Msrc Windows Server 2022 vulnerabilities

CVE-2026-20833 [MEDIUM] CWE-327 Windows Kerberos Information Disclosure Vulnerability Windows Kerberos Information Disclosure Vulnerability Description: Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally. FAQ: Are there other steps that need to be done to protect from exploitation of this vulnerability? Yes, please see How to manage Kerberos protocol changes related to CVE-2026-20833 for more information about how

CVE-2026-20862 [MEDIUM] CWE-200 Windows Management Services Information Disclosure Vulnerability Windows Management Services Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read portions of proce

CVE-2026-20936 [MEDIUM] CWE-125 Windows NDIS Information Disclosure Vulnerability Windows NDIS Information Disclosure Vulnerability Description: Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. Windows NDIS: Windows NDIS Microsoft: Microsoft Customer Action Required:

CVE-2026-20827 [MEDIUM] CWE-200 Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could

CVE-2025-64673 [HIGH] CWE-284 Windows Storage VSP Driver Elevation of Privilege Vulnerability Windows Storage VSP Driver Elevation of Privilege Vulnerability Description: Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Storvsp.sys Driver: Storvsp.sys

CVE-2025-55233 [HIGH] CWE-125 Windows Projected File System Elevation of Privilege Vulnerability Windows Projected File System Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Projected Fi

CVE-2025-59517 [HIGH] CWE-284 Windows Storage VSP Driver Elevation of Privilege Vulnerability Windows Storage VSP Driver Elevation of Privilege Vulnerability Description: Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Storage VSP Driv

CVE-2025-64658 [HIGH] CWE-362 Windows File Explorer Elevation of Privilege Vulnerability Windows File Explorer Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? For an attacker to exploit this vulnerability, the

CVE-2025-62571 [HIGH] CWE-20 Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Installer: Windows Installer Microsoft: M

CVE-2025-62456 [HIGH] CWE-122 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An authenticated attacker with access to a shared folder on a system using a Resilient File System (ReFS) volume could exploi

CVE-2025-62474 [HIGH] CWE-284 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Description: Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SY

CVE-2025-62461 [HIGH] CWE-126 Windows Projected File System Elevation of Privilege Vulnerability Windows Projected File System Elevation of Privilege Vulnerability Description: Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows

CVE-2025-62466 [HIGH] CWE-476 Windows Client-Side Caching Elevation of Privilege Vulnerability Windows Client-Side Caching Elevation of Privilege Vulnerability Description: Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Window

CVE-2025-62221 [HIGH] CWE-416 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Description: Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges

CVE-2025-62472 [HIGH] CWE-908 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Description: Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could g

CVE-2025-64680 [HIGH] CWE-122 Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: W

CVE-2025-62549 [HIGH] CWE-822 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are no

CVE-2025-62573 [HIGH] CWE-416 DirectX Graphics Kernel Elevation of Privilege Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability Description: Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could b

CVE-2025-59516 [HIGH] CWE-306 Windows Storage VSP Driver Elevation of Privilege Vulnerability Windows Storage VSP Driver Elevation of Privilege Vulnerability Description: Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Win

CVE-2025-62565 [HIGH] CWE-416 Windows File Explorer Elevation of Privilege Vulnerability Windows File Explorer Elevation of Privilege Vulnerability Description: Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, user interaction is r