Kaspersky Threats

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Windows Push Notifications Apps can be exploited remotely to gain privileges.
A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in GDI+ can be exploited remotely to execute arbitrary code.
An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Windows Kernel Transaction Manager can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Windows Hyper-V can be exploited remotely to gain privileges.
An information disclosure vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to obtain sensitive information.
An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
A remote code execution vulnerability in Microsoft Message Queuing (MSMQ) can be exploited remotely to execute arbitrary code.
An elevation of privilege vulnerability in Remote Access Point-to-Point Protocol (PPP) EAP-TLS can be exploited remotely to gain privileges.
A spoofing vulnerability in Microsoft Windows File Explorer can be exploited remotely to spoof user interface.
An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver can be exploited remotely to gain privileges.
An information disclosure vulnerability in NT OS Kernel can be exploited remotely to obtain sensitive information.
An elevation of privilege vulnerability in Desktop Windows Manager can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Windows NTLM can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in DirectX Graphics Kernel can be exploited remotely to gain privileges.
A denial of service vulnerability in Windows Remote Desktop Services can be exploited remotely to cause denial of service.
An information disclosure vulnerability in Windows NTFS can be exploited remotely to obtain sensitive information.
An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
A remote code execution vulnerability in Desktop Windows Manager can be exploited remotely to execute arbitrary code.
An information disclosure vulnerability in Windows Distributed Transaction Coordinator (MSDTC) can be exploited remotely to obtain sensitive information.
An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges.
A tampering vulnerability in Microsoft Exchange Server can be exploited remotely to spoof user interface.
An elevation of privilege vulnerability in Microsoft Brokering File System can be exploited remotely to gain privileges.
A spoofing vulnerability in Microsoft Exchange Server can be exploited remotely to spoof user interface.
A remote code execution vulnerability in Windows Media can be exploited remotely to execute arbitrary code.
An elevation of privilege vulnerability in Windows Connected Devices Platform Service can be exploited remotely to gain privileges.
A spoofing vulnerability in Remote Desktop can be exploited remotely to spoof user interface.
An elevation of privilege vulnerability in Windows StateRepository API Server file can be exploited remotely to gain privileges.
A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.
A remote code execution vulnerability in DirectX Graphics Kernel can be exploited remotely to execute arbitrary code.
An elevation of privilege vulnerability in Microsoft Exchange Server Hybrid Deployment can be exploited remotely to gain privileges.
An information disclosure vulnerability in Microsoft Exchange Server can be exploited remotely to obtain sensitive information.
A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
A denial of service vulnerability in Local Security Authority Subsystem Service (LSASS) can be exploited remotely to cause denial of service.
A denial of service vulnerability in DirectX Graphics Kernel can be exploited remotely to cause denial of service.

Первичный источник обнаружения

CVE-2025-50173
CVE-2025-50155
CVE-2025-50160
CVE-2025-53766
CVE-2025-49757
CVE-2025-53725
CVE-2025-49762
CVE-2025-53140
CVE-2025-53155
CVE-2025-53137
CVE-2025-53138
CVE-2025-53132
CVE-2025-50177
CVE-2025-53134
CVE-2025-53724
CVE-2025-53154
CVE-2025-53153
CVE-2025-50162
CVE-2025-50159
CVE-2025-50154
CVE-2025-53143
CVE-2025-49761
CVE-2025-53149
CVE-2025-53136
CVE-2025-50163
CVE-2025-53144
CVE-2025-53719
CVE-2025-50153
CVE-2025-53723
CVE-2025-53778
CVE-2025-53145
CVE-2025-50156
CVE-2025-53726
CVE-2025-53135
CVE-2025-53720
CVE-2025-50164
CVE-2025-53148
CVE-2025-53722
CVE-2025-50161
CVE-2025-50158
CVE-2025-49743
CVE-2025-53152
CVE-2025-53718
CVE-2025-50167
CVE-2025-50157
CVE-2025-53147
CVE-2025-50166
CVE-2025-53141
CVE-2025-50170
CVE-2025-25005
CVE-2025-53142
CVE-2025-25007
CVE-2025-53131
CVE-2025-53721
CVE-2025-50171
CVE-2025-53789
CVE-2025-53151
CVE-2025-49751
CVE-2025-25006
CVE-2025-50176
CVE-2025-53786
CVE-2025-33051
CVE-2025-48807
CVE-2025-53716
CVE-2025-50172
CVE-2025-50168

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

CVE-2025-53786
critical
CVE-2025-25006
high
CVE-2025-33051
critical
CVE-2025-25007
high
CVE-2025-25005
high
CVE-2025-50173
critical
CVE-2025-50155
critical
CVE-2025-50160
critical
CVE-2025-53766
critical
CVE-2025-49757
critical
CVE-2025-53725
critical
CVE-2025-49762
high
CVE-2025-53140
high
CVE-2025-53155
critical
CVE-2025-53137
high
CVE-2025-53138
high
CVE-2025-53132
critical
CVE-2025-50177
critical
CVE-2025-53134
high
CVE-2025-53724
critical
CVE-2025-53154
critical
CVE-2025-53153
high
CVE-2025-50162
critical
CVE-2025-50159
high
CVE-2025-50154
high
CVE-2025-53143
critical
CVE-2025-49761
critical
CVE-2025-53149
critical
CVE-2025-53136
high
CVE-2025-50163
critical
CVE-2025-53144
critical
CVE-2025-53719
high
CVE-2025-50153
critical
CVE-2025-53723
critical
CVE-2025-53778
critical
CVE-2025-53145
critical
CVE-2025-50156
high
CVE-2025-53726
critical
CVE-2025-53135
high
CVE-2025-53720
critical
CVE-2025-50164
critical
CVE-2025-53148
high
CVE-2025-53722
critical
CVE-2025-50161
high
CVE-2025-50158
high
CVE-2025-49743
high
CVE-2025-53152
critical
CVE-2025-53718
high
CVE-2025-50167
high
CVE-2025-50157
high
CVE-2025-53147
high
CVE-2025-50166
high
CVE-2025-53141
critical
CVE-2025-53716
high
CVE-2025-49751
high
CVE-2025-53789
critical
CVE-2025-53151
critical
CVE-2025-53131
critical
CVE-2025-50170
critical
CVE-2025-53142
high
CVE-2025-50176
critical
CVE-2025-50168
critical
CVE-2025-50171
critical
CVE-2025-48807
high
CVE-2025-50172
high
CVE-2025-53721
high

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!