Msrc Windows Server 2025 vulnerabilities

CVE-2024-43451 [MEDIUM] CWE-73 NTLM Hash Disclosure Spoofing Vulnerability NTLM Hash Disclosure Spoofing Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability? This vulnerability discloses a user's NTLMv2 hash to the attacker who could use this to authenticate as the user. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction

CVE-2024-43646 [MEDIUM] CWE-822 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Windows Secure Kernel Mode Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Secure Kernel Mode: Windows Secure Kernel Mode Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit St

CVE-2024-30098 [HIGH] CWE-327 Windows Cryptographic Services Security Feature Bypass Vulnerability Windows Cryptographic Services Security Feature Bypass Vulnerability FAQ: Are there any further actions I need to take to be protected from this vulnerability? Yes. The Windows Smart Card infrastructure relies on the Cryptographic Service Provider (CSP) and Key Storage Provider (KSP) to isolate cryptographic operations from the Smart Card implementation. The KSP is part of the Crypto Next Generati

CVE-2021-45985 [HIGH] CWE-1395 Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2021-45985 Description: This CVE was assigned by Mitre. Some Microsoft products consume Lau open-source software. The purpose of this document is to attest to the fact that the products listed in the Security Updates table hav