Description
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Push Notifications Apps can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in GDI+ can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Kernel Transaction Manager can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Hyper-V can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Microsoft Message Queuing (MSMQ) can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Remote Access Point-to-Point Protocol (PPP) EAP-TLS can be exploited remotely to gain privileges.
- A spoofing vulnerability in Microsoft Windows File Explorer can be exploited remotely to spoof user interface.
- An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver can be exploited remotely to gain privileges.
- An information disclosure vulnerability in NT OS Kernel can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Desktop Windows Manager can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows NTLM can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in DirectX Graphics Kernel can be exploited remotely to gain privileges.
- A denial of service vulnerability in Windows Remote Desktop Services can be exploited remotely to cause denial of service.
- An information disclosure vulnerability in Windows NTFS can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Desktop Windows Manager can be exploited remotely to execute arbitrary code.
- An information disclosure vulnerability in Windows Distributed Transaction Coordinator (MSDTC) can be exploited remotely to obtain sensitive information.
Original advisories
- CVE-2025-50155
- CVE-2025-50160
- CVE-2025-53766
- CVE-2025-49757
- CVE-2025-53725
- CVE-2025-49762
- CVE-2025-53140
- CVE-2025-53155
- CVE-2025-53137
- CVE-2025-53138
- CVE-2025-53132
- CVE-2025-50177
- CVE-2025-53134
- CVE-2025-53724
- CVE-2025-53154
- CVE-2025-53153
- CVE-2025-50162
- CVE-2025-50159
- CVE-2025-50154
- CVE-2025-53143
- CVE-2025-49761
- CVE-2025-53149
- CVE-2025-53136
- CVE-2025-50163
- CVE-2025-53144
- CVE-2025-53719
- CVE-2025-50153
- CVE-2025-53723
- CVE-2025-53778
- CVE-2025-53145
- CVE-2025-50156
- CVE-2025-53726
- CVE-2025-53135
- CVE-2025-53720
- CVE-2025-50164
- CVE-2025-53148
- CVE-2025-53722
- CVE-2025-50161
- CVE-2025-50158
- CVE-2025-49743
- CVE-2025-53152
- CVE-2025-53718
- CVE-2025-50167
- CVE-2025-50157
- CVE-2025-53147
- CVE-2025-50166
- CVE-2025-53141
Related products
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-Server-2008
CVE list
- CVE-2025-50173 critical
- CVE-2025-50155 critical
- CVE-2025-50160 critical
- CVE-2025-53766 critical
- CVE-2025-49757 critical
- CVE-2025-53725 critical
- CVE-2025-49762 high
- CVE-2025-53140 high
- CVE-2025-53155 critical
- CVE-2025-53137 high
- CVE-2025-53138 high
- CVE-2025-53132 critical
- CVE-2025-50177 critical
- CVE-2025-53134 high
- CVE-2025-53724 critical
- CVE-2025-53154 critical
- CVE-2025-53153 high
- CVE-2025-50162 critical
- CVE-2025-50159 high
- CVE-2025-50154 critical
- CVE-2025-53143 critical
- CVE-2025-49761 critical
- CVE-2025-53149 critical
- CVE-2025-53136 high
- CVE-2025-50163 critical
- CVE-2025-53144 critical
- CVE-2025-53719 high
- CVE-2025-50153 critical
- CVE-2025-53723 critical
- CVE-2025-53778 critical
- CVE-2025-53145 critical
- CVE-2025-50156 high
- CVE-2025-53726 critical
- CVE-2025-53135 high
- CVE-2025-53720 critical
- CVE-2025-50164 critical
- CVE-2025-53148 high
- CVE-2025-53722 critical
- CVE-2025-50161 high
- CVE-2025-50158 high
- CVE-2025-49743 high
- CVE-2025-53152 critical
- CVE-2025-53718 high
- CVE-2025-50167 high
- CVE-2025-50157 high
- CVE-2025-53147 high
- CVE-2025-50166 high
- CVE-2025-53141 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!