Description
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions, execute arbitrary code, read local files, cause denial of service.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in DirectX Graphics Kernel can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Customer Experience Improvement Program (CEIP) can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Microsoft Streaming Service Proxy can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows Bluetooth RFCOM Protocol Driver can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Remote Desktop Services can be exploited remotely to gain privileges.
- A remote code execution vulnerability in GDI+ can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
- A denial of service vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to cause denial of service.
- An elevation of privilege vulnerability in Windows Client-Side Caching can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Transport Driver Interface (TDI) Translation Driver can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Smart Card Reader can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.
Original advisories
- CVE-2025-59512
- CVE-2025-60709
- CVE-2025-59514
- CVE-2025-59513
- CVE-2025-62213
- CVE-2025-60703
- CVE-2025-60724
- CVE-2025-60704
- CVE-2025-60715
- CVE-2025-59510
- CVE-2025-60705
- CVE-2025-62217
- CVE-2025-60720
- CVE-2025-59505
- CVE-2025-60714
- CVE-2025-62452
- CVE-2025-60719
Related products
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-Server-2008
CVE list
- CVE-2025-59505 critical
- CVE-2025-59506 high
- CVE-2025-59510 high
- CVE-2025-59512 critical
- CVE-2025-59513 high
- CVE-2025-59514 critical
- CVE-2025-60703 critical
- CVE-2025-60704 critical
- CVE-2025-60705 critical
- CVE-2025-60709 critical
- CVE-2025-60714 critical
- CVE-2025-60715 critical
- CVE-2025-60719 high
- CVE-2025-60720 critical
- CVE-2025-60724 critical
- CVE-2025-62213 high
- CVE-2025-62217 high
- CVE-2025-62452 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!