Kaspersky Threats

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability can be exploited remotely to gain privileges.
A remote code execution vulnerability in Windows exFAT File System can be exploited remotely to execute arbitrary code.
A security feature bypass vulnerability in MapUrlToZone can be exploited remotely to bypass security restrictions.
A remote code execution vulnerability in Windows Remote Desktop Services can be exploited remotely to execute arbitrary code.
An elevation of privilege vulnerability in Windows Win32 Kernel Subsystem can be exploited remotely to gain privileges.
A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
A spoofing vulnerability in NTLM Hash Disclosure can be exploited remotely to spoof user interface.
An information disclosure vulnerability in Windows USB Video Class System Driver can be exploited remotely to obtain sensitive information.
A remote code execution vulnerability in Windows Telephony Service can be exploited remotely to execute arbitrary code.
An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
A remote code execution vulnerability in Windows Domain Name Service can be exploited remotely to execute arbitrary code.
A spoofing vulnerability in Microsoft Windows File Explorer can be exploited remotely to spoof user interface.
An elevation of privilege vulnerability in Microsoft Local Security Authority (LSA) Server can be exploited remotely to gain privileges.
An information disclosure vulnerability in Windows NTFS can be exploited remotely to obtain sensitive information.
A remote code execution vulnerability in Windows Fast FAT File System Driver can be exploited remotely to execute arbitrary code.
An elevation of privilege vulnerability in Windows USB Video Class System Driver can be exploited remotely to gain privileges.
A remote code execution vulnerability in Windows NTFS can be exploited remotely to execute arbitrary code.
A security feature bypass vulnerability in Microsoft Management Console can be exploited remotely to bypass security restrictions.
A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.

Первичный источник обнаружения

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

CVE-2024-9157
critical
CVE-2025-21180
critical
CVE-2025-21247
warning
CVE-2025-24035
critical
CVE-2025-24044
critical
CVE-2025-24045
critical
CVE-2025-24051
critical
CVE-2025-24054
high
CVE-2025-24055
warning
CVE-2025-24056
critical
CVE-2025-24059
critical
CVE-2025-24064
critical
CVE-2025-24071
high
CVE-2025-24072
critical
CVE-2025-24983
high
CVE-2025-24984
warning
CVE-2025-24985
critical
CVE-2025-24987
high
CVE-2025-24988
high
CVE-2025-24991
high
CVE-2025-24992
high
CVE-2025-24993
critical
CVE-2025-24996
high
CVE-2025-26633
high
CVE-2025-26645
critical

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!