Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2025-29840 [HIGH] CWE-121 Windows Media Remote Code Execution Vulnerability Windows Media Remote Code Execution Vulnerability Description: Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a user to open a specially crafted file from the attacke

CVE-2025-29831 [HIGH] CWE-416 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability Description: Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the rac

CVE-2025-27468 [HIGH] CWE-269 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Description: Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race conditio

CVE-2025-29970 [HIGH] CWE-416 Microsoft Brokering File System Elevation of Privilege Vulnerability Microsoft Brokering File System Elevation of Privilege Vulnerability Description: Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Brokerin

CVE-2025-26677 [HIGH] CWE-400 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Description: Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. Remote Desktop Gateway Service: Remote Desktop Gateway Service Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Di

CVE-2025-29963 [HIGH] CWE-122 Windows Media Remote Code Execution Vulnerability Windows Media Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a user to open a specially crafted file from the attacker

CVE-2025-30400 [HIGH] CWE-416 Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability Description: Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM: Windows DWM Microsoft: Microsoft

CVE-2025-29842 [HIGH] CWE-349 UrlMon Security Feature Bypass Vulnerability UrlMon Security Feature Bypass Vulnerability Description: Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: What ki

CVE-2025-29829 [MEDIUM] CWE-908 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory conten

CVE-2025-30394 [MEDIUM] CWE-591 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Description: Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vul

CVE-2025-29835 [MEDIUM] CWE-125 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read p

CVE-2025-29954 [MEDIUM] CWE-400 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful e

CVE-2025-29968 [MEDIUM] CWE-20 Active Directory Certificate Services (AD CS) Denial of Service Vulnerability Active Directory Certificate Services (AD CS) Denial of Service Vulnerability Description: Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. Active Directory Certificate Services (AD CS): Active Directory Certificate Services (AD CS) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial

CVE-2025-29955 [MEDIUM] CWE-20 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Description: Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely Reference: https://catalog.updat

CVE-2025-27491 [HIGH] CWE-416 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Description: Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: Are the updates for Windows 10 for x64-b

CVE-2025-27482 [HIGH] CWE-591 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability Description: Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability require

CVE-2025-26639 [HIGH] CWE-190 Windows USB Print Driver Elevation of Privilege Vulnerability Windows USB Print Driver Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows USB Print Drive

CVE-2025-26675 [HIGH] CWE-125 Windows Subsystem for Linux Elevation of Privilege Vulnerability Windows Subsystem for Linux Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Subsystem for Linu

CVE-2025-24062 [HIGH] CWE-20 Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability Description: Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library:

CVE-2025-26649 [HIGH] CWE-362 Windows Secure Channel Elevation of Privilege Vulnerability Windows Secure Channel Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnera