Описание
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface, cause denial of service.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows exFAT File System can be exploited remotely to execute arbitrary code.
- A security feature bypass vulnerability in MapUrlToZone can be exploited remotely to bypass security restrictions.
- A remote code execution vulnerability in Windows Remote Desktop Services can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Win32 Kernel Subsystem can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
- A spoofing vulnerability in NTLM Hash Disclosure can be exploited remotely to spoof user interface.
- An information disclosure vulnerability in Windows USB Video Class System Driver can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Windows Telephony Service can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows Domain Name Service can be exploited remotely to execute arbitrary code.
- A spoofing vulnerability in Microsoft Windows File Explorer can be exploited remotely to spoof user interface.
- An elevation of privilege vulnerability in Microsoft Local Security Authority (LSA) Server can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows NTFS can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Windows Fast FAT File System Driver can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows USB Video Class System Driver can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows NTFS can be exploited remotely to execute arbitrary code.
- A security feature bypass vulnerability in Microsoft Management Console can be exploited remotely to bypass security restrictions.
- A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
Первичный источник обнаружения
- CVE-2025-26645
CVE-2025-24996
CVE-2025-24993
CVE-2025-24983
CVE-2025-24059
CVE-2025-24064
CVE-2025-24055
CVE-2025-24056
CVE-2025-24992
CVE-2025-24072
CVE-2025-24991
CVE-2025-24035
CVE-2025-24054
CVE-2025-21180
CVE-2025-24984
CVE-2025-24051
CVE-2025-21247
CVE-2025-24071
CVE-2025-24045
CVE-2024-9157
CVE-2025-24985
CVE-2025-24987
CVE-2025-26633
CVE-2025-24044
CVE-2025-24988
Эксплуатация
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-Server-2008
Список CVE
- CVE-2024-9157 critical
- CVE-2025-21180 critical
- CVE-2025-21247 warning
- CVE-2025-24035 critical
- CVE-2025-24044 critical
- CVE-2025-24045 critical
- CVE-2025-24051 critical
- CVE-2025-24054 high
- CVE-2025-24055 warning
- CVE-2025-24056 critical
- CVE-2025-24059 critical
- CVE-2025-24064 critical
- CVE-2025-24071 critical
- CVE-2025-24072 critical
- CVE-2025-24983 high
- CVE-2025-24984 warning
- CVE-2025-24985 critical
- CVE-2025-24987 high
- CVE-2025-24988 high
- CVE-2025-24991 high
- CVE-2025-24992 high
- CVE-2025-24993 critical
- CVE-2025-24996 high
- CVE-2025-26633 high
- CVE-2025-26645 critical
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!