Microsoft is publishing 172 new vulnerabilities today. Microsoft is aware of public disclosure for just two of the vulnerabilities published today, and claims no evidence of in-the-wild exploitation. Today sees six zero-day vulnerabilities patched, but only a single one is evaluated as critical severity. Microsoft is aware of public disclosure in three cases, and exploitation in the wild in the remaining three. Today’s release includes the publication of five further critical remote code execution (RCE) vulnerabilities, although Microsoft expects that only one is likely to see exploitation. 14 browser vulnerabilities and a significant array of fixes for Azure Linux (aka Mariner) have already been published separately this month, and are not included in the total. Alongside older versions of Exchange and Office, the behemoth that is Windows 10 receives its final security patches today, although there are some exceptions.
TPM 2.0: zero-day information disclosure
When the Trusted Computing Group (TCG) consortium’s TPM 2.0 reference implementation contains a flaw, under normal circumstances that flaw is likely to be replicated in the downstream implementation by each manufacturer. That is the case with CVE-2025-2884, an information disclosure vulnerability which Microsoft is treating as a zero day despite the curious circumstance that Microsoft is a founder member of TCG, and thus presumably privy to the discovery before its publication. Windows 11 and newer versions of Windows Server receive patches. In place of patches, admins for older Windows products such as Windows 10 and Server 2019 receive another implicit reminder that Microsoft would strongly prefer that everyone upgrade.
Remote Access Connection Manager: zero-day EoP
Local elevation of privilege (EoP) is always attractive to an attacker, since even if it doesn’t get them where they need to be, it can provide an important link in the chain. Microsoft is already aware of exploitation in the wild for CVE-2025-59230, a vulnerability in the Windows Remote Access Connection Manager. With no user interaction required, this will go straight into an attacker’s standard toolkit. There’s very little information in the advisory itself, but someone out there knows exactly how to exploit this vulnerability. Credit where credit is due: Microsoft detected the exploitation, and now we have patches for all supported versions of Windows.
Agere fax modem driver: pair of zero-day EoP
Are you a doctor, a lawyer, or a hipster? If so, you might be one of the holdouts who still feels the need to connect a fax machine to a computer, and you should brace yourself for some bad news, then some good news, and then some more bad news. For starters, Microsoft has published two zero-day vulnerabilities in the Agere Modem driver: CVE-2025-24052, which is publicly disclosed, and CVE-2025-24990, which has already been exploited in the wild. The vulnerable driver ships with every version of Windows, up to and including Server 2025. Maybe your fax modem uses a different chipset, and so you don’t need the Agere driver? Perhaps you’ve simply discovered email? Tough luck. Your PC is still vulnerable, and a local attacker with a minimally privileged account can elevate to administrator. The good news is that Microsoft is patching both of these vulnerabilities today. The sting in the tail is that they’re fixing the glitch by removing the vulnerable driver altogether, so if you are still using a fax modem with an Agere chipset, no fax for you!
IGEL OS: UEFI zero-day
If you don’t run thin clients targeting Windows environments, you might be unaware of the existence of IGEL OS, but today’s publication of the advisory for CVE-2025-47827 — which is a zero-day vulnerability — may put it on the radar a little more widely. Successful exploitation abuses overly lax cryptographic verification of root filesystem, and allows bypass of Secure Boot. Microsoft is aware of exploitation in the wild, and is offering patches for the usual array of Windows products.
The advisory doesn’t explain what the Windows patches are protecting against when the flaw is in IGEL OS itself. However, the write-up by the original discoverer contains a significant amount of interesting backstory, and we can infer that the Windows patches will include additions to the UEFI revocation list, theoretically rendering a specific asset immune to this attack.
AMD: zero-day information disclosure
Every so often, a processor vulnerability gets some attention. When they are included in a set of Patch Tuesday vulns, processor vulnerabilities tend to march to the beat of their own drummer, since Microsoft likely has very little control over how or when these are announced. AMD published CVE-2025-0033 yesterday, and Microsoft has responded with their own advisory today. The flaw affects only fairly recent AMD EPYC processors, which are more likely to be found in a cloud data centre than they are in a metal box underneath your desk.
This is technically a zero-day vulnerability, since Microsoft is acknowledging that at least some products are affected, and there’s no patch yet. Specifically, Microsoft acknowledges that patches are needed for several variants of Azure Confidential Compute VM, and that they are working towards providing those patches. There isn’t anything much to do here yet from a Windows administration perspective, since AMD’s advisory understandably addresses only the underlying hardware, and Microsoft hasn’t said anything yet about any possible impact on Windows itself.
Windows Server Update Service: critical pre-auth RCE
The Windows Server Update Service (WSUS) provides admins with some very handy features. You can download updates from Microsoft once, and then redistribute them locally. It also allows scheduling of deployments to minimize impact on business activities, as well as centralized monitoring of updates. What’s not to love, right? Answer: CVE-2025-59287, a critical RCE which allows an attacker to execute code remotely. Although Microsoft isn’t currently claiming knowledge of disclosure or exploitation in the wild, they do consider exploitation more likely. Although the advisory doesn’t explicitly mark this one out as a pre-authentication RCE, the CVSS v3 base score of 9.8 tells an alarming story: a network attack vector, no privileges required, and low attack complexity. Patches are available for all versions of Windows Server. Taking all that into account, along with the Acknowledgements section of the advisory, a good time to apply these patches is right meow.
Microsoft lifecycle update
Today marks the end of an era, sort of. As Rapid7 has previously noted, today marks the end of support for non-LTSC versions of Windows 10. Of course, there’s a lot of nuance here. First, let’s address Windows 10 Long Term Support Channel (LTSC) installations, which are Microsoft’s way of providing risk-averse enterprise customers with the same exact OS almost indefinitely. An LTSC installation never has to worry about huge feature updates, but instead receives only security patches.
All versions of Windows 10 LTSC will continue to receive security updates for quite some time, with the exception of Windows 10 Enterprise LTSC 2015, which is now too old even for Microsoft to support. Still, that’s been an extra eight-and-a-half years of security updates vs. the equivalent non-LTSC version of Windows 10. When you’re relying on Windows 10 for the safe operation of an MRI scanner or a critical industrial control system at a steel plant, stability is key. A frank discussion of whether or not Windows is the optimal choice in these scenarios is beyond the scope of this analysis. Regular LTSC runs until 2027, whereas IoT Enterprise LTSC 2021 is scheduled to limp onwards all the way until January 2032.
It’s likely that Microsoft’s Extended Security Update (ESU) offering will be much more widely discussed in the coming weeks than is typical. Via the ESU program, Microsoft offers further security updates for software which has moved past the end of support. It is generally a paid “cash for updates” service, although consumers in the European Union can take advantage of Microsoft’s offer of one free year of ESU for Windows 10 Home or Professional. It may well be a coincidence that Microsoft has extended this generous offer only to consumers in a large jurisdiction with strong consumer rights. Users without spare cash or an EU home address can consider syncing their PC settings to OneDrive — make sure to enable multi-factor authentication on your Microsoft account if you do this — or spending 1000 Microsoft Rewards points, if you know what those are and have some to spare.
Microsoft, of course, has been pushing us all to upgrade to Windows 11 for a long time, but this leaves some people out in the cold. Windows 10 users without the cash to upgrade to Windows 11-compatible PC hardware or the IT situational awareness to realize that they are now at increased risk of compromise will now drift further and further away from a solid security stance. Not for the first time, the most vulnerable users with the fewest resources will end up in the most precarious situation.
Also receiving their final guaranteed patches today: Office 2016 and Office 2019. Another significant change: both Exchange 2016 and Exchange 2019 are now entirely replaced by Exchange Server Subscription Edition. A huge amount of lifecycle change today, and one which Microsoft has been building towards for many years now. The full impact may not become clear for a while, especially the retirement of Windows 10.
Summary charts
Summary tables
Apps vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability | No | No | 8.4 | |
Xbox Gaming Services Elevation of Privilege Vulnerability | No | No | 7.8 | |
M365 Copilot Spoofing Vulnerability | No | No | 6.5 | |
Copilot Spoofing Vulnerability | No | No | 6.5 | |
Copilot Spoofing Vulnerability | No | No | 6.5 |
Azure vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
Azure Entra ID Elevation of Privilege Vulnerability | No | No | 9.8 | |
Azure Entra ID Elevation of Privilege Vulnerability | No | No | 9.6 | |
Azure PlayFab Elevation of Privilege Vulnerability | No | No | 8.8 | |
Redis Enterprise Elevation of Privilege Vulnerability | No | No | 8.7 | |
Azure Monitor Log Analytics Spoofing Vulnerability | No | No | 8.7 | |
Confidential Azure Container Instances Elevation of Privilege Vulnerability | No | No | 8.2 | |
Azure Compute Gallery Elevation of Privilege Vulnerability | No | No | 8.2 | |
AMD CVE-2025-0033: RMP Corruption During SNP Initialization | No | Yes | 8.2 | |
Azure Monitor Agent Elevation of Privilege Vulnerability | No | No | 7.8 | |
Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability | No | No | 7.8 | |
Azure Monitor Agent Elevation of Privilege Vulnerability | No | No | 7 | |
Azure Connected Machine Agent Elevation of Privilege Vulnerability | No | No | 7 |
Browser vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
Chromium: CVE-2025-11460 Use after free in Storage | No | No | N/A | |
Chromium: CVE-2025-11458 Heap buffer overflow in Sync | No | No | N/A | |
Chromium: CVE-2025-11219 Use after free in V8 | No | No | N/A | |
Chromium: CVE-2025-11216 Inappropriate implementation in Storage | No | No | N/A | |
Chromium: CVE-2025-11215 Off by one error in V8 | No | No | N/A | |
Chromium: CVE-2025-11213 Inappropriate implementation in Omnibox | No | No | N/A | |
Chromium: CVE-2025-11212 Inappropriate implementation in Media | No | No | N/A | |
Chromium: CVE-2025-11211 Out of bounds read in Media | No | No | N/A | |
Chromium: CVE-2025-11210 Side-channel information leakage in Tab | No | No | N/A | |
Chromium: CVE-2025-11209 Inappropriate implementation in Omnibox | No | No | N/A | |
Chromium: CVE-2025-11208 Inappropriate implementation in Media | No | No | N/A | |
Chromium: CVE-2025-11207 Side-channel information leakage in Storage | No | No | N/A | |
Chromium: CVE-2025-11206 Heap buffer overflow in Video | No | No | N/A | |
Chromium: CVE-2025-11205 Heap buffer overflow in WebGPU | No | No | N/A |
Developer Tools vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
ASP.NET Security Feature Bypass Vulnerability | No | No | 9.9 | |
Visual Studio Elevation of Privilege Vulnerability | No | No | 7.3 | |
.NET Elevation of Privilege Vulnerability | No | No | 7.3 | |
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability | No | No | 4.8 | |
GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool | No | No | 4.4 |
Developer Tools ESU Windows vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
PowerShell Elevation of Privilege Vulnerability | No | No | 7.3 |
ESU Windows vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability | No | No | 9.8 | |
Windows URL Parsing Remote Code Execution Vulnerability | No | No | 8.8 | |
Remote Desktop Client Remote Code Execution Vulnerability | No | No | 8.8 | |
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Yes | No | 7.8 | |
Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Error Reporting Service Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Authentication Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Authentication Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Authentication Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Authentication Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Agere Modem Driver Elevation of Privilege Vulnerability | No | Yes | 7.8 | |
Windows Agere Modem Driver Elevation of Privilege Vulnerability | Yes | No | 7.8 | |
Network Connection Status Indicator (NCSI) Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows SMB Server Elevation of Privilege Vulnerability | No | No | 7.5 | |
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | No | No | 7.4 | |
Windows NTFS Elevation of Privilege Vulnerability | No | No | 7.4 | |
Windows MapUrlToZone Information Disclosure Vulnerability | No | No | 7.1 | |
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | No | No | 7 | |
Windows Remote Desktop Services Elevation of Privilege Vulnerability | No | No | 7 | |
Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7 | |
Windows COM+ Event System Service Elevation of Privilege Vulnerability | No | No | 7 | |
Remote Desktop Protocol Remote Code Execution Vulnerability | No | No | 7 | |
Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability | No | No | 7 | |
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability | No | No | 7 | |
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability | No | No | 7 | |
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability | No | No | 7 | |
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability | No | No | 7 | |
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability | No | No | 7 | |
DirectX Graphics Kernel Elevation of Privilege Vulnerability | No | No | 7 | |
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | No | 6.5 | |
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | No | No | 6.5 | |
Windows Local Session Manager (LSM) Denial of Service Vulnerability | No | No | 6.5 | |
Windows Local Session Manager (LSM) Denial of Service Vulnerability | No | No | 6.5 | |
NTLM Hash Disclosure Spoofing Vulnerability | No | No | 6.5 | |
NTLM Hash Disclosure Spoofing Vulnerability | No | No | 6.5 | |
Microsoft Windows File Explorer Spoofing Vulnerability | No | No | 6.5 | |
Microsoft Windows File Explorer Spoofing Vulnerability | No | No | 6.5 | |
Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability | No | No | 6.2 | |
Windows WLAN AutoConfig Service Information Disclosure Vulnerability | No | No | 5.5 | |
Windows Search Service Denial of Service Vulnerability | No | No | 5.5 | |
Windows Search Service Denial of Service Vulnerability | No | No | 5.5 | |
Windows Push Notification Information Disclosure Vulnerability | No | No | 5.5 | |
Windows Push Notification Information Disclosure Vulnerability | No | No | 5.5 | |
Microsoft Failover Cluster Information Disclosure Vulnerability | No | No | 5.5 | |
Windows Search Service Denial of Service Vulnerability | No | No | 5 | |
MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11 | Yes | No | 4.6 | |
MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability | No | No | 4 | |
Windows SMB Client Tampering Vulnerability | No | No | 3.1 |
Mariner Open Source Software vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
Redis Lua Use-After-Free may lead to remote code execution | No | No | 9.9 | |
Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG | No | No | 9.3 | |
Qemu-kvm: vnc websocket handshake use-after-free | No | No | 7.5 | |
Lua library commands may lead to integer overflow and potential RCE | No | No | 7 | |
Redis is vulnerable to DoS via specially crafted LUA scripts | No | No | 6.3 | |
Redis: Authenticated users can execute LUA scripts as a different user | No | No | 6 | |
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. | No | No | 4.5 | |
ZIP64 End of Central Directory (EOCD) Locator record offset not checked | No | No | 4.3 | |
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) | No | No | 3.6 | |
GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds | No | No | 3.3 | |
GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds | No | No | 3.3 | |
GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds | No | No | 3.3 | |
GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow | No | No | 3.3 | |
Uncontrolled recursion in Qt SVG module | No | No | N/A |
Microsoft Office vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
Microsoft SharePoint Remote Code Execution Vulnerability | No | No | 8.8 | |
Microsoft SharePoint Remote Code Execution Vulnerability | No | No | 8.8 | |
Microsoft Excel Remote Code Execution Vulnerability | No | No | 8.4 | |
Microsoft Word Remote Code Execution Vulnerability | No | No | 7.8 | |
Microsoft PowerPoint Remote Code Execution Vulnerability | No | No | 7.8 | |
Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.8 | |
Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | |
Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | |
Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | |
Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | |
Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | |
Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | |
Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | |
Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | |
Microsoft Excel Information Disclosure Vulnerability | No | No | 7.1 | |
Microsoft Excel Information Disclosure Vulnerability | No | No | 7.1 | |
Microsoft Word Remote Code Execution Vulnerability | No | No | 7 | |
Microsoft Office Denial of Service Vulnerability | No | No | 5.5 |
Open Source Software vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer | No | No | 9.8 | |
mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc() | No | No | 9.8 | |
ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer | No | No | 9.8 | |
e1000e: fix heap overflow in e1000_set_eeprom | No | No | 9.8 | |
can: j1939: implement NETDEV_UNREGISTER notification handler | No | No | 9.8 | |
wifi: wilc1000: avoid buffer overflow in WID string configuration | No | No | 7.8 | |
octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() | No | No | 7.8 | |
cnic: Fix use-after-free bugs in cnic_delete_task | No | No | 7.8 | |
tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). | No | No | 7.1 | |
net: phylink: add lock for serializing concurrent pl->phydev writes with resolver | No | No | 7.1 | |
i40e: remove read access to debugfs files | No | No | 7.1 | |
af_unix: Fix null-ptr-deref in unix_stream_sendpage(). | No | No | 7.1 | |
tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. | No | No | 6.6 | |
um: virtio_uml: Fix use-after-free after put_device in probe | No | No | 6.1 | |
dm-stripe: fix a possible integer overflow | No | No | 6.1 | |
iommu/amd/pgtbl: Fix possible race while increase page table level | No | No | 5.8 | |
Elasticsearch Insertion of sensitive information in log file | No | No | 5.7 | |
wifi: mwifiex: Initialize the chan_stats array to zero | No | No | 5.5 | |
tracing: Silence warning when chunk allocation fails in trace_pid_write | No | No | 5.5 | |
tls: make sure to abort the stream if headers are bogus | No | No | 5.5 | |
smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) | No | No | 5.5 | |
smb: client: let recv_done verify data_offset, data_length and remaining_data_length | No | No | 5.5 | |
smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path | No | No | 5.5 | |
sched: Fix sched_numa_find_nth_cpu() if mask offline | No | No | 5.5 | |
qed: Don't collect too many protection override GRC elements | No | No | 5.5 | |
pcmcia: Add error handling for add_interval() in do_validate_mem() | No | No | 5.5 | |
net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer | No | No | 5.5 | |
net/mlx5e: Harden uplink netdev access against device unbind | No | No | 5.5 | |
mm: /proc/pid/smaps_rollup: fix no vma's null-deref | No | No | 5.5 | |
mm/slub: avoid accessing metadata when pointer is invalid in object_err() | No | No | 5.5 | |
mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() | No | No | 5.5 | |
mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() | No | No | 5.5 | |
ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size | No | No | 5.5 | |
drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ | No | No | 5.5 | |
dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees | No | No | 5.5 | |
crypto: af_alg - Set merge to zero early in af_alg_sendmsg | No | No | 5.5 | |
cgroup: split cgroup_destroy_wq into 3 workqueues | No | No | 5.5 | |
ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed | No | No | 5.5 | |
Playwright Spoofing Vulnerability | No | No | 5.3 | |
ceph: fix race condition validating r_parent before applying state | No | No | 4.7 | |
wifi: mac80211: increase scan_ies_len for S1G | No | No | 4 | |
iommu/s390: Make attach succeed when the device was surprise removed | No | No | 4 | |
i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path | No | No | 3.3 |
SQL Server vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
JDBC Driver for SQL Server Spoofing Vulnerability | No | No | 8.1 |
Server Software vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
Microsoft Exchange Server Elevation of Privilege Vulnerability | No | No | 8.8 | |
Microsoft Exchange Server Elevation of Privilege Vulnerability | No | No | 8.4 | |
Microsoft Exchange Server Spoofing Vulnerability | No | No | 7.5 |
System Center vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
Configuration Manager Elevation of Privilege Vulnerability | No | No | 8.4 | |
Microsoft Defender for Linux Denial of Service Vulnerability | No | No | 7 | |
Configuration Manager Elevation of Privilege Vulnerability | No | No | 6.7 |
Windows vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
Microsoft Graphics Component Elevation of Privilege Vulnerability | No | No | 9.9 | |
Windows Speech Runtime Elevation of Privilege Vulnerability | No | No | 8.8 | |
Windows Speech Runtime Elevation of Privilege Vulnerability | No | No | 8.8 | |
Xbox IStorageService Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Network Driver Interface Specification Driver Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Hyper-V Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Health and Optimized Experiences Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Error Reporting Service Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Digital Media Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Digital Media Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Device Association Broker Service Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows DWM Core Library Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Cryptographic Services Information Disclosure Vulnerability | No | No | 7.8 | |
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Bluetooth Service Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Bluetooth Service Elevation of Privilege Vulnerability | No | No | 7.8 | |
Storport.sys Driver Elevation of Privilege Vulnerability | No | No | 7.8 | |
Software Protection Platform (SPP) Elevation of Privilege Vulnerability | No | No | 7.8 | |
NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability | No | No | 7.8 | |
Microsoft DWM Core Library Elevation of Privilege Vulnerability | No | No | 7.8 | |
Microsoft DWM Core Library Elevation of Privilege Vulnerability | No | No | 7.8 | |
Azure Local Elevation of Privilege Vulnerability | No | No | 7.8 | |
Windows Hello Security Feature Bypass Vulnerability | No | No | 7.7 | |
DirectX Graphics Kernel Denial of Service Vulnerability | No | No | 7.7 | |
Data Sharing Service Spoofing Vulnerability | No | No | 7.7 | |
Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability | No | No | 7.5 | |
Remote Procedure Call Denial of Service Vulnerability | No | No | 7.5 | |
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | No | No | 7.4 | |
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | No | No | 7.4 | |
Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.4 | |
Microsoft Brokering File System Elevation of Privilege Vulnerability | No | No | 7.4 | |
Microsoft Brokering File System Elevation of Privilege Vulnerability | No | No | 7.4 | |
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | No | No | 7 | |
Windows Remote Desktop Protocol Security Feature Bypass | No | No | 7 | |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | No | No | 7 | |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | No | No | 7 | |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | No | No | 7 | |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | No | No | 7 | |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | No | No | 7 | |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | No | No | 7 | |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | No | No | 7 | |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | No | No | 7 | |
Windows Management Services Elevation of Privilege Vulnerability | No | No | 7 | |
Windows Kernel Elevation of Privilege Vulnerability | No | No | 7 | |
Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7 | |
Windows Device Association Broker Service Elevation of Privilege Vulnerability | No | No | 7 | |
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | No | No | 7 | |
Windows Bluetooth Service Elevation of Privilege Vulnerability | No | No | 7 | |
Microsoft Graphics Component Denial of Service Vulnerability | No | No | 7 | |
MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder | No | No | 7 | |
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability | No | No | 7 | |
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability | No | No | 7 | |
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability | No | No | 7 | |
Desktop Windows Manager Elevation of Privilege Vulnerability | No | No | 7 | |
Windows Local Session Manager (LSM) Denial of Service Vulnerability | No | No | 6.5 | |
Virtual Secure Mode Spoofing Vulnerability | No | No | 6.3 | |
Windows Kernel Security Feature Bypass Vulnerability | No | No | 6.2 | |
Windows BitLocker Security Feature Bypass Vulnerability | No | No | 6.1 | |
Windows BitLocker Security Feature Bypass Vulnerability | No | No | 6.1 | |
Windows BitLocker Security Feature Bypass Vulnerability | No | No | 6.1 | |
Windows BitLocker Security Feature Bypass Vulnerability | No | No | 6.1 | |
Windows BitLocker Security Feature Bypass Vulnerability | No | No | 6.1 | |
Windows BitLocker Security Feature Bypass Vulnerability | No | No | 6.1 | |
Windows USB Video Class System Driver Information Disclosure Vulnerability | No | No | 5.5 | |
Windows Storage Management Provider Information Disclosure Vulnerability | No | No | 5.5 | |
Windows State Repository API Server File Information Disclosure Vulnerability | No | No | 5.5 | |
Windows Management Services Information Disclosure Vulnerability | No | No | 5.5 | |
Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | |
Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | |
Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | |
Windows ETL Channel Information Disclosure Vulnerability | No | No | 5.5 | |
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | No | No | 5.5 | |
Storage Spaces Direct Information Disclosure Vulnerability | No | No | 5.5 | |
Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability | No | No | 5.5 | |
Microsoft Failover Cluster Information Disclosure Vulnerability | No | No | 5.5 | |
Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation | No | Yes | 5.3 | |
Windows Kernel Information Disclosure Vulnerability | No | No | 5.1 | |
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | No | No | 4.7 | |
Windows NTLM Spoofing Vulnerability | No | No | 3.3 | |
Windows Taskbar Live Preview Information Disclosure Vulnerability | No | No | 2.1 |
Update history
- 2025-10-20: added Summary Tables.
