Msrc Windows Server 2025 vulnerabilities

CVE-2025-62465 [MEDIUM] CWE-476 DirectX Graphics Kernel Denial of Service Vulnerability DirectX Graphics Kernel Denial of Service Vulnerability Description: Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker

CVE-2025-62468 [MEDIUM] CWE-125 Windows Defender Firewall Service Information Disclosure Vulnerability Windows Defender Firewall Service Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read portions of data segment of the module.

CVE-2025-60707 [HIGH] CWE-416 Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability Description: Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability co

CVE-2025-59505 [HIGH] CWE-415 Windows Smart Card Reader Elevation of Privilege Vulnerability Windows Smart Card Reader Elevation of Privilege Vulnerability Description: Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Smart Card: Windows Smart Card Micros

CVE-2025-60713 [HIGH] CWE-822 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability Description: Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited th

CVE-2025-60716 [HIGH] CWE-416 DirectX Graphics Kernel Elevation of Privilege Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability Description: Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could b

CVE-2025-59515 [HIGH] CWE-416 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability Windows Broadcast DVR User Service Elevation of Privilege Vulnerability Description: Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race

CVE-2025-59512 [HIGH] CWE-284 Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability Description: Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerabi

CVE-2025-60710 [HIGH] CWE-59 Host Process for Windows Tasks Elevation of Privilege Vulnerability Host Process for Windows Tasks Elevation of Privilege Vulnerability Description: Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could

CVE-2025-62215 [HIGH] CWE-362 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attac

CVE-2025-59506 [HIGH] CWE-362 DirectX Graphics Kernel Elevation of Privilege Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerabilit

CVE-2025-59511 [HIGH] CWE-73 Windows WLAN Service Elevation of Privilege Vulnerability Windows WLAN Service Elevation of Privilege Vulnerability Description: External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. Windows WLAN

CVE-2025-60717 [HIGH] CWE-416 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability Windows Broadcast DVR User Service Elevation of Privilege Vulnerability Description: Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privil

CVE-2025-59508 [HIGH] CWE-362 Windows Speech Recognition Elevation of Privilege Vulnerability Windows Speech Recognition Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability

CVE-2025-59507 [HIGH] CWE-362 Windows Speech Runtime Elevation of Privilege Vulnerability Windows Speech Runtime Elevation of Privilege Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability r

CVE-2025-59509 [MEDIUM] CWE-201 Windows Speech Recognition Information Disclosure Vulnerability Windows Speech Recognition Information Disclosure Vulnerability Description: Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is internal memor

CVE-2025-60723 [MEDIUM] CWE-362 DirectX Graphics Kernel Denial of Service Vulnerability DirectX Graphics Kernel Denial of Service Vulnerability Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful

CVE-2025-60708 [MEDIUM] CWE-822 Storvsp.sys Driver Denial of Service Vulnerability Storvsp.sys Driver Denial of Service Vulnerability Description: Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker c

CVE-2025-59510 [MEDIUM] CWE-59 Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability Description: Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. Windows Routing and Remote Access Service (RRAS): Windows Routing and Remote Access Service (RRAS) Microsoft: Microsoft

CVE-2025-60706 [MEDIUM] CWE-125 Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability Description: Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Micr