Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, obtain sensitive information, gain privileges, cause denial of service, spoof user interface.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Windows Telephony Service can be exploited remotely to execute arbitrary code.
2. A security feature bypass vulnerability in MapUrlToZone can be exploited remotely to bypass security restrictions.
3. An information disclosure vulnerability in Microsoft Message Queuing can be exploited remotely to obtain sensitive information.
4. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
5. An elevation of privilege vulnerability in Windows Digital Media can be exploited remotely to gain privileges.
6. An information disclosure vulnerability in Windows BitLocker can be exploited remotely to obtain sensitive information.
7. A security feature bypass vulnerability in Windows HTML Platforms can be exploited remotely to bypass security restrictions.
8. An information disclosure vulnerability in Windows Smart Card Reader can be exploited remotely to obtain sensitive information.
9. An information disclosure vulnerability in Windows Kerberos can be exploited remotely to obtain sensitive information.
10. A denial of service vulnerability in Microsoft Message Queuing (MSMQ) can be exploited remotely to cause denial of service.
11. An information disclosure vulnerability in Windows COM Server can be exploited remotely to obtain sensitive information.
12. An information disclosure vulnerability in Windows Kernel Memory can be exploited remotely to obtain sensitive information.
13. A denial of service vulnerability in Windows upnphost.dll can be exploited remotely to cause denial of service.
14. A remote code execution vulnerability in Windows Remote Desktop Services can be exploited remotely to execute arbitrary code.
15. A spoofing vulnerability in Windows NTLM can be exploited remotely to spoof user interface.
16. An information disclosure vulnerability in Windows Cryptographic can be exploited remotely to obtain sensitive information.
17. A denial of service vulnerability in Windows Remote Desktop Gateway (RD Gateway) can be exploited remotely to cause denial of service.
18. A denial of service vulnerability in Windows Kerberos can be exploited remotely to cause denial of service.
19. A spoofing vulnerability in Windows Themes can be exploited remotely to spoof user interface.
20. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.
21. A denial of service vulnerability in Windows MapUrlToZone can be exploited remotely to cause denial of service.
22. A security feature bypass vulnerability in Secure Boot can be exploited remotely to bypass security restrictions.
23. A remote code execution vulnerability in Microsoft Digest Authentication can be exploited remotely to execute arbitrary code.
24. A denial of service vulnerability in Windows Event Tracing can be exploited remotely to cause denial of service.
25. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
26. An information disclosure vulnerability in Windows CSC Service can be exploited remotely to obtain sensitive information.
27. A remote code execution vulnerability in BranchCache can be exploited remotely to execute arbitrary code.
28. A remote code execution vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism can be exploited remotely to execute arbitrary code.
29. An elevation of privilege vulnerability in Microsoft COM for Windows can be exploited remotely to gain privileges.
30. Security vulnerability in composition area can be exploited to bypass security restrictions.
31. A remote code execution vulnerability in GDI+ can be exploited remotely to execute arbitrary code.
32. A remote code execution vulnerability in Windows Reliable Multicast Transport Driver (RMCAST) can be exploited remotely to execute arbitrary code.
33. A denial of service vulnerability in IP Helper can be exploited remotely to cause denial of service.
34. An elevation of privilege vulnerability in Windows CSC Service can be exploited remotely to gain privileges.
35. A security feature bypass vulnerability in Secure Boot can be exploited remotely to obtain sensitive information.

Первичный источник обнаружения

• CVE-2025-21240
  CVE-2025-21329
  CVE-2025-21220
  CVE-2025-21293
  CVE-2025-21244
  CVE-2025-21327
  CVE-2025-21302
  CVE-2025-21214
  CVE-2025-21328
  CVE-2025-21260
  CVE-2025-21303
  CVE-2025-21269
  CVE-2025-21312
  CVE-2025-21242
  CVE-2025-21282
  CVE-2025-21251
  CVE-2025-21306
  CVE-2025-21255
  CVE-2025-21272
  CVE-2025-21341
  CVE-2025-21316
  CVE-2025-21245
  CVE-2025-21263
  CVE-2025-21252
  CVE-2025-21249
  CVE-2025-21320
  CVE-2025-21409
  CVE-2025-21300
  CVE-2025-21273
  CVE-2025-21229
  CVE-2025-21210
  CVE-2025-21309
  CVE-2025-21217
  CVE-2025-21321
  CVE-2025-21318
  CVE-2025-21226
  CVE-2025-21413
  CVE-2025-21336
  CVE-2025-21278
  CVE-2025-21238
  CVE-2025-21218
  CVE-2025-21310
  CVE-2025-21223
  CVE-2025-21324
  CVE-2025-21232
  CVE-2025-21230
  CVE-2025-21389
  CVE-2025-21308
  CVE-2025-21298
  CVE-2025-21266
  CVE-2025-21276
  CVE-2025-21213
  CVE-2025-21294
  CVE-2025-21274
  CVE-2025-21331
  CVE-2025-21261
  CVE-2025-21319
  CVE-2025-21417
  CVE-2025-21374
  CVE-2025-21265
  CVE-2025-21285
  CVE-2025-21227
  CVE-2025-21233
  CVE-2025-21270
  CVE-2025-21296
  CVE-2025-21295
  CVE-2025-21281
  CVE-2025-21297
  CVE-2025-21243
  CVE-2025-21339
  CVE-2025-21290
  CVE-2025-21268
  CVE-2024-7344
  CVE-2025-21258
  CVE-2025-21289
  CVE-2025-21411
  CVE-2025-21211
  CVE-2025-21189
  CVE-2025-21237
  CVE-2025-21277
  CVE-2025-21288
  CVE-2025-21338
  CVE-2025-21307
  CVE-2025-21287
  CVE-2025-21286
  CVE-2025-21256
  CVE-2025-21332
  CVE-2025-21246
  CVE-2025-21228
  CVE-2025-21231
  CVE-2025-21250
  CVE-2025-21378
  CVE-2025-21236
  CVE-2025-21215
  CVE-2025-21305
  

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-Server-2008

Список CVE

• CVE-2025-21240
  critical
• CVE-2025-21329
  warning
• CVE-2025-21220
  critical
• CVE-2025-21293
  critical
• CVE-2025-21244
  critical
• CVE-2025-21327
  high
• CVE-2025-21302
  critical
• CVE-2025-21214
  warning
• CVE-2025-21328
  warning
• CVE-2025-21260
  high
• CVE-2025-21303
  critical
• CVE-2025-21269
  warning
• CVE-2025-21312
  warning
• CVE-2025-21242
  high
• CVE-2025-21282
  critical
• CVE-2025-21251
  critical
• CVE-2025-21306
  critical
• CVE-2025-21255
  high
• CVE-2025-21272
  high
• CVE-2025-21341
  high
• CVE-2025-21316
  high
• CVE-2025-21245
  critical
• CVE-2025-21263
  high
• CVE-2025-21252
  critical
• CVE-2025-21249
  high
• CVE-2025-21320
  high
• CVE-2025-21409
  critical
• CVE-2025-21300
  critical
• CVE-2025-21273
  critical
• CVE-2025-21229
  high
• CVE-2025-21210
  warning
• CVE-2025-21309
  critical
• CVE-2025-21217
  high
• CVE-2025-21321
  high
• CVE-2025-21318
  high
• CVE-2025-21226
  high
• CVE-2025-21413
  critical
• CVE-2025-21336
  high
• CVE-2025-21278
  high
• CVE-2025-21238
  critical
• CVE-2025-21218
  critical
• CVE-2025-21310
  high
• CVE-2025-21223
  critical
• CVE-2025-21324
  high
• CVE-2025-21232
  high
• CVE-2025-21230
  critical
• CVE-2025-21389
  critical
• CVE-2025-21308
  high
• CVE-2025-21298
  critical
• CVE-2025-21266
  critical
• CVE-2025-21276
  critical
• CVE-2025-21213
  warning
• CVE-2025-21294
  critical
• CVE-2025-21274
  high
• CVE-2025-21331
  high
• CVE-2025-21261
  high
• CVE-2025-21319
  high
• CVE-2025-21417
  critical
• CVE-2025-21374
  high
• CVE-2025-21265
  high
• CVE-2025-21285
  critical
• CVE-2025-21227
  high
• CVE-2025-21233
  critical
• CVE-2025-21270
  critical
• CVE-2025-21296
  critical
• CVE-2025-21295
  critical
• CVE-2025-21281
  critical
• CVE-2025-21297
  critical
• CVE-2025-21243
  critical
• CVE-2025-21339
  critical
• CVE-2025-21290
  critical
• CVE-2025-21268
  warning
• CVE-2024-7344
  warning
• CVE-2025-21258
  high
• CVE-2025-21289
  critical
• CVE-2025-21411
  critical
• CVE-2025-21211
  high
• CVE-2025-21189
  warning
• CVE-2025-21237
  critical
• CVE-2025-21277
  critical
• CVE-2025-21288
  high
• CVE-2025-21338
  critical
• CVE-2025-21307
  critical
• CVE-2025-21287
  critical
• CVE-2025-21286
  critical
• CVE-2025-21256
  high
• CVE-2025-21332
  warning
• CVE-2025-21246
  critical
• CVE-2025-21228
  high
• CVE-2025-21231
  critical
• CVE-2025-21250
  critical
• CVE-2025-21378
  critical
• CVE-2025-21236
  critical
• CVE-2025-21215
  warning
• CVE-2025-21305
  critical

Список KB

• 5050006
• 5050063
• 5049994
• 5050004
• 5050048
• 5050061
• 5050049

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com