Описание
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, gain privileges, obtain sensitive information, cause denial of service, spoof user interface.
Below is a complete list of vulnerabilities:
- Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
- Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
- Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
- Improper link resolution before file access (‘link following’) in Microsoft Windows allows an authorized attacker to elevate privileges locally.
- Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.
- Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.
- Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
- External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
- Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.
- Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
- Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
- Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
- Security vulnerability in composition area can be exploited to bypass security restrictions.
- An elevation of privilege vulnerability can be exploited remotely to gain privileges.
- Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
- Use after free vulnerability in media can be exploited to cause denial of service or execute arbitrary code.
- Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.
- Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- Use after free in DNS Server allows an unauthorized attacker to execute code over a network.
- Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.
- Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.
- Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
- Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
- Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
- Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
- Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
- Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.
- Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
Первичный источник обнаружения
- CVE-2025-26645
CVE-2025-24066
CVE-2025-24993
CVE-2025-24983
CVE-2025-25008
CVE-2025-24055
CVE-2025-24056
CVE-2025-24995
CVE-2025-24054
CVE-2025-21180
CVE-2025-24051
CVE-2025-21247
CVE-2025-24071
CVE-2025-24045
CVE-2025-24994
CVE-2025-24997
CVE-2024-9157
CVE-2025-24050
CVE-2025-24987
CVE-2025-24048
CVE-2025-24996
CVE-2025-26634
CVE-2025-24061
CVE-2025-24059
CVE-2025-24064
CVE-2025-24992
CVE-2025-24072
CVE-2025-24067
CVE-2025-24076
CVE-2025-24991
CVE-2025-24035
CVE-2025-24984
CVE-2025-24046
CVE-2025-24985
CVE-2025-24084
CVE-2025-26633
CVE-2025-24044
CVE-2025-24988
Связанные продукты
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-10
- Microsoft-Windows-Server-2016
- Microsoft-Windows-Server-2019
- Microsoft-Windows-11
- Microsoft-Remote-Desktop
- Microsoft-Windows-Server-2022
Список CVE
- CVE-2024-9157 unknown
- CVE-2025-21180 high
- CVE-2025-21247 warning
- CVE-2025-24035 high
- CVE-2025-24044 high
- CVE-2025-24045 high
- CVE-2025-24046 high
- CVE-2025-24048 high
- CVE-2025-24050 high
- CVE-2025-24051 high
- CVE-2025-24054 high
- CVE-2025-24055 warning
- CVE-2025-24056 high
- CVE-2025-24059 high
- CVE-2025-24061 high
- CVE-2025-24064 high
- CVE-2025-24066 high
- CVE-2025-24067 high
- CVE-2025-24071 high
- CVE-2025-24072 high
- CVE-2025-24076 high
- CVE-2025-24084 high
- CVE-2025-24983 high
- CVE-2025-24984 warning
- CVE-2025-24985 high
- CVE-2025-24987 high
- CVE-2025-24988 high
- CVE-2025-24991 high
- CVE-2025-24992 high
- CVE-2025-24993 high
- CVE-2025-24994 high
- CVE-2025-24995 high
- CVE-2025-24996 high
- CVE-2025-24997 warning
- CVE-2025-25008 high
- CVE-2025-26633 high
- CVE-2025-26634 unknown
- CVE-2025-26645 high
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!