Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Vulnerabilities

Multiple vulnerabilities in Microsoft Windows

Kaspersky ID:
KLA81545
Detect Date:
03/11/2025
Updated:
03/21/2025

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability can be exploited remotely to gain privileges.
  2. A remote code execution vulnerability in Windows exFAT File System can be exploited remotely to execute arbitrary code.
  3. Security vulnerability can be exploited to bypass security restrictions.
  4. A remote code execution vulnerability in Windows Remote Desktop Services can be exploited remotely to execute arbitrary code.
  5. An elevation of privilege vulnerability in Windows Win32 Kernel Subsystem can be exploited remotely to gain privileges.
  6. Use after free vulnerability in Microsoft Streaming Service can be exploited to cause denial of service or execute arbitrary code.
  7. Use after free vulnerability in Windows Hyper-V can be exploited to cause denial of service or execute arbitrary code.
  8. A remote code execution vulnerability can be exploited remotely to execute arbitrary code.
  9. A spoofing vulnerability in NTLM Hash Disclosure can be exploited remotely to spoof user interface.
  10. Information disclosure vulnerability in Windows USB Video Class System Driver can be exploited to obtain sensitive information.
  11. A remote code execution vulnerability in Windows Telephony Service can be exploited remotely to execute arbitrary code.
  12. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  13. A remote code execution vulnerability in Windows Domain Name Service can be exploited remotely to execute arbitrary code.
  14. A spoofing vulnerability in Microsoft Windows File Explorer can be exploited remotely to spoof user interface.
  15. An elevation of privilege vulnerability in Microsoft Local Security Authority (LSA) Server can be exploited remotely to gain privileges.
  16. Information disclosure vulnerability can be exploited to obtain sensitive information.
  17. A remote code execution vulnerability in Windows Fast FAT File System Driver can be exploited remotely to execute arbitrary code.
  18. An elevation of privilege vulnerability in Windows USB Video Class System Driver can be exploited remotely to gain privileges.
  19. An information disclosure vulnerability in Windows NTFS can be exploited remotely to obtain sensitive information.
  20. A remote code execution vulnerability in Windows NTFS can be exploited remotely to execute arbitrary code.
  21. Security vulnerability in composition area can be exploited to bypass security restrictions.
  22. A security feature bypass vulnerability in Microsoft Management Console can be exploited remotely to bypass security restrictions.
  23. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.

Original advisories

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2024-9157
    critical
  • CVE-2025-21180
    critical
  • CVE-2025-21247
    warning
  • CVE-2025-24035
    critical
  • CVE-2025-24044
    critical
  • CVE-2025-24045
    critical
  • CVE-2025-24046
    critical
  • CVE-2025-24048
    critical
  • CVE-2025-24050
    critical
  • CVE-2025-24051
    critical
  • CVE-2025-24054
    high
  • CVE-2025-24055
    warning
  • CVE-2025-24056
    critical
  • CVE-2025-24059
    critical
  • CVE-2025-24061
    critical
  • CVE-2025-24064
    critical
  • CVE-2025-24066
    critical
  • CVE-2025-24067
    critical
  • CVE-2025-24071
    critical
  • CVE-2025-24072
    critical
  • CVE-2025-24076
    high
  • CVE-2025-24084
    critical
  • CVE-2025-24983
    high
  • CVE-2025-24984
    warning
  • CVE-2025-24985
    critical
  • CVE-2025-24987
    high
  • CVE-2025-24988
    high
  • CVE-2025-24991
    high
  • CVE-2025-24992
    high
  • CVE-2025-24993
    critical
  • CVE-2025-24994
    high
  • CVE-2025-24995
    critical
  • CVE-2025-24996
    high
  • CVE-2025-24997
    warning
  • CVE-2025-25008
    high
  • CVE-2025-26633
    high
  • CVE-2025-26645
    critical

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
25 March 2025
Securelist
Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain
25 March 2025
Securelist
Financial cyberthreats in 2024
21 March 2025
Securelist
Threat landscape for industrial automation systems in Q4 2024
19 March 2025
Securelist
Arcane stealer: We want all your data
13 March 2025
Securelist
Head Mare and Twelve join forces to attack Russian entities
12 March 2025
Securelist
Incident response analyst report 2024
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Kaspersky ID
Vulnerability
Detect date
Severity
Confirm changes?
Your message has been sent successfully.