Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Vulnerabilities

Multiple vulnerabilities in Microsoft Windows

Kaspersky ID:
KLA87444
Detect Date:
09/09/2025
Updated:
09/11/2025

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  2. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  3. A security feature bypass vulnerability in MapUrlToZone can be exploited remotely to bypass security restrictions.
  4. An elevation of privilege vulnerability in Windows UI XAML Maps MapControlSettings can be exploited remotely to gain privileges.
  5. A remote code execution vulnerability in Windows SMB Client can be exploited remotely to execute arbitrary code.
  6. An elevation of privilege vulnerability in Windows Defender Firewall Service can be exploited remotely to gain privileges.
  7. An elevation of privilege vulnerability in Windows Hyper-V can be exploited remotely to gain privileges.
  8. An elevation of privilege vulnerability in Windows Connected Devices Platform Service can be exploited remotely to gain privileges.
  9. An information disclosure vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to obtain sensitive information.
  10. A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
  11. An elevation of privilege vulnerability in DirectX Graphics Kernel can be exploited remotely to gain privileges.
  12. An elevation of privilege vulnerability in Windows MultiPoint Services can be exploited remotely to gain privileges.
  13. An elevation of privilege vulnerability in Windows NTLM can be exploited remotely to gain privileges.
  14. An information disclosure vulnerability in Windows Kernel Memory can be exploited remotely to obtain sensitive information.
  15. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
  16. An elevation of privilege vulnerability in Capability Access Management Service (camsvc) can be exploited remotely to gain privileges.
  17. An elevation of privilege vulnerability in Microsoft DWM Core Library can be exploited remotely to gain privileges.
  18. An elevation of privilege vulnerability in Local Security Authority Subsystem Service can be exploited remotely to gain privileges.
  19. A denial of service vulnerability in Windows Connected Devices Platform Service (Cdpsvc) can be exploited remotely to cause denial of service.
  20. An elevation of privilege vulnerability in Windows BitLocker can be exploited remotely to gain privileges.
  21. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to execute arbitrary code.
  22. An information disclosure vulnerability in Windows Imaging Component can be exploited remotely to obtain sensitive information.
  23. A denial of service vulnerability in Local Security Authority Subsystem Service (LSASS) can be exploited remotely to cause denial of service.
  24. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
  25. An elevation of privilege vulnerability in Windows UI XAML Phone DatePickerFlyout can be exploited remotely to gain privileges.
  26. An elevation of privilege vulnerability in Windows Management Service can be exploited remotely to gain privileges.
  27. A remote code execution vulnerability in Graphics Kernel can be exploited remotely to execute arbitrary code.
  28. An elevation of privilege vulnerability in Windows TCP/IP Driver can be exploited remotely to gain privileges.
  29. An elevation of privilege vulnerability in Microsoft Brokering File System can be exploited remotely to gain privileges.
  30. An elevation of privilege vulnerability in Microsoft Virtual Hard Disk can be exploited remotely to gain privileges.
  31. An elevation of privilege vulnerability in Windows Bluetooth Service can be exploited remotely to gain privileges.
  32. A remote code execution vulnerability in Windows NTFS can be exploited remotely to execute arbitrary code.
  33. An elevation of privilege vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism can be exploited remotely to gain privileges.
  34. An elevation of privilege vulnerability in Windows SMB can be exploited remotely to gain privileges.
  35. An elevation of privilege vulnerability in PowerShell Direct can be exploited remotely to gain privileges.
  36. A denial of service vulnerability in HTTP.sys can be exploited remotely to cause denial of service.
  37. An information disclosure vulnerability in Windows Kernel-Mode Driver can be exploited remotely to obtain sensitive information.
 
 

 

 

Original advisories

Related products

CVE list

  • CVE-2025-49734
    high
  • CVE-2025-53796
    high
  • CVE-2025-53797
    high
  • CVE-2025-53798
    high
  • CVE-2025-53799
    high
  • CVE-2025-53800
    critical
  • CVE-2025-53801
    critical
  • CVE-2025-53802
    high
  • CVE-2025-53803
    high
  • CVE-2025-53804
    high
  • CVE-2025-53805
    critical
  • CVE-2025-53806
    high
  • CVE-2025-53807
    high
  • CVE-2025-53808
    high
  • CVE-2025-53809
    high
  • CVE-2025-53810
    high
  • CVE-2025-54091
    critical
  • CVE-2025-54092
    critical
  • CVE-2025-54093
    high
  • CVE-2025-54094
    high
  • CVE-2025-54095
    high
  • CVE-2025-54096
    high
  • CVE-2025-54097
    high
  • CVE-2025-54098
    critical
  • CVE-2025-54099
    high
  • CVE-2025-54101
    warning
  • CVE-2025-54102
    critical
  • CVE-2025-54103
    high
  • CVE-2025-54104
    high
  • CVE-2025-54105
    high
  • CVE-2025-54106
    critical
  • CVE-2025-54107
    warning
  • CVE-2025-54108
    high
  • CVE-2025-54109
    high
  • CVE-2025-54110
    critical
  • CVE-2025-54111
    critical
  • CVE-2025-54112
    high
  • CVE-2025-54113
    critical
  • CVE-2025-54114
    high
  • CVE-2025-54115
    high
  • CVE-2025-54116
    high
  • CVE-2025-54894
    critical
  • CVE-2025-54895
    critical
  • CVE-2025-54911
    high
  • CVE-2025-54912
    critical
  • CVE-2025-54913
    critical
  • CVE-2025-54915
    high
  • CVE-2025-54916
    critical
  • CVE-2025-54917
    warning
  • CVE-2025-54918
    critical
  • CVE-2025-54919
    critical
  • CVE-2025-55223
    high
  • CVE-2025-55224
    critical
  • CVE-2025-55225
    high
  • CVE-2025-55226
    high
  • CVE-2025-55228
    critical
  • CVE-2025-55234
    critical
  • CVE-2025-55236
    high

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
21 April 2025
Kaspersky Daily
Update PyTorch ASAP | Kaspersky official blog
10 September 2025
Securelist
Notes of cyber inspector: three clusters of threat in cyberspace
05 September 2025
Securelist
IT threat evolution in Q2 2025. Mobile statistics
05 September 2025
Securelist
IT threat evolution in Q2 2025. Non-mobile statistics
02 September 2025
Securelist
Cookies and how to bake them: what they are for, associated risks, and what session hijacking has to do with it
29 August 2025
Securelist
How attackers adapt to built-in macOS protection
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Kaspersky ID
Vulnerability
Detect date
Severity
Confirm changes?
Your message has been sent successfully.