Продукты:
Для дома
Для малого бизнеса
Для среднего бизнеса
Для крупного бизнеса
Уязвимости Угрозы
Главная Уязвимости

Multiple vulnerabilities in Microsoft Windows

Kaspersky ID:
KLA78975
Дата обнаружения:
14/01/2025
Обновлено:
16/01/2025

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, gain privileges, cause denial of service, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A security feature bypass vulnerability in MapUrlToZone can be exploited remotely to bypass security restrictions.
  2. An information disclosure vulnerability in Microsoft Message Queuing can be exploited remotely to obtain sensitive information.
  3. An elevation of privilege vulnerability in Windows Digital Media can be exploited remotely to gain privileges.
  4. An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges.
  5. A security feature bypass vulnerability in Windows HTML Platforms can be exploited remotely to bypass security restrictions.
  6. A denial of service vulnerability in Windows Connected Devices Platform Service (Cdpsvc) can be exploited remotely to cause denial of service.
  7. A security feature bypass vulnerability in Windows Kerberos can be exploited remotely to bypass security restrictions.
  8. An information disclosure vulnerability in Windows Kerberos can be exploited remotely to obtain sensitive information.
  9. A remote code execution vulnerability in Windows Telephony Service can be exploited remotely to execute arbitrary code.
  10. An elevation of privilege vulnerability in Windows PrintWorkflowUserSvc can be exploited remotely to gain privileges.
  11. An information disclosure vulnerability in Windows Kernel Memory can be exploited remotely to obtain sensitive information.
  12. An elevation of privilege vulnerability in Windows Hyper-V NT Kernel Integration VSP can be exploited remotely to gain privileges.
  13. A security feature bypass vulnerability in Windows Virtualization-Based Security (VBS) can be exploited remotely to bypass security restrictions.
  14. An information disclosure vulnerability in Windows BitLocker can be exploited remotely to obtain sensitive information.
  15. A spoofing vulnerability in Windows NTLM can be exploited remotely to spoof user interface.
  16. An information disclosure vulnerability in Windows Cryptographic can be exploited remotely to obtain sensitive information.
  17. A denial of service vulnerability in Windows Remote Desktop Gateway (RD Gateway) can be exploited remotely to cause denial of service.
  18. An information disclosure vulnerability in Windows Web Threat Defense User Service can be exploited remotely to obtain sensitive information.
  19. An elevation of privilege vulnerability in Windows Virtualization-Based Security (VBS) Enclave can be exploited remotely to gain privileges.
  20. A denial of service vulnerability in Microsoft Message Queuing (MSMQ) can be exploited remotely to cause denial of service.
  21. A security feature bypass vulnerability in Secure Boot can be exploited remotely to bypass security restrictions.
  22. A remote code execution vulnerability in Microsoft Digest Authentication can be exploited remotely to execute arbitrary code.
  23. A denial of service vulnerability in Windows Event Tracing can be exploited remotely to cause denial of service.
  24. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  25. A denial of service vulnerability in Windows Security Account Manager (SAM) can be exploited remotely to cause denial of service.
  26. An elevation of privilege vulnerability in Windows Search Service can be exploited remotely to gain privileges.
  27. A remote code execution vulnerability in Internet Explorer can be exploited remotely to execute arbitrary code.
  28. An elevation of privilege vulnerability in Microsoft Brokering File System can be exploited remotely to gain privileges.
  29. An information disclosure vulnerability in Windows COM Server can be exploited remotely to obtain sensitive information.
  30. A remote code execution vulnerability in GDI+ can be exploited remotely to execute arbitrary code.
  31. A remote code execution vulnerability in Windows Reliable Multicast Transport Driver (RMCAST) can be exploited remotely to execute arbitrary code.
  32. A remote code execution vulnerability in Windows Direct Show can be exploited remotely to execute arbitrary code.
  33. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
  34. An information disclosure vulnerability in Windows Smart Card Reader can be exploited remotely to obtain sensitive information.
  35. An elevation of privilege vulnerability in Windows Recovery Environment Agent can be exploited remotely to gain privileges.
  36. A denial of service vulnerability in Windows Virtual Trusted Platform Module can be exploited remotely to cause denial of service.
  37. A remote code execution vulnerability in Windows Line Printer Daemon (LPD) Service can be exploited remotely to execute arbitrary code.
  38. A denial of service vulnerability in Windows upnphost.dll can be exploited remotely to cause denial of service.
  39. A remote code execution vulnerability in Windows Remote Desktop Services can be exploited remotely to execute arbitrary code.
  40. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
  41. A spoofing vulnerability in Windows SmartScreen can be exploited remotely to spoof user interface.
  42. A denial of service vulnerability in Windows Kerberos can be exploited remotely to cause denial of service.
  43. An elevation of privilege vulnerability in Windows App Package Installer can be exploited remotely to gain privileges.
  44. A spoofing vulnerability in Windows Themes can be exploited remotely to spoof user interface.
  45. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.
  46. A denial of service vulnerability in Windows MapUrlToZone can be exploited remotely to cause denial of service.
  47. An information disclosure vulnerability in Windows CSC Service can be exploited remotely to obtain sensitive information.
  48. A remote code execution vulnerability in BranchCache can be exploited remotely to execute arbitrary code.
  49. A remote code execution vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism can be exploited remotely to execute arbitrary code.
  50. An elevation of privilege vulnerability in Microsoft COM for Windows can be exploited remotely to gain privileges.
  51. An elevation of privilege vulnerability in Windows NTLM V1 can be exploited remotely to gain privileges.
  52. Security vulnerability in composition area can be exploited to bypass security restrictions.
  53. An information disclosure vulnerability in Windows WLAN AutoConfig Service can be exploited remotely to obtain sensitive information.
  54. An elevation of privilege vulnerability in Microsoft DWM Core Library can be exploited remotely to gain privileges.
  55. A denial of service vulnerability in IP Helper can be exploited remotely to cause denial of service.
  56. An information disclosure vulnerability in Windows Geolocation Service can be exploited remotely to obtain sensitive information.
  57. An elevation of privilege vulnerability in Windows CSC Service can be exploited remotely to gain privileges.
  58. A spoofing vulnerability in Active Directory Federation Server can be exploited remotely to spoof user interface.
  59. A security feature bypass vulnerability in Secure Boot can be exploited remotely to obtain sensitive information.
  60. A denial of service vulnerability in Windows Remote Desktop Services can be exploited remotely to cause denial of service.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2025-21240
    critical
  • CVE-2025-21329
    warning
  • CVE-2025-21220
    critical
  • CVE-2025-21293
    critical
  • CVE-2025-21244
    critical
  • CVE-2025-21327
    high
  • CVE-2025-21302
    critical
  • CVE-2025-21214
    warning
  • CVE-2025-21328
    warning
  • CVE-2025-21260
    high
  • CVE-2025-21303
    critical
  • CVE-2025-21269
    warning
  • CVE-2025-21312
    warning
  • CVE-2025-21242
    high
  • CVE-2025-21282
    critical
  • CVE-2025-21251
    critical
  • CVE-2025-21306
    critical
  • CVE-2025-21255
    high
  • CVE-2025-21272
    high
  • CVE-2025-21341
    high
  • CVE-2025-21316
    high
  • CVE-2025-21245
    critical
  • CVE-2025-21263
    high
  • CVE-2025-21252
    critical
  • CVE-2025-21249
    high
  • CVE-2025-21320
    high
  • CVE-2025-21409
    critical
  • CVE-2025-21300
    critical
  • CVE-2025-21273
    critical
  • CVE-2025-21229
    high
  • CVE-2025-21210
    warning
  • CVE-2025-21309
    critical
  • CVE-2025-21217
    high
  • CVE-2025-21321
    high
  • CVE-2025-21318
    high
  • CVE-2025-21226
    high
  • CVE-2025-21413
    critical
  • CVE-2025-21336
    high
  • CVE-2025-21278
    high
  • CVE-2025-21238
    critical
  • CVE-2025-21218
    critical
  • CVE-2025-21310
    high
  • CVE-2025-21223
    critical
  • CVE-2025-21324
    high
  • CVE-2025-21232
    high
  • CVE-2025-21230
    critical
  • CVE-2025-21389
    critical
  • CVE-2025-21308
    high
  • CVE-2025-21298
    critical
  • CVE-2025-21266
    critical
  • CVE-2025-21276
    critical
  • CVE-2025-21213
    warning
  • CVE-2025-21294
    critical
  • CVE-2025-21274
    high
  • CVE-2025-21331
    high
  • CVE-2025-21261
    high
  • CVE-2025-21319
    high
  • CVE-2025-21417
    critical
  • CVE-2025-21374
    high
  • CVE-2025-21265
    high
  • CVE-2025-21285
    critical
  • CVE-2025-21227
    high
  • CVE-2025-21233
    critical
  • CVE-2025-21270
    critical
  • CVE-2025-21296
    critical
  • CVE-2025-21295
    critical
  • CVE-2025-21281
    critical
  • CVE-2025-21297
    critical
  • CVE-2025-21243
    critical
  • CVE-2025-21339
    critical
  • CVE-2025-21290
    critical
  • CVE-2025-21268
    warning
  • CVE-2024-7344
    warning
  • CVE-2025-21258
    high
  • CVE-2025-21289
    critical
  • CVE-2025-21411
    critical
  • CVE-2025-21211
    high
  • CVE-2025-21189
    warning
  • CVE-2025-21237
    critical
  • CVE-2025-21277
    critical
  • CVE-2025-21288
    high
  • CVE-2025-21338
    critical
  • CVE-2025-21307
    critical
  • CVE-2025-21287
    critical
  • CVE-2025-21286
    critical
  • CVE-2025-21256
    high
  • CVE-2025-21332
    warning
  • CVE-2025-21246
    critical
  • CVE-2025-21228
    high
  • CVE-2025-21231
    critical
  • CVE-2025-21250
    critical
  • CVE-2025-21378
    critical
  • CVE-2025-21236
    critical
  • CVE-2025-21215
    warning
  • CVE-2025-21305
    critical
  • CVE-2025-21271
    critical
  • CVE-2025-21207
    critical
  • CVE-2025-21299
    high
  • CVE-2025-21235
    critical
  • CVE-2025-21333
    critical
  • CVE-2025-21340
    high
  • CVE-2025-21234
    critical
  • CVE-2025-21343
    critical
  • CVE-2025-21370
    critical
  • CVE-2025-21323
    high
  • CVE-2025-21248
    critical
  • CVE-2025-21219
    warning
  • CVE-2025-21313
    high
  • CVE-2025-21292
    critical
  • CVE-2025-21326
    critical
  • CVE-2025-21317
    high
  • CVE-2025-21372
    critical
  • CVE-2025-21315
    critical
  • CVE-2025-21335
    critical
  • CVE-2025-21291
    critical
  • CVE-2025-21239
    critical
  • CVE-2025-21202
    high
  • CVE-2025-21284
    high
  • CVE-2025-21224
    critical
  • CVE-2025-21241
    critical
  • CVE-2025-21382
    critical
  • CVE-2025-21314
    high
  • CVE-2025-21225
    high
  • CVE-2025-21280
    high
  • CVE-2025-21275
    critical
  • CVE-2025-21311
    critical
  • CVE-2025-21257
    high
  • CVE-2025-21304
    critical
  • CVE-2025-21334
    critical
  • CVE-2025-21301
    high
  • CVE-2025-21193
    high
  • CVE-2025-21330
    critical

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Related articles
17 January 2025
Securelist
Обзор защищенности головного устройства Mercedes-Benz
27 December 2024
Securelist
Ландшафт угроз для систем промышленной автоматизации. Третий квартал 2024
23 December 2024
Securelist
Как злоумышленники эксплуатируют исправленную уязвимость в FortiClient EMS
19 December 2024
Securelist
Новый инструмент в атаках Cloud Atlas
18 December 2024
Securelist
Сквозь тени анархии: разбираем атаки Cyber Anarchy Squad
17 December 2024
Securelist
Установите банкер, чтобы отследить посылку
Нашли неточность в описании этой уязвимости?
Если вы нашли новую угрозу или уязвимость, пожалуйста дайте нам знать по электронной почте:
newvirus@kaspersky.com
Нашли новую угрозу или уязвимость?
Если вы нашли новую угрозу или уязвимость, пожалуйста дайте нам знать по электронной почте:
newvirus@kaspersky.com
Продукты
Для дома
Для малого бизнеса
Для среднего бизнеса
Для крупного бизнеса
Select language
Sorting
Kaspersky ID
Уязвимость
Detect date
Уровень угрозы
Confirm changes?
Your message has been sent successfully.