Msrc Windows Server 2022 vulnerabilities

CVE-2025-29829 [MEDIUM] CWE-908 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory conten

CVE-2025-29837 [MEDIUM] CWE-59 Windows Installer Information Disclosure Vulnerability Windows Installer Information Disclosure Vulnerability Description: Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of K

CVE-2025-29836 [MEDIUM] CWE-125 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for th

CVE-2025-29961 [MEDIUM] CWE-125 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack

CVE-2025-30394 [MEDIUM] CWE-591 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Description: Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vul

CVE-2025-29830 [MEDIUM] CWE-908 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerabili

CVE-2025-29832 [MEDIUM] CWE-125 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could po

CVE-2025-29956 [MEDIUM] CWE-126 Windows SMB Information Disclosure Vulnerability Windows SMB Information Disclosure Vulnerability Description: Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? The attack requires to trick a user to open an SMB share folder that is hosted on the attacker-cont

CVE-2025-29958 [MEDIUM] CWE-908 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerabili

CVE-2025-29957 [MEDIUM] CWE-400 Windows Deployment Services Denial of Service Vulnerability Windows Deployment Services Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. Windows Deployment Services: Windows Deployment Services Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Releas

CVE-2025-29835 [MEDIUM] CWE-125 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read p

CVE-2025-29954 [MEDIUM] CWE-400 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful e

CVE-2025-29968 [MEDIUM] CWE-20 Active Directory Certificate Services (AD CS) Denial of Service Vulnerability Active Directory Certificate Services (AD CS) Denial of Service Vulnerability Description: Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. Active Directory Certificate Services (AD CS): Active Directory Certificate Services (AD CS) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial

CVE-2025-29959 [MEDIUM] CWE-908 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerabili

CVE-2025-29839 [MEDIUM] CWE-125 Windows Multiple UNC Provider Driver Information Disclosure Vulnerability Windows Multiple UNC Provider Driver Information Disclosure Vulnerability Description: Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What

CVE-2025-27491 [HIGH] CWE-416 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Description: Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: Are the updates for Windows 10 for x64-b

CVE-2025-27482 [HIGH] CWE-591 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability Description: Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability require

CVE-2025-26663 [HIGH] CWE-416 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Description: Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation o

CVE-2025-27481 [HIGH] CWE-121 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability Description: Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to conn

CVE-2025-21222 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and W