Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2025-26648 [HIGH] CWE-591 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10

CVE-2025-27490 [HIGH] CWE-122 Windows Bluetooth Service Elevation of Privilege Vulnerability Windows Bluetooth Service Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could create or delete files in the security context of

CVE-2025-27476 [HIGH] CWE-416 Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability Description: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Digital Media: Windows Digital Media Mi

CVE-2025-27492 [HIGH] CWE-362 Windows Secure Channel Elevation of Privilege Vulnerability Windows Secure Channel Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnera

CVE-2025-27738 [MEDIUM] CWE-284 Windows Resilient File System (ReFS) Information Disclosure Vulnerability Windows Resilient File System (ReFS) Information Disclosure Vulnerability Description: Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerab

CVE-2025-26667 [MEDIUM] CWE-200 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successful

CVE-2025-26681 [MEDIUM] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker wh

CVE-2025-26676 [MEDIUM] CWE-126 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could pote

CVE-2025-27736 [MEDIUM] CWE-200 Windows Power Dependency Coordinator Information Disclosure Vulnerability Windows Power Dependency Coordinator Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain mem

CVE-2025-26637 [MEDIUM] CWE-693 Windows BitLocker Security Feature Bypass Vulnerability Windows BitLocker Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available? Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems

CVE-2025-26635 [MEDIUM] CWE-1390 Windows Hello Security Feature Bypass Vulnerability Windows Hello Security Feature Bypass Vulnerability Description: Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the Windows Hello security feature. Where can I find more informa

CVE-2025-27474 [MEDIUM] CWE-908 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerabili

CVE-2025-26651 [MEDIUM] CWE-749 Windows Local Session Manager (LSM) Denial of Service Vulnerability Windows Local Session Manager (LSM) Denial of Service Vulnerability Description: Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. Windows Local Session Manager (LSM): Windows Local Session Manager (LSM) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly

CVE-2025-26664 [MEDIUM] CWE-126 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could pote

CVE-2025-27735 [MEDIUM] CWE-345 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability Description: Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who suc

CVE-2025-21203 [MEDIUM] CWE-126 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This attack requires an

CVE-2025-24050 [HIGH] CWE-122 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain Kernel Memory Access. Role: Windows Hyper-V: Role: Windows Hyper-V

CVE-2025-26634 [HIGH] CWE-122 Windows Core Messaging Elevation of Privileges Vulnerability Windows Core Messaging Elevation of Privileges Vulnerability Description: Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specif

CVE-2025-24067 [HIGH] CWE-122 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft

CVE-2025-24048 [HIGH] CWE-122 Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain Kernel Memory Access. Role: Windows Hyper-V: Role: Windows Hyper-V