Multiple vulnerabilities in Microsoft Products (ESU)

Description

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, read local files, cause denial of service, obtain sensitive information, bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Windows Smart Card Reader can be exploited remotely to gain privileges.
2. An elevation of privilege vulnerability in DirectX Graphics Kernel can be exploited remotely to gain privileges.
3. A denial of service vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to cause denial of service.
4. An elevation of privilege vulnerability in Customer Experience Improvement Program (CEIP) can be exploited remotely to gain privileges.
5. An information disclosure vulnerability in Windows Bluetooth RFCOM Protocol Driver can be exploited remotely to obtain sensitive information.
6. An elevation of privilege vulnerability in Microsoft Streaming Service Proxy can be exploited remotely to gain privileges.
7. An elevation of privilege vulnerability in Windows Remote Desktop Services can be exploited remotely to gain privileges.
8. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
9. An elevation of privilege vulnerability in Windows Client-Side Caching can be exploited remotely to gain privileges.
10. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
11. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.
12. A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
13. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
14. An elevation of privilege vulnerability in Windows Transport Driver Interface (TDI) Translation Driver can be exploited remotely to gain privileges.
15. A remote code execution vulnerability in GDI+ can be exploited remotely to execute arbitrary code.
16. A denial of service vulnerability in Storvsp.sys Driver can be exploited remotely to cause denial of service.
17. An elevation of privilege vulnerability in Windows Speech Recognition can be exploited remotely to gain privileges.
18. An elevation of privilege vulnerability in Windows Speech Runtime can be exploited remotely to gain privileges.
19. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely to obtain sensitive information.
20. An elevation of privilege vulnerability in Microsoft Wireless Provisioning System can be exploited remotely to gain privileges.
21. An information disclosure vulnerability in Windows License Manager can be exploited remotely to obtain sensitive information.
22. An elevation of privilege vulnerability in Multimedia Class Scheduler Service (MMCSS) Driver can be exploited remotely to gain privileges.
23. An information disclosure vulnerability in Windows Speech Recognition can be exploited remotely to obtain sensitive information.
24. A denial of service vulnerability in DirectX Graphics Kernel can be exploited remotely to cause denial of service.
25. An elevation of privilege vulnerability in Windows Broadcast DVR User Service can be exploited remotely to gain privileges.
26. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
27. An elevation of privilege vulnerability in Windows WLAN Service can be exploited remotely to gain privileges.

Fiches de renseignement originales

• CVE-2025-59506

• CVE-2025-59512
• CVE-2025-60709
• CVE-2025-59514
• CVE-2025-59513
• CVE-2025-62213
• CVE-2025-60703
• CVE-2025-60724
• CVE-2025-60704
• CVE-2025-60715
• CVE-2025-59510
• CVE-2025-60705
• CVE-2025-62217
• CVE-2025-60720
• CVE-2025-59505
• CVE-2025-60714
• CVE-2025-62452
• CVE-2025-60719
• CVE-2025-60708
• CVE-2025-59508
• CVE-2025-59507
• CVE-2025-60706
• CVE-2025-62218
• CVE-2025-62208
• CVE-2025-60716
• CVE-2025-60707
• CVE-2025-59509
• CVE-2025-60723
• CVE-2025-62209
• CVE-2025-62219
• CVE-2025-60717
• CVE-2025-62215
• CVE-2025-59515
• CVE-2025-59511

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Produits associés

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-Server-2008
• Microsoft-Windows-10
• Microsoft-Windows-11

Liste CVE

• CVE-2025-59505
  critical
• CVE-2025-59506
  high
• CVE-2025-59507
  high
• CVE-2025-59508
  high
• CVE-2025-59509
  high
• CVE-2025-59510
  high
• CVE-2025-59511
  critical
• CVE-2025-59512
  critical
• CVE-2025-59513
  high
• CVE-2025-59514
  critical
• CVE-2025-59515
  high
• CVE-2025-60703
  critical
• CVE-2025-60704
  critical
• CVE-2025-60705
  critical
• CVE-2025-60706
  high
• CVE-2025-60707
  critical
• CVE-2025-60708
  high
• CVE-2025-60709
  critical
• CVE-2025-60714
  critical
• CVE-2025-60715
  critical
• CVE-2025-60716
  high
• CVE-2025-60717
  high
• CVE-2025-60719
  high
• CVE-2025-60720
  critical
• CVE-2025-60723
  high
• CVE-2025-60724
  critical
• CVE-2025-62208
  high
• CVE-2025-62209
  high
• CVE-2025-62213
  high
• CVE-2025-62215
  high
• CVE-2025-62217
  high
• CVE-2025-62218
  high
• CVE-2025-62219
  high
• CVE-2025-62452
  critical

Liste KB

• 5066791
• 5066793
• 5068781
• 5068909
• 5068906
• 5068904
• 5068907
• 5068908
• 5068905

En savoir plus

Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com