Msrc Windows Server 2022 23H2 Edition vulnerabilities

CVE-2025-62573 [HIGH] CWE-416 DirectX Graphics Kernel Elevation of Privilege Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability Description: Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could b

CVE-2025-59516 [HIGH] CWE-306 Windows Storage VSP Driver Elevation of Privilege Vulnerability Windows Storage VSP Driver Elevation of Privilege Vulnerability Description: Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Win

CVE-2025-62565 [HIGH] CWE-416 Windows File Explorer Elevation of Privilege Vulnerability Windows File Explorer Elevation of Privilege Vulnerability Description: Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, user interaction is r

CVE-2025-62470 [HIGH] CWE-122 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM p

CVE-2025-62464 [HIGH] CWE-126 Windows Projected File System Elevation of Privilege Vulnerability Windows Projected File System Elevation of Privilege Vulnerability Description: Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Projected File

CVE-2025-64679 [HIGH] CWE-122 Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows DWM Core Library: W

CVE-2025-64661 [HIGH] CWE-362 Windows Shell Elevation of Privilege Vulnerability Windows Shell Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker

CVE-2025-62467 [HIGH] CWE-190 Windows Projected File System Elevation of Privilege Vulnerability Windows Projected File System Elevation of Privilege Vulnerability Description: Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows

CVE-2025-64678 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An attacker authenticated on the domain could exploit this vulnerability by tricking a

CVE-2025-62457 [HIGH] CWE-125 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privil

CVE-2025-62462 [HIGH] CWE-126 Windows Projected File System Elevation of Privilege Vulnerability Windows Projected File System Elevation of Privilege Vulnerability Description: Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Projected File

CVE-2025-54100 [HIGH] CWE-77 PowerShell Remote Code Execution Vulnerability PowerShell Remote Code Execution Vulnerability Description: Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally. FAQ: Is there more information I need to know after I install the Security Updates to address this vulnerability? After you install the updates, when you use the Invoke-WebRequest command you will se

CVE-2025-62454 [HIGH] CWE-122 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTE

CVE-2025-62473 [MEDIUM] CWE-126 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Description: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could pote

CVE-2025-62463 [MEDIUM] CWE-476 DirectX Graphics Kernel Denial of Service Vulnerability DirectX Graphics Kernel Denial of Service Vulnerability Description: Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker

CVE-2025-62567 [MEDIUM] CWE-191 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Description: Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and

CVE-2025-64670 [MEDIUM] CWE-200 Windows DirectX Information Disclosure Vulnerability Windows DirectX Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing th

CVE-2025-62465 [MEDIUM] CWE-476 DirectX Graphics Kernel Denial of Service Vulnerability DirectX Graphics Kernel Denial of Service Vulnerability Description: Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker

CVE-2025-62468 [MEDIUM] CWE-125 Windows Defender Firewall Service Information Disclosure Vulnerability Windows Defender Firewall Service Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read portions of data segment of the module.

CVE-2025-60707 [HIGH] CWE-416 Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability Description: Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability co