Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2025-58727 [HIGH] CWE-362 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for

CVE-2025-55331 [HIGH] CWE-416 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Description: Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ:

CVE-2025-59200 [HIGH] CWE-362 Data Sharing Service Spoofing Vulnerability Data Sharing Service Spoofing Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click a specially crafted button for the att

CVE-2025-59289 [HIGH] CWE-415 Windows Bluetooth Service Elevation of Privilege Vulnerability Windows Bluetooth Service Elevation of Privilege Vulnerability Description: Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privile

CVE-2025-55689 [HIGH] CWE-416 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Description: Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ:

CVE-2025-58728 [HIGH] CWE-416 Windows Bluetooth Service Elevation of Privilege Vulnerability Windows Bluetooth Service Elevation of Privilege Vulnerability Description: Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Bluetooth Service: Windows B

CVE-2025-50175 [HIGH] CWE-416 Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability Description: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level. Windo

CVE-2025-59290 [HIGH] CWE-416 Windows Bluetooth Service Elevation of Privilege Vulnerability Windows Bluetooth Service Elevation of Privilege Vulnerability Description: Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Bluetooth Service: Windows B

CVE-2025-55328 [HIGH] CWE-362 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM pr

CVE-2025-59199 [HIGH] CWE-284 Software Protection Platform (SPP) Elevation of Privilege Vulnerability Software Protection Platform (SPP) Elevation of Privilege Vulnerability Description: Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could elevate from a low integr

CVE-2025-59192 [HIGH] CWE-126 Storport.sys Driver Elevation of Privilege Vulnerability Storport.sys Driver Elevation of Privilege Vulnerability Description: Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Storport.sys Driver: Storport.sys Driver Microsoft:

CVE-2025-55326 [HIGH] CWE-416 Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability Description: Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vuln

CVE-2025-59261 [HIGH] CWE-367 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker

CVE-2025-58720 [HIGH] CWE-1240 Windows Cryptographic Services Information Disclosure Vulnerability Windows Cryptographic Services Information Disclosure Vulnerability Description: Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited th

CVE-2025-58734 [HIGH] CWE-416 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Description: Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ: According to the

CVE-2025-55686 [HIGH] CWE-416 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Description: Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS

CVE-2025-59194 [HIGH] CWE-908 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be ga

CVE-2025-58716 [HIGH] CWE-20 Windows Speech Runtime Elevation of Privilege Vulnerability Windows Speech Runtime Elevation of Privilege Vulnerability Description: Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric

CVE-2025-59260 [MEDIUM] CWE-200 Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure

CVE-2025-55338 [MEDIUM] CWE-1310 Windows BitLocker Security Feature Bypass Vulnerability Windows BitLocker Security Feature Bypass Vulnerability Description: Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system storage dev