Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2025-59255 [HIGH] CWE-122 Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: W

CVE-2025-55692 [HIGH] CWE-20 Windows Error Reporting Service Elevation of Privilege Vulnerability Windows Error Reporting Service Elevation of Privilege Vulnerability Description: Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Windows Er

CVE-2025-58722 [HIGH] CWE-122 Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM: Windows DWM Microsoft:

CVE-2025-58738 [HIGH] CWE-416 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Description: Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ: According to the

CVE-2025-50152 [HIGH] CWE-125 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Ac

CVE-2025-59207 [HIGH] CWE-822 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft

CVE-2025-59195 [HIGH] CWE-362 Windows Graphics Component Denial of Service Vulnerability Windows Graphics Component Denial of Service Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerabi

CVE-2025-59191 [HIGH] CWE-122 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability cou

CVE-2025-59254 [HIGH] CWE-122 Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Librar

CVE-2025-58731 [HIGH] CWE-416 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Description: Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: Accordi

CVE-2025-59202 [HIGH] CWE-416 Windows Remote Desktop Services Elevation of Privilege Vulnerability Windows Remote Desktop Services Elevation of Privilege Vulnerability Description: Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. FAQ: Accordi

CVE-2025-54957 [CRITICAL] CWE-502 MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder Description: Deserialization of untrusted data in Microsoft Windows Codecs Library allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and c

CVE-2025-58737 [HIGH] CWE-416 Remote Desktop Protocol Remote Code Execution Vulnerability Remote Desktop Protocol Remote Code Execution Vulnerability Description: Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ: According to the CVSS metric, th

CVE-2025-55696 [HIGH] CWE-367 NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability Description: Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploit

CVE-2025-55694 [HIGH] CWE-284 Windows Error Reporting Service Elevation of Privilege Vulnerability Windows Error Reporting Service Elevation of Privilege Vulnerability Description: Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Windows Err

CVE-2025-59502 [HIGH] CWE-400 Remote Procedure Call Denial of Service Vulnerability Remote Procedure Call Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. Windows Remote Procedure Call: Windows Remote Procedure Call Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release

CVE-2025-55340 [HIGH] CWE-287 Windows Remote Desktop Protocol Security Feature Bypass Windows Remote Desktop Protocol Security Feature Bypass Description: Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires multiple conditions to be met. The attacker

CVE-2025-55685 [HIGH] CWE-416 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Description: Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS

CVE-2025-58715 [HIGH] CWE-190 Windows Speech Runtime Elevation of Privilege Vulnerability Windows Speech Runtime Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS

CVE-2025-53150 [HIGH] CWE-416 Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability Description: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level. Windo