Description
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Microsoft Windows QoS Scheduler Driver can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows Imaging Component can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Universal Plug and Play (UPnP) Device Host can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Fast FAT File System Driver can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Workspace Broker can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Win32 Kernel Subsystem can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows KDC Proxy Service (KPSSVC) can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Credential Security Support Provider Protocol (CredSSP) can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Event Tracing can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Transport Driver Interface (TDI) Translation Driver can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Microsoft Virtual Hard Disk can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Microsoft MPEG-2 Video Extension can be exploited remotely to execute arbitrary code.
- A security feature bypass vulnerability in Remote Desktop Licensing Service can be exploited remotely to bypass security restrictions.
- A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in HID Class Driver can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Shell can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Simple Search and Discovery Protocol (SSDP) Service can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Input Method Editor (IME) can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows Transport Driver Interface (TDI) Translation Driver can be exploited remotely to obtain sensitive information.
- An information disclosure vulnerability in Windows User-Mode Driver Framework Host can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Universal Print Management Service can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Microsoft Virtual Hard Disk can be exploited remotely to execute arbitrary code.
- Denial of service vulnerability in Windows Print Spooler can be exploited remotely to cause denial of service.
- A security feature bypass vulnerability in BitLocker can be exploited remotely to bypass security restrictions.
- An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows TCP/IP Driver can be exploited remotely to gain privileges.
- Denial of service vulnerability in Windows Netlogon can be exploited remotely to cause denial of service.
- An information disclosure vulnerability in Windows GDI can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism can be exploited remotely to execute arbitrary code.
- An information disclosure vulnerability in Windows Storage Port Driver can be exploited remotely to obtain sensitive information.
- An information disclosure vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows MBT Transport Driver can be exploited remotely to gain privileges.
Original advisories
- CVE-2025-47980
- CVE-2025-48819
- CVE-2025-49742
- CVE-2025-49673
- CVE-2025-49721
- CVE-2025-49732
- CVE-2025-49665
- CVE-2025-49667
- CVE-2025-49675
- CVE-2025-49735
- CVE-2025-47987
- CVE-2025-49663
- CVE-2025-49678
- CVE-2025-49660
- CVE-2025-49668
- CVE-2025-49659
- CVE-2025-47973
- CVE-2025-49661
- CVE-2025-49727
- CVE-2025-48806
- CVE-2025-47971
- CVE-2025-48814
- CVE-2025-48817
- CVE-2025-48816
- CVE-2025-49679
- CVE-2025-48815
- CVE-2025-48805
- CVE-2025-49687
- CVE-2025-49674
- CVE-2025-47985
- CVE-2025-47976
- CVE-2025-47998
- CVE-2025-49688
- CVE-2025-49669
- CVE-2025-49753
- CVE-2025-49672
- CVE-2025-49657
- CVE-2025-49658
- CVE-2025-49664
- CVE-2025-47986
- CVE-2025-49683
- CVE-2025-49722
- CVE-2025-48001
- CVE-2025-48808
- CVE-2025-49686
- CVE-2025-49716
- CVE-2025-47984
- CVE-2025-48821
- CVE-2025-48804
- CVE-2025-47981
- CVE-2025-49684
- CVE-2025-49681
- CVE-2025-47975
- CVE-2025-49689
- CVE-2025-47996
- CVE-2025-49676
- CVE-2025-49671
- CVE-2025-48824
- CVE-2025-49670
- CVE-2025-49729
Related products
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-Server-2008
CVE list
- CVE-2025-49730 critical
- CVE-2025-47980 high
- CVE-2025-48819 high
- CVE-2025-49742 critical
- CVE-2025-49673 critical
- CVE-2025-49721 critical
- CVE-2025-49732 critical
- CVE-2025-49665 critical
- CVE-2025-49667 critical
- CVE-2025-49675 critical
- CVE-2025-49735 critical
- CVE-2025-47987 critical
- CVE-2025-49663 critical
- CVE-2025-49678 high
- CVE-2025-49660 critical
- CVE-2025-49668 critical
- CVE-2025-49659 critical
- CVE-2025-47973 critical
- CVE-2025-49661 critical
- CVE-2025-49727 high
- CVE-2025-48806 critical
- CVE-2025-47971 critical
- CVE-2025-48814 critical
- CVE-2025-48817 critical
- CVE-2025-48816 critical
- CVE-2025-49679 critical
- CVE-2025-48815 critical
- CVE-2025-48805 critical
- CVE-2025-49687 critical
- CVE-2025-49674 critical
- CVE-2025-47985 critical
- CVE-2025-47976 critical
- CVE-2025-47998 critical
- CVE-2025-49688 critical
- CVE-2025-49669 critical
- CVE-2025-49753 critical
- CVE-2025-49672 critical
- CVE-2025-49657 critical
- CVE-2025-49658 high
- CVE-2025-49664 high
- CVE-2025-47986 critical
- CVE-2025-49683 critical
- CVE-2025-49722 high
- CVE-2025-48001 high
- CVE-2025-48808 high
- CVE-2025-49686 critical
- CVE-2025-49716 high
- CVE-2025-47984 critical
- CVE-2025-48821 high
- CVE-2025-48804 high
- CVE-2025-47981 critical
- CVE-2025-49684 high
- CVE-2025-49681 high
- CVE-2025-47975 high
- CVE-2025-49689 critical
- CVE-2025-47996 critical
- CVE-2025-49676 critical
- CVE-2025-49671 high
- CVE-2025-48824 critical
- CVE-2025-49670 critical
- CVE-2025-49729 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!