Msrc Windows Server 2025 vulnerabilities

CVE-2025-32710 [HIGH] CWE-416 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability Description: Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race conditi

CVE-2025-32721 [HIGH] CWE-59 Windows Recovery Driver Elevation of Privilege Vulnerability Windows Recovery Driver Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator pr

CVE-2025-24069 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-33060 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-32719 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-24068 [MEDIUM] CWE-126 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Win

CVE-2025-33055 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-33069 [MEDIUM] CWE-347 Windows App Control for Business Security Feature Bypass Vulnerability Windows App Control for Business Security Feature Bypass Vulnerability Description: Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker can spoof the signature to get it to bypass A

CVE-2025-24065 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an out

CVE-2025-32722 [MEDIUM] CWE-284 Windows Storage Port Driver Information Disclosure Vulnerability Windows Storage Port Driver Information Disclosure Vulnerability Description: Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of

CVE-2025-33058 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-33052 [MEDIUM] CWE-908 Windows DWM Core Library Information Disclosure Vulnerability Windows DWM Core Library Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized stack memory.

CVE-2025-33063 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-3052 [HIGH] CWE-822 Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass Description: Untrusted pointer dereference in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Why is this CERT/CC CVE included in the S

CVE-2025-32720 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-33061 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-33065 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-33059 [MEDIUM] CWE-125 Windows Storage Management Provider Information Disclosure Vulnerability Windows Storage Management Provider Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. W

CVE-2025-47969 [MEDIUM] CWE-200 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully expl

CVE-2025-47160 [MEDIUM] CWE-693 Windows Shortcut Files Security Feature Bypass Vulnerability Windows Shortcut Files Security Feature Bypass Vulnerability Description: Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), but could lead to some loss of integrity (I:L) and availability (A:L). What do