Description
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code, gain privileges, cause denial of service.
Below is a complete list of vulnerabilities:
- An information disclosure vulnerability in Remote Desktop Protocol Client can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Web Distributed Authoring and Versioning (WEBDAV) can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
- Denial of service vulnerability in Local Security Authority Subsystem Service (LSASS) can be exploited remotely to cause denial of service.
- An elevation of privilege vulnerability in Windows Remote Access Connection Manager can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows Storage Management Provider can be exploited remotely to obtain sensitive information.
- A security feature bypass vulnerability in Windows Shortcut Files can be exploited remotely to bypass security restrictions.
- An elevation of privilege vulnerability in Windows SMB Client can be exploited remotely to gain privileges.
- Denial of service vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to cause denial of service.
- An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows Remote Desktop Services can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Netlogon can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows KDC Proxy Service (KPSSVC) can be exploited remotely to execute arbitrary code.
- Denial of service vulnerability in Windows Standards-Based Storage Management Service can be exploited remotely to cause denial of service.
- An elevation of privilege vulnerability in Windows Media can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows Storage Port Driver can be exploited remotely to obtain sensitive information.
Original advisories
- CVE-2025-33053
- CVE-2025-32714
- CVE-2025-33064
- CVE-2025-33066
- CVE-2025-32724
- CVE-2025-47955
- CVE-2025-32720
- CVE-2025-47160
- CVE-2025-32718
- CVE-2025-33056
- CVE-2025-32713
- CVE-2025-32712
- CVE-2025-32710
- CVE-2025-33070
- CVE-2025-33060
- CVE-2025-3052
- CVE-2025-33075
- CVE-2025-33071
- CVE-2025-33057
- CVE-2025-33068
- CVE-2025-33073
- CVE-2025-32716
- CVE-2025-32722
Related products
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-Server-2008
CVE list
- CVE-2025-32710 critical
- CVE-2025-32712 critical
- CVE-2025-32713 critical
- CVE-2025-32714 critical
- CVE-2025-32715 high
- CVE-2025-32716 critical
- CVE-2025-32718 critical
- CVE-2025-32720 high
- CVE-2025-32722 high
- CVE-2025-32724 critical
- CVE-2025-33053 critical
- CVE-2025-33056 critical
- CVE-2025-33057 high
- CVE-2025-33060 high
- CVE-2025-33064 critical
- CVE-2025-33066 critical
- CVE-2025-33068 critical
- CVE-2025-33070 critical
- CVE-2025-33071 critical
- CVE-2025-33073 critical
- CVE-2025-33075 critical
- CVE-2025-47160 high
- CVE-2025-47955 critical
- CVE-2025-3052 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!