|
2024-08-08
|
CVE-2024-21302
|
Summary:
As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this vulnerability.
An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability...
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_21h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-21197
|
Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-21205
|
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-21221
|
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-26641
|
Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-26648
|
Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-26663
|
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-27737
|
Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-27733
|
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-27735
|
Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|