Msrc Windows Server 2022 vulnerabilities

CVE-2025-53805 [HIGH] CWE-125 HTTP.sys Denial of Service Vulnerability HTTP.sys Denial of Service Vulnerability Description: Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network. Windows Internet Information Services: Windows Internet Information Services Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unl

CVE-2025-54098 [HIGH] CWE-284 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft:

CVE-2025-54112 [HIGH] CWE-416 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Description: Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: Wh

CVE-2025-54106 [HIGH] CWE-190 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are n

CVE-2025-59220 [HIGH] CWE-362 Windows Bluetooth Service Elevation of Privilege Vulnerability Windows Bluetooth Service Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of thi

CVE-2025-54091 [HIGH] CWE-190 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Role: Windows Hyper-V: Role: Windows Hyper-V Micr

CVE-2025-55224 [HIGH] CWE-362 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack coul

CVE-2025-54895 [HIGH] CWE-190 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited

CVE-2025-53802 [HIGH] CWE-416 Windows Bluetooth Service Elevation of Privilege Vulnerability Windows Bluetooth Service Elevation of Privilege Vulnerability Description: Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, t

CVE-2025-53807 [HIGH] CWE-362 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this

CVE-2025-54102 [HIGH] CWE-416 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Description: Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTE

CVE-2025-54919 [HIGH] CWE-362 Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerab

CVE-2025-54114 [HIGH] CWE-362 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for

CVE-2025-54911 [HIGH] CWE-416 Windows BitLocker Elevation of Privilege Vulnerability Windows BitLocker Elevation of Privilege Vulnerability Description: Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, user interaction is requi

CVE-2025-54099 [HIGH] CWE-121 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Description: Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vu

CVE-2025-54110 [HIGH] CWE-190 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, a successful explo

CVE-2025-54913 [HIGH] CWE-362 Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An att

CVE-2025-54912 [HIGH] CWE-416 Windows BitLocker Elevation of Privilege Vulnerability Windows BitLocker Elevation of Privilege Vulnerability Description: Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Windows BitLocker: Windows BitLocker Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catal

CVE-2025-53800 [HIGH] CWE-1419 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Comp

CVE-2025-54115 [HIGH] CWE-362 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM pr