Msrc Windows Server 2022 vulnerabilities

CVE-2025-47972 [HIGH] CWE-362 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerabilit

CVE-2025-48820 [HIGH] CWE-59 Windows AppX Deployment Service Elevation of Privilege Vulnerability Windows AppX Deployment Service Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An authenticated attacker would be able to delete targeted f

CVE-2025-48814 [HIGH] CWE-306 Remote Desktop Licensing Service Security Feature Bypass Vulnerability Remote Desktop Licensing Service Security Feature Bypass Vulnerability Description: Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network. FAQ: What security feature is being bypassed? An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerabilit

CVE-2025-49690 [HIGH] CWE-362 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does th

CVE-2025-49674 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-49726 [HIGH] CWE-416 Windows Notification Elevation of Privilege Vulnerability Windows Notification Elevation of Privilege Vulnerability Description: Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-

CVE-2025-47975 [HIGH] CWE-415 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Description: Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability r

CVE-2025-49660 [HIGH] CWE-416 Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Description: Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Event Tracing: Windows Event Tracing Mi

CVE-2025-48822 [HIGH] CWE-125 Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability Description: Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources b

CVE-2025-49716 [HIGH] CWE-400 Windows Netlogon Denial of Service Vulnerability Windows Netlogon Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts throug

CVE-2025-49729 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request

CVE-2025-47971 [HIGH] CWE-126 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Description: Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability? An attacker can trick a local user on a vulnerable system int

CVE-2025-48815 [HIGH] CWE-843 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who

CVE-2025-49725 [HIGH] CWE-416 Windows Notification Elevation of Privilege Vulnerability Windows Notification Elevation of Privilege Vulnerability Description: Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-

CVE-2025-49683 [HIGH] CWE-190 Microsoft Virtual Hard Disk Remote Code Execution Vulnerability Microsoft Virtual Hard Disk Remote Code Execution Vulnerability Description: Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability? An attacker can trick a local user on a vulnerable syst

CVE-2025-47976 [HIGH] CWE-416 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Description: Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability coul

CVE-2025-49676 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-49673 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-49663 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-47991 [HIGH] CWE-416 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Description: Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race