows B

CVE-2025-59205 [HIGH] CWE-362 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation o

CVE-2025-59196 [HIGH] CWE-362 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this

CVE-2025-55335 [HIGH] CWE-416 Windows NTFS Elevation of Privilege Vulnerability Windows NTFS Elevation of Privilege Vulnerability Description: Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker