Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Vulnerabilities

Multiple vulnerabilities in Microsoft Products (ESU)

Kaspersky ID:
KLA89277
Detect Date:
10/14/2025
Updated:
11/04/2025

Description

Multiple vulnerabilities were found in Microsoft Products (ESU). Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, gain privileges, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

  1. Predictor can be exploited remotely to execute arbitrary code.
  2. A security bypass vulnerability in SecureBoot in IGEL OS before 11 can be exploited remotely to bypass security restrictions.
  3. An elevation of privilege vulnerability in Windows Agere Modem Driver can be exploited remotely to gain privileges.
  4. An elevation of privilege vulnerability in PowerShell can be exploited remotely to gain privileges.
  5. An elevation of privilege vulnerability in Windows NTFS can be exploited remotely to gain privileges.
  6. An elevation of privilege vulnerability in DirectX Graphics Kernel can be exploited remotely to gain privileges.
  7. An elevation of privilege vulnerability in Windows Resilient File System (ReFS) can be exploited remotely to gain privileges.
  8. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
  9. An information disclosure vulnerability in Windows WLAN AutoConfig Service can be exploited remotely to obtain sensitive information.
  10. An information disclosure vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to obtain sensitive information.
  11. An elevation of privilege vulnerability in Windows Authentication can be exploited remotely to gain privileges.
  12. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  13. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
  14. An elevation of privilege vulnerability in Windows COM+ Event System Service can be exploited remotely to gain privileges.
  15. An elevation of privilege vulnerability in Windows SMB Server can be exploited remotely to gain privileges.
  16. A denial of service vulnerability in Windows Local Session Manager (LSM) can be exploited remotely to cause denial of service.
  17. A remote code execution vulnerability in Inbox COM Objects (Global Memory) can be exploited remotely to execute arbitrary code.
  18. A remote code execution vulnerability in Remote Desktop Protocol can be exploited remotely to execute arbitrary code.
  19. A spoofing vulnerability in Microsoft Windows File Explorer can be exploited remotely to spoof user interface.
  20. A spoofing vulnerability in NTLM Hash Disclosure can be exploited remotely to spoof user interface.
  21. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  22. An information disclosure vulnerability in Microsoft Failover Cluster can be exploited remotely to obtain sensitive information.
  23. A denial of service vulnerability in Windows Search Service can be exploited remotely to cause denial of service.
  24. An elevation of privilege vulnerability in Windows Simple Search and Discovery Protocol (SSDP) Service can be exploited remotely to gain privileges.
  25. An elevation of privilege vulnerability in Network Connection Status Indicator (NCSI) can be exploited remotely to gain privileges.
  26. An elevation of privilege vulnerability in Windows Remote Desktop Services can be exploited remotely to gain privileges.
  27. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
  28. An information disclosure vulnerability in Windows MapUrlToZone can be exploited remotely to obtain sensitive information.
  29. An information disclosure vulnerability in Windows Push Notification can be exploited remotely to obtain sensitive information.
  30. An elevation of privilege vulnerability in Windows Remote Access Connection Manager can be exploited remotely to gain privileges.
  31. An information disclosure vulnerability in Windows Active Directory Federation Services (ADFS) can be exploited remotely to obtain sensitive information.
  32. A tampering vulnerability in Windows SMB Client can be exploited remotely to spoof user interface.
  33. A remote code execution vulnerability in Internet Information Services (IIS) Inbox COM Objects (Global Memory) can be exploited remotely to execute arbitrary code.
  34. A remote code execution vulnerability in Windows Server Update Service (WSUS) can be exploited remotely to execute arbitrary code.
  35. A remote code execution vulnerability in Windows URL Parsing can be exploited remotely to execute arbitrary code.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2016-9535
    critical
  • CVE-2025-47827
    warning
  • CVE-2025-24052
    critical
  • CVE-2025-24990
    critical
  • CVE-2025-25004
    high
  • CVE-2025-55335
    high
  • CVE-2025-55678
    high
  • CVE-2025-55687
    high
  • CVE-2025-55692
    critical
  • CVE-2025-55695
    warning
  • CVE-2025-55700
    warning
  • CVE-2025-55701
    critical
  • CVE-2025-58714
    critical
  • CVE-2025-58717
    warning
  • CVE-2025-58718
    critical
  • CVE-2025-58725
    high
  • CVE-2025-58726
    critical
  • CVE-2025-58729
    high
  • CVE-2025-58730
    high
  • CVE-2025-58732
    high
  • CVE-2025-58733
    high
  • CVE-2025-58735
    high
  • CVE-2025-58736
    high
  • CVE-2025-58737
    high
  • CVE-2025-58739
    high
  • CVE-2025-59185
    high
  • CVE-2025-59187
    critical
  • CVE-2025-59188
    high
  • CVE-2025-59190
    high
  • CVE-2025-59196
    high
  • CVE-2025-59198
    warning
  • CVE-2025-59201
    critical
  • CVE-2025-59202
    high
  • CVE-2025-59205
    high
  • CVE-2025-59208
    high
  • CVE-2025-59209
    high
  • CVE-2025-59211
    high
  • CVE-2025-59214
    high
  • CVE-2025-59230
    critical
  • CVE-2025-59242
    critical
  • CVE-2025-59244
    high
  • CVE-2025-59253
    high
  • CVE-2025-59258
    high
  • CVE-2025-59259
    high
  • CVE-2025-59275
    critical
  • CVE-2025-59277
    critical
  • CVE-2025-59278
    critical
  • CVE-2025-59280
    warning
  • CVE-2025-59282
    high
  • CVE-2025-59287
    critical
  • CVE-2025-59295
    critical

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
28 October 2025
Securelist
Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs
27 October 2025
Securelist
Mem3nt0 mori – The Hacking Team is back!
22 October 2025
Securelist
Deep analysis of the flaw in BetterBank reward logic
21 October 2025
Securelist
The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques
21 October 2025
Securelist
PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations
17 October 2025
Securelist
Post-exploitation framework now also delivered via npm
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Kaspersky ID
Vulnerability
Detect date
Severity
Confirm changes?
Your message has been sent successfully.