Kaspersky Threats

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, spoof user interface, gain privileges, obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Use after free in DNS Server allows an unauthorized attacker to execute code over a network.
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.
Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.
Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.
Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
An elevation of privilege vulnerability can be exploited remotely to gain privileges.
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

Первичный источник обнаружения

Связанные продукты

Список CVE

CVE-2024-9157
unknown
CVE-2025-21180
high
CVE-2025-21247
warning
CVE-2025-24035
high
CVE-2025-24044
high
CVE-2025-24045
high
CVE-2025-24051
high
CVE-2025-24054
high
CVE-2025-24055
warning
CVE-2025-24056
high
CVE-2025-24059
high
CVE-2025-24064
high
CVE-2025-24071
high
CVE-2025-24072
high
CVE-2025-24983
high
CVE-2025-24984
warning
CVE-2025-24985
high
CVE-2025-24987
high
CVE-2025-24988
high
CVE-2025-24991
high
CVE-2025-24992
high
CVE-2025-24993
high
CVE-2025-24996
high
CVE-2025-26633
high
CVE-2025-26645
high

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!