This report contains detail for the following vulnerabilities:
CVE Issued by | Tag | CVE ID | CVE Title |
---|---|---|---|
Microsoft | .NET | CVE-2025-21171 | .NET Remote Code Execution Vulnerability |
Microsoft | .NET | CVE-2025-21173 | .NET Elevation of Privilege Vulnerability |
Microsoft | .NET and Visual Studio | CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability |
Microsoft | .NET, .NET Framework, Visual Studio | CVE-2025-21176 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
Microsoft | Active Directory Domain Services | CVE-2025-21293 | Active Directory Domain Services Elevation of Privilege Vulnerability |
Microsoft | Active Directory Federation Services | CVE-2025-21193 | Active Directory Federation Server Spoofing Vulnerability |
Microsoft | Azure Marketplace SaaS Resources | CVE-2025-21380 | Azure Marketplace SaaS Resources Information Disclosure Vulnerability |
Microsoft | BranchCache | CVE-2025-21296 | BranchCache Remote Code Execution Vulnerability |
Microsoft | Internet Explorer | CVE-2025-21326 | Internet Explorer Remote Code Execution Vulnerability |
Microsoft | IP Helper | CVE-2025-21231 | IP Helper Denial of Service Vulnerability |
Microsoft | Line Printer Daemon Service (LPD) | CVE-2025-21224 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability |
secalert@redhat.com | Mariner | CVE-2023-40550 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-3727 | Unknown |
cve@mitre.org | Mariner | CVE-2017-17522 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-35786 | Unknown |
secure@intel.com | Mariner | CVE-2019-14584 | Unknown |
security@hashicorp.com | Mariner | CVE-2024-6104 | Unknown |
cve@mitre.org | Mariner | CVE-2019-20907 | Unknown |
security@apache.org | Mariner | CVE-2024-52338 | Unknown |
cve@mitre.org | Mariner | CVE-2007-4559 | Unknown |
security@golang.org | Mariner | CVE-2023-45288 | Unknown |
cve@mitre.org | Mariner | CVE-2017-18207 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-40548 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-40549 | Unknown |
secalert@redhat.com | Mariner | CVE-2021-20286 | Unknown |
security@golang.org | Mariner | CVE-2022-32149 | Unknown |
cve@mitre.org | Mariner | CVE-2019-9674 | Unknown |
secalert@redhat.com | Mariner | CVE-2019-3816 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46758 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-35795 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46757 | Unknown |
cve@mitre.org | Mariner | CVE-2024-53580 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-9355 | Unknown |
cve@kernel.org | Mariner | CVE-2024-26929 | Unknown |
cna@python.org | Mariner | CVE-2024-11168 | Unknown |
cna@python.org | Mariner | CVE-2024-12254 | Unknown |
secalert@redhat.com | Mariner | CVE-2022-32746 | Unknown |
secalert@redhat.com | Mariner | CVE-2021-20277 | Unknown |
secalert@redhat.com | Mariner | CVE-2019-3833 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-49967 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2024-46756 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-10041 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-45310 | Unknown |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Mariner | CVE-2023-52663 | Unknown |
security@golang.org | Mariner | CVE-2024-45337 | Unknown |
security@golang.org | Mariner | CVE-2024-45338 | Unknown |
cve@mitre.org | Mariner | CVE-2024-37535 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-32020 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-32465 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-10963 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-34062 | Unknown |
report@snyk.io | Mariner | CVE-2021-23336 | Unknown |
security-advisories@github.com | Mariner | CVE-2024-32021 | Unknown |
secalert@redhat.com | Mariner | CVE-2024-7383 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-1393 | Unknown |
secalert@redhat.com | Mariner | CVE-2020-27840 | Unknown |
security@ubuntu.com | Mariner | CVE-2022-28737 | Unknown |
cve@mitre.org | Mariner | CVE-2022-40898 | Unknown |
secalert@redhat.com | Mariner | CVE-2023-40546 | Unknown |
Microsoft | Microsoft AutoUpdate (MAU) | CVE-2025-21360 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
Microsoft | Microsoft Azure Gateway Manager | CVE-2025-21403 | On-Premises Data Gateway Information Disclosure Vulnerability |
Microsoft | Microsoft Brokering File System | CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
Microsoft | Microsoft Brokering File System | CVE-2025-21372 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
Microsoft | Microsoft Digest Authentication | CVE-2025-21294 | Microsoft Digest Authentication Remote Code Execution Vulnerability |
Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0291 | Chromium: CVE-2025-0291 Type Confusion in V8 |
Microsoft | Microsoft Graphics Component | CVE-2025-21382 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft | Microsoft Office | CVE-2025-21346 | Microsoft Office Security Feature Bypass Vulnerability |
Microsoft | Microsoft Office | CVE-2025-21365 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Access | CVE-2025-21186 | Microsoft Access Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Access | CVE-2025-21366 | Microsoft Access Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Access | CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Excel | CVE-2025-21364 | Microsoft Excel Security Feature Bypass Vulnerability |
Microsoft | Microsoft Office Excel | CVE-2025-21362 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Excel | CVE-2025-21354 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft | Microsoft Office OneNote | CVE-2025-21402 | Microsoft Office OneNote Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Outlook | CVE-2025-21357 | Microsoft Outlook Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Outlook for Mac | CVE-2025-21361 | Microsoft Outlook Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2025-21393 | Microsoft SharePoint Server Spoofing Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2025-21344 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2025-21348 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Visio | CVE-2025-21345 | Microsoft Office Visio Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Visio | CVE-2025-21356 | Microsoft Office Visio Remote Code Execution Vulnerability |
Microsoft | Microsoft Office Word | CVE-2025-21363 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft | Microsoft Purview | CVE-2025-21385 | Microsoft Purview Information Disclosure Vulnerability |
Microsoft | Microsoft Windows Search Component | CVE-2025-21292 | Windows Search Service Elevation of Privilege Vulnerability |
Microsoft | Power Automate | CVE-2025-21187 | Microsoft Power Automate Remote Code Execution Vulnerability |
Microsoft | Reliable Multicast Transport Driver (RMCAST) | CVE-2025-21307 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
GitHub | Visual Studio | CVE-2024-50338 | GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager |
Microsoft | Visual Studio | CVE-2025-21405 | Visual Studio Elevation of Privilege Vulnerability |
Microsoft | Visual Studio | CVE-2025-21178 | Visual Studio Remote Code Execution Vulnerability |
Microsoft | Windows BitLocker | CVE-2025-21213 | Secure Boot Security Feature Bypass Vulnerability |
Microsoft | Windows BitLocker | CVE-2025-21214 | Windows BitLocker Information Disclosure Vulnerability |
Microsoft | Windows Boot Loader | CVE-2025-21211 | Secure Boot Security Feature Bypass Vulnerability |
Microsoft | Windows Boot Manager | CVE-2025-21215 | Secure Boot Security Feature Bypass Vulnerability |
Microsoft | Windows Client-Side Caching (CSC) Service | CVE-2025-21374 | Windows CSC Service Information Disclosure Vulnerability |
Microsoft | Windows Client-Side Caching (CSC) Service | CVE-2025-21378 | Windows CSC Service Elevation of Privilege Vulnerability |
Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2025-21271 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Microsoft | Windows COM | CVE-2025-21288 | Windows COM Server Information Disclosure Vulnerability |
Microsoft | Windows COM | CVE-2025-21272 | Windows COM Server Information Disclosure Vulnerability |
Microsoft | Windows COM | CVE-2025-21281 | Microsoft COM for Windows Elevation of Privilege Vulnerability |
Microsoft | Windows Connected Devices Platform Service | CVE-2025-21207 | Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability |
Microsoft | Windows Cryptographic Services | CVE-2025-21336 | Windows Cryptographic Information Disclosure Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21258 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21255 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21229 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21249 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21310 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21324 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21327 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21341 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21263 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21260 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21232 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21228 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21265 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21226 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21227 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21261 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Digital Media | CVE-2025-21256 | Windows Digital Media Elevation of Privilege Vulnerability |
Microsoft | Windows Direct Show | CVE-2025-21291 | Windows Direct Show Remote Code Execution Vulnerability |
Microsoft | Windows DWM Core Library | CVE-2025-21304 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
Microsoft | Windows Event Tracing | CVE-2025-21274 | Windows Event Tracing Denial of Service Vulnerability |
Microsoft | Windows Geolocation Service | CVE-2025-21301 | Windows Geolocation Service Information Disclosure Vulnerability |
Microsoft | Windows Hello | CVE-2025-21340 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability |
Microsoft | Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21333 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
Microsoft | Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21334 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
Microsoft | Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
Microsoft | Windows Installer | CVE-2025-21287 | Windows Installer Elevation of Privilege Vulnerability |
Microsoft | Windows Installer | CVE-2025-21275 | Windows App Package Installer Elevation of Privilege Vulnerability |
Microsoft | Windows Installer | CVE-2025-21331 | Windows Installer Elevation of Privilege Vulnerability |
Microsoft | Windows Kerberos | CVE-2025-21218 | Windows Kerberos Denial of Service Vulnerability |
Microsoft | Windows Kerberos | CVE-2025-21299 | Windows Kerberos Security Feature Bypass Vulnerability |
Microsoft | Windows Kerberos | CVE-2025-21242 | Windows Kerberos Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21323 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21316 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21318 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21319 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21320 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21321 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows Kernel Memory | CVE-2025-21317 | Windows Kernel Memory Information Disclosure Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21328 | MapUrlToZone Security Feature Bypass Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21276 | Windows MapUrlToZone Denial of Service Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21329 | MapUrlToZone Security Feature Bypass Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21189 | MapUrlToZone Security Feature Bypass Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21269 | Windows HTML Platforms Security Feature Bypass Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21268 | MapUrlToZone Security Feature Bypass Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21332 | MapUrlToZone Security Feature Bypass Vulnerability |
Microsoft | Windows MapUrlToZone | CVE-2025-21219 | MapUrlToZone Security Feature Bypass Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21270 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21289 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21251 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21285 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21290 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21230 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21277 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
Microsoft | Windows Message Queuing | CVE-2025-21220 | Microsoft Message Queuing Information Disclosure Vulnerability |
Microsoft | Windows NTLM | CVE-2025-21217 | Windows NTLM Spoofing Vulnerability |
Microsoft | Windows NTLM | CVE-2025-21311 | Windows NTLM V1 Elevation of Privilege Vulnerability |
Microsoft | Windows OLE | CVE-2025-21298 | Windows OLE Remote Code Execution Vulnerability |
Microsoft | Windows PrintWorkflowUserSvc | CVE-2025-21235 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
Microsoft | Windows PrintWorkflowUserSvc | CVE-2025-21234 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
Microsoft | Windows Recovery Environment Agent | CVE-2025-21202 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2025-21297 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2025-21330 | Windows Remote Desktop Services Denial of Service Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2025-21225 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
Microsoft | Windows Remote Desktop Services | CVE-2025-21278 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
CERT CC | Windows Secure Boot | CVE-2024-7344 | Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass |
Microsoft | Windows Security Account Manager | CVE-2025-21313 | Windows Security Account Manager (SAM) Denial of Service Vulnerability |
Microsoft | Windows Smart Card | CVE-2025-21312 | Windows Smart Card Reader Information Disclosure Vulnerability |
Microsoft | Windows SmartScreen | CVE-2025-21314 | Windows SmartScreen Spoofing Vulnerability |
Microsoft | Windows SPNEGO Extended Negotiation | CVE-2025-21295 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21241 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21243 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21237 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21239 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21244 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21238 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21252 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21248 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21240 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21413 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21286 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21305 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21411 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21246 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21250 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21236 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21233 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21417 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21273 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21266 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21303 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21282 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21302 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21306 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21223 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21409 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21339 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Telephony Service | CVE-2025-21245 | Windows Telephony Service Remote Code Execution Vulnerability |
Microsoft | Windows Themes | CVE-2025-21308 | Windows Themes Spoofing Vulnerability |
Microsoft | Windows UPnP Device Host | CVE-2025-21300 | Windows upnphost.dll Denial of Service Vulnerability |
Microsoft | Windows UPnP Device Host | CVE-2025-21389 | Windows upnphost.dll Denial of Service Vulnerability |
Microsoft | Windows Virtual Trusted Platform Module | CVE-2025-21210 | Windows BitLocker Information Disclosure Vulnerability |
Microsoft | Windows Virtual Trusted Platform Module | CVE-2025-21280 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
Microsoft | Windows Virtual Trusted Platform Module | CVE-2025-21284 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
Microsoft | Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-21370 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
Microsoft | Windows Web Threat Defense User Service | CVE-2025-21343 | Windows Web Threat Defense User Service Information Disclosure Vulnerability |
Microsoft | Windows Win32K - GRFX | CVE-2025-21338 | GDI+ Remote Code Execution Vulnerability |
Microsoft | Windows WLAN Auto Config Service | CVE-2025-21257 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-50338
MITRE NVD Issuing CNA: GitHub |
CVE Title: GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
CVSS: CVSS:3.1 Highest BaseScore:7.4/TemporalScore:6.4
Executive Summary: None FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-50338 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
15.9.69 | Maybe | None |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.11.43 | Maybe | None |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-50338 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21411
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21411 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21411 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21413
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21413 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21413 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21171
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that a user trigger the payload in the application. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21171 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
.NET 9.0 installed on Linux | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
.NET 9.0 installed on Mac OS | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
.NET 9.0 installed on Windows | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2025-21171 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21210
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows BitLocker Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.2/TemporalScore:3.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of unencrypted hibernation images in cleartext. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an attacker needs repeated physical access to the victim machine's hard disk. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21210 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21210 | Maxim Suhanov with CICADA8 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21214
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows BitLocker Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.2/TemporalScore:3.7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Bitlocker Key. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts by swapping virtual hard disks. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21214 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21214 | Maxim Suhanov with CICADA8 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21215
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:4.6/TemporalScore:4.0
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit the vulnerability and save an invalid state to a database or trigger other unintended actions. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21215 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21215 | Maxim Suhanov with CICADA8 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21233
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21233 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21233 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21234
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to AppContainer isolation and Mandatory Integrity Control for more information. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21234 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21234 | Jongseong Kim (nevul37) with Ajou University & ENKI WhiteHat |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21235
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to AppContainer isolation and Mandatory Integrity Control for more information. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21235 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21235 | Jongseong Kim (nevul37) with Ajou University & ENKI WhiteHat |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21236
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21236 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21236 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21237
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21237 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21237 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21239
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21239 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21239 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21241
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21241 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21241 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21242
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kerberos Information Disclosure Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.2
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21242 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | 5049983 |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | 5049984 |
Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
CVE ID | Acknowledgements |
CVE-2025-21242 | Asna Farooqui |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2025-21243
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14-Jan-25     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2025-21243 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | 5050008 |
Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | 5049981 |
Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | 5050021 |
Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | 5050021 |
Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | 5050009 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | 5050063 5050061 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |