Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2025-53724 [HIGH] CWE-843 Windows Push Notifications Apps Elevation of Privilege Vulnerability Windows Push Notifications Apps Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges fro

CVE-2025-53789 [HIGH] CWE-306 Windows StateRepository API Server file Elevation of Privilege Vulnerability Windows StateRepository API Server file Elevation of Privilege Vulnerability Description: Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the

CVE-2025-50170 [HIGH] CWE-280 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Description: Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited th

CVE-2025-50155 [HIGH] CWE-843 Windows Push Notifications Apps Elevation of Privilege Vulnerability Windows Push Notifications Apps Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could e

CVE-2025-53131 [HIGH] CWE-122 Windows Media Remote Code Execution Vulnerability Windows Media Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a user to open a specially crafted file from the attacker

CVE-2025-49761 [HIGH] CWE-416 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action

CVE-2025-50163 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-50176 [HIGH] CWE-843 DirectX Graphics Kernel Remote Code Execution Vulnerability DirectX Graphics Kernel Remote Code Execution Vulnerability Description: Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the

CVE-2025-53142 [HIGH] CWE-416 Microsoft Brokering File System Elevation of Privilege Vulnerability Microsoft Brokering File System Elevation of Privilege Vulnerability Description: Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race conditio

CVE-2025-53726 [HIGH] CWE-843 Windows Push Notifications Apps Elevation of Privilege Vulnerability Windows Push Notifications Apps Elevation of Privilege Vulnerability Description: Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges fro

CVE-2025-53720 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An attacker authenticated on the domain could exploit this vulnerability by tricking a do

CVE-2025-50160 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to

CVE-2025-50167 [HIGH] CWE-362 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM pr

CVE-2025-53721 [HIGH] CWE-416 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Description: Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires a

CVE-2025-53716 [MEDIUM] CWE-476 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Description: Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network. Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security Authority Subsystem Service (LSASS) Mi

CVE-2025-48807 [MEDIUM] CWE-923 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Description: Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? A race condition is triggered when the admin begins administering from the host system and

CVE-2025-50157 [MEDIUM] CWE-908 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges requi

CVE-2025-53719 [MEDIUM] CWE-908 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability

CVE-2025-55229 [MEDIUM] CWE-347 Windows Certificate Spoofing Vulnerability Windows Certificate Spoofing Vulnerability Description: Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vul

CVE-2025-53138 [MEDIUM] CWE-908 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges requi