Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2025-49676 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-49673 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-49663 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-47991 [HIGH] CWE-416 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Windows Input Method Editor (IME) Elevation of Privilege Vulnerability Description: Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race

CVE-2025-49657 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none

CVE-2025-49685 [HIGH] CWE-416 Windows Search Service Elevation of Privilege Vulnerability Windows Search Service Elevation of Privilege Vulnerability Description: Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the

CVE-2025-49733 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. Windows Win32K - ICOMP:

CVE-2025-49744 [HIGH] CWE-122 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? To successfully exploit this vulnerability, an attacker would need to gain elevated privil

CVE-2025-49688 [HIGH] CWE-415 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What do

CVE-2025-49691 [HIGH] CWE-122 Windows Miracast Wireless Display Remote Code Execution Vulnerability Windows Miracast Wireless Display Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could project to a vulnerable system on the same wireless network that was configured to allow "Projecting to this

CVE-2025-48000 [HIGH] CWE-416 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Description: Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from Medium

CVE-2025-49670 [MEDIUM] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are non

CVE-2025-48802 [MEDIUM] CWE-295 Windows SMB Server Spoofing Vulnerability Windows SMB Server Spoofing Vulnerability Description: Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network. Windows SMB: Windows SMB Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Se

CVE-2025-48803 [MEDIUM] CWE-353 Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability Description: Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited t

CVE-2025-49671 [MEDIUM] CWE-200 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successful

CVE-2025-49681 [MEDIUM] CWE-125 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are n

CVE-2024-36350 [MEDIUM] AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue Description: The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see

CVE-2025-48001 [MEDIUM] CWE-367 Windows BitLocker Security Feature Bypass Vulnerability Windows BitLocker Security Feature Bypass Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the sys

CVE-2025-49664 [MEDIUM] CWE-200 Windows User-Mode Driver Framework Host Information Disclosure Vulnerability Windows User-Mode Driver Framework Host Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of ce

CVE-2025-49684 [MEDIUM] CWE-126 Windows Storage Port Driver Information Disclosure Vulnerability Windows Storage Port Driver Information Disclosure Vulnerability Description: Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a small amount of kernel memory which co