Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions, execute arbitrary code, read local files, cause denial of service.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in DirectX Graphics Kernel can be exploited remotely to gain privileges.
2. An elevation of privilege vulnerability in Customer Experience Improvement Program (CEIP) can be exploited remotely to gain privileges.
3. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
4. An elevation of privilege vulnerability in Microsoft Streaming Service Proxy can be exploited remotely to gain privileges.
5. An information disclosure vulnerability in Windows Bluetooth RFCOM Protocol Driver can be exploited remotely to obtain sensitive information.
6. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
7. An elevation of privilege vulnerability in Windows Remote Desktop Services can be exploited remotely to gain privileges.
8. A remote code execution vulnerability in GDI+ can be exploited remotely to execute arbitrary code.
9. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
10. A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
11. A denial of service vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to cause denial of service.
12. An elevation of privilege vulnerability in Windows Client-Side Caching can be exploited remotely to gain privileges.
13. An elevation of privilege vulnerability in Windows Transport Driver Interface (TDI) Translation Driver can be exploited remotely to gain privileges.
14. An elevation of privilege vulnerability in Windows Smart Card Reader can be exploited remotely to gain privileges.
15. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.

Первичный источник обнаружения

• CVE-2025-59506
  CVE-2025-59512
  CVE-2025-60709
  CVE-2025-59514
  CVE-2025-59513
  CVE-2025-62213
  CVE-2025-60703
  CVE-2025-60724
  CVE-2025-60704
  CVE-2025-60715
  CVE-2025-59510
  CVE-2025-60705
  CVE-2025-62217
  CVE-2025-60720
  CVE-2025-59505
  CVE-2025-60714
  CVE-2025-62452
  CVE-2025-60719
  

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-Server-2008

Список CVE

• CVE-2025-59505
  critical
• CVE-2025-59506
  high
• CVE-2025-59510
  high
• CVE-2025-59512
  critical
• CVE-2025-59513
  high
• CVE-2025-59514
  critical
• CVE-2025-60703
  critical
• CVE-2025-60704
  critical
• CVE-2025-60705
  critical
• CVE-2025-60709
  critical
• CVE-2025-60714
  critical
• CVE-2025-60715
  critical
• CVE-2025-60719
  high
• CVE-2025-60720
  critical
• CVE-2025-60724
  critical
• CVE-2025-62213
  high
• CVE-2025-62217
  high
• CVE-2025-62452
  critical

Список KB

• 5068909
• 5068906
• 5068904
• 5068907
• 5068908
• 5068905

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com